Director, Data Privacy

Anywhere

Oversee the company’s data protection strategy and its implementation to ensure compliance with relevant data protection laws, such as the GDPR, CCPA, and other applicable regulations. Serve as the primary point of contact for all data protection and privacy matters within the organization, providing expert advice and monitoring compliance efforts.
Reports To:
VP, Corporate Quality / Corporate Data Protection Officer

Duties and Responsibilities:
Regulatory Compliance:

  • Ensure the company complies with relevant data protection laws and regulations (GDPR, CCPA, etc.).
  • Monitor data protection laws and recommend necessary organizational changes.

Policy Development:

  • Develop, implement, and maintain privacy policies and procedures.
  • Ensure privacy policies are up to date and reflect current regulatory requirements and industry best practices.

Data Protection Impact Assessments (DPIAs):

  • Conduct and oversee DPIAs for projects involving the processing of personal data.
  • Provide guidance on risk mitigation strategies for high-risk processing activities.

Training and Awareness:

  • Develop and deliver data privacy training programs for employees.
  • Promote a culture of data protection compliance across the organization.

Data Breach Management:

  • Establish and maintain an incident response plan for data breaches.
  • Investigate and respond to data breaches, ensuring timely notification to regulatory authorities and affected individuals as required.

Advisory Role:

  • Provide expert advice to senior management and staff on data protection and privacy matters.
  • Serve as the point of contact for data protection authorities and regulatory bodies.

Data Subject Rights:

  • Manage and respond to data subject requests (e.g., access, rectification, erasure).
  • Ensure the organization’s processes facilitate the exercise of data subject rights.

Third-Party Management:

  • Assess and ensure the data protection compliance of third-party vendors and service providers.
  • Negotiate data protection clauses in contracts with third parties.

Audits and Monitoring:

  • Conduct regular audits to ensure compliance with data protection policies and regulations.
  • Monitor data processing activities to ensure they align with privacy standards.

Record Keeping:

  • Maintain comprehensive records of all data processing activities conducted by the organization.
  • Ensure accurate documentation of data protection impact assessments and breach incidents.

Job Requirements:

  • Bachelor’s degree in law, Information Security, IT, or a related field; advanced degree preferred.
  • Professional certification in data protection/privacy (e.g., CIPP, CIPM, CIPT) is highly desirable.
  • Extensive knowledge of data protection laws and practices, including GDPR, CCPA, and other relevant regulations.
  • Proven experience in a data protection or privacy role, preferably in a similar industry.
  • Strong analytical and problem-solving skills.
  • Excellent communication and interpersonal skills, with the ability to articulate complex privacy concepts to non-experts.
  • Detail-oriented with a strong commitment to maintaining high ethical standards.
Scroll to Top