Position Title: Data Privacy Manager
Experience- 07+yrs
Position Location: Germany
Language requirement: Must be a German speaker
Position Overview:
Data Privacy Manager at Germany should have experience of 8-10 years in Data Privacy Role and ensure ongoing compliance with all privacy/data protection laws and regulations as applicable to entire client delivery environment across geographies both from a data controller and processor standpoint
Detailed Position Description:
About HCL’s Global Privacy Office
The Global Privacy Office (GPO) is part of the Risk and Compliance division within HCL. Risk and Compliance is committed to minimizing risk and maximizing performance through our comprehensive approach which enables functions in meeting expectations of our clients and provides transparency to our performance. We drive collaboration through teamwork with multiple stakeholders in various functions, allowing execution and implementation of cutting-edge platforms, tools and technologies that push previously known limits in risk management
The GPO has responsibility for advising and delivering a global privacy framework that complies with all applicable privacy laws and client contractual obligations. The GPO has implemented a privacy program that sets itself to the highest standard across our geographies and client locations and instilled a culture of privacy at HCL. The program was designed to comply with the General Data Protection Regulation (GDPR) and has since evolved to consider the ever-evolving privacy landscape. The program utilizes a principle-based approach and embeds privacy controls and client-specific industry requirements across HCL.
The GPO’s focus has been on building processes and policies to create a robust privacy program. In this endeavor, we need assistance with the ongoing operation of this program and embedding the framework across all areas of the organization.
Roles & Responsibilities
Ensure ongoing compliance with all privacy / data protection laws and regulations, as applicable to entire client delivery environment across geographies and both from a data controller and processor standpoint;
Monitor development(s) in the local legal landscape w.r.t. privacy / data protection laws and regulations;
Identify actionable for Global Privacy Office and client delivery team arising due to developments in applicable privacy laws and regulations in all geographies from where HCL will be servicing the client;
Formulate engagement-specific privacy policies and corresponding enabling-procedures to operate the privacy framework within the delivery environment;
Manage all the communications and interactions with local Data Protection Authorities especially Germany for all purposes. The interactions to include among other things, responsibilities to include registration of DPO with the authorities and notification of data processing activities, if need be;
Own and manage all privacy projects at both strategic and tactical levels;
Lead and manage strategic discussions with client teams, including but not limited to, client’s Privacy office;
Implement client’s and HCL’s privacy program before project 'go-live' and ensure "ground-level" implementation of the privacy controls - Ultimate goal: Privacy-by-Design;
Conduct HCL-led Privacy Risk Assessments (PRA) as per GPO’s PRA calendar and furthermore ensure client’s PIA/DPIA schedule is adhered;
Support Business Assurance team [Delivery Compliance Officer/Manager et al] in implementation and testing of corporate privacy baseline controls;
Own and manage all types of privacy inquiries and requests arising within client delivery environment, including but not limited to, Data Subject Access Request related activities, employee inquiries, Client's privacy assessments et al. Other activities would generally encompass coordination with all the internal stakeholders and external counsel, if need be;
Support any pre-sales activities such as client proposal, draft contract validation, client visit, et al, from a GPO standpoint;
Liaison with Cyber Security, information technology, contract closure group and any other stakeholder, as applicable;
End-to-end management of privacy incidents, data breaches et al occurring within client delivery environment, including but not limited to, interaction with Data Protection Authorities and/or data subjects.
Maintain adequate level of awareness about privacy laws and HCL privacy program, within entire delivery employee base. This will include, but will not be limited to, complete coverage of HCL’s internal Global Privacy and Data Protection Training program, performing training need analysis for resources and identifying privacy training programs as need be, conducting Privacy KnowledgeXchange sessions for the privacy champions from within client delivery engagement.
Experience / Qualification:
Minimum overall corporate experience of 12+ years and out of which minimum 8-10 years of experience directly related to data protection / data privacy;
Excellent understanding in fundamentals of data protection and an excellent command on regulatory frameworks prevalent in the region, which includes but is not limited to, GDPR;
Graduation in an advanced discipline, such as Law, Economics, Physics, Electronics, Computer Science, B.Tech./B .E./BCA.;
Experience of implementing and managing a Privacy program or a risk-based governance program in a multi-national and complex environment;
Ability to succeed in a complicated corporate system and navigate within a global environment;
Ability to deliver on a deadline and succeed in a challenging environment;
Confidence to execute complicated legal and/or business decisions with minimal amount of escalations;
CIPP/E certification is a mandatory.