Harmonise the applicable privacy regulations across the globe including but not limited to CPRA, GDPR, PDPL etc, along with the regulations around Artificial Intelligence for compliances at Air India.
Assist on handling day-to-day privacy issues, such as data security incident responses, data protection agreement consultation, privacy complaints and resolution, subject access requests, management of regulatory notifications and International Data Transfers. Carry out mapping of personal data across the organization, build data flow diagrams, identify applicable privacy regulations, identify gaps and contribute towards building the data governance plan.
Conduct risk assessments such as Privacy Impact Assessment (PIA), Data Privacy Impact Assessment (DPIA), Transfer Impact Assessment (TIA), build Record of Processing (ROPA) etc as required under various record keeping obligations for the Organization.
Assist with the management of Data Subject Access Request (DSAR) from across the globe, queries from the external stakeholders including regulatory bodies, preparation of training material and development of policies.
Coordinate with the internal and external stakeholders ensure privacy compliance
Key Accountabilities
Development of the Privacy Framework:
Key stakeholder in the development and ongoing management of privacy program across geographies, including the Governance Framework, Policy set, compliance risks, compliance roadmap, training, retention, audit and reporting requirements. .
Assist in carrying out thedata mapping exercise and risk assessment for various process/ tools/ application and identification of the gaps.
Recommendation for the remediation of the gaps and implementation of the compliance program
Evaluation of the existing training material, policies, Third Party Risk Management Program(TPRM) and identification of the gaps thereto. TPRM shall include developing the framework for the assessment of the associated third parties with respect to their privacy practices, risk exposure and development of measures to mitigate the same.
Ensure building in PbD principles, management of DSAR, harmonisation of the key compliance requirements under various data protection laws.
Stakeholder Engagement and Communication:
Assist in organizing and facilitating meetings with key stakeholders, including internal teams and external partners.
Aid in the development of communication materials and presentations to convey strategic initiatives and progress updates to stakeholders.
Ensure accurate and up-to-date documentation of progress, milestones, and stakeholder communications for reference and future analysis.
Any other additional responsibility could be assigned to the role holder from time to time as a standalone project or regular work. The same would be suitably represented in the Primary responsibilities and agreed between the incumbent, reporting officer and HR.
Skills Required for the role
Strategic Visionary: Foresees the evolution of the global privacy landscape
Analytical Acumen: Synthesis the compliance requirement under various regulations.
Communication Proficiency: Crafts impactful messages.
Technological Acumen: Sufficient understanding of interface between Infosec measures and Privacy requirements.
Performance Monitor: Tracks strategic KPIs.
Key Performance Indicators
Operational Efficiency
Simplified privacy compliance
Timely Reporting
Ability to simplify complex subjects.
Strategic Impact
Raising awareness amongst the stakeholders
Stakeholder Engagement for building up the privacy program.
Financial Performance
Contribute to compliance thereby preventing penalties/punishments.
Key Interfaces
Internal Interfaces
Executive Leadership (Senior Management Team)
Collaborate closely with senior management to align strategic objectives and ensure support for initiatives. Provide regular updates on progress and challenges.
Cross-Functional Teams (Integration & Transformation, Corporate Planning & Strategy, Group Planning)
Work closely with these teams to identify priorities and track progress. Collaborate on assessments, analyses, and strategic planning initiatives under the Privacy framework
External Interfaces
DSAR Management
Timely response to the Data Subjects Request as received by the Organization
Educational and Experience Requirements
Minimum Education Requirement
Bachelor’s degree in law from a reputed Law College.
CIPPE/CIPM certification from IAPP would be preferred
Working capability on automation tools such as One Trust, Securtii, Big ID etc.
Minimum Requirement
Desired Requirement
Experience
3-5 yrs of relevant exp in building privacy framework for data centric organization, consulting or such other relevant experience.
Must have worked on implementation of ISO 27001 & 27701 standards,
Demonstrated experience in understanding of the privacy regulations along with their interface with the Information Technolog ideally gained in a services environment, or digital business.
Organization Context