About the Role
As head of data protection (acting DPO) you are directly reporting to the CDAO and part of his SLT owning the data privacy mandate as part of wider data transformation initiative for GEMS group.

As the Head of Data Privacy, you play a crucial role in ensuring the organization's compliance with privacy regulations, protecting individuals' personal information, and building trust with customers and stakeholders. You are responsible for developing and implementing privacy policies, managing privacy risks, and fostering a privacy-conscious culture across the organization.

KEY ACCOUNTABILITIES:
- Data Privacy Strategy and Planning: Developing and implementing pragmatic short/medium and long term data privacy strategies aligned with GEMS's goals and more importantly maturity.
- Policy and Compliance: Developing, implementing, and maintaining privacy policies, standards, privacy notices and procedures to comply with applicable privacy regulations.
- Privacy Impact Assessments: Conducting data protection impact assessments (DPIAs) to identify privacy risks and recommend measures to mitigate those risks. Ensuring privacy considerations are incorporated into new projects, systems, and processes.
- Privacy by Design: Promoting privacy by design principles throughout the organization. Collaborating with product development, IT, and other teams to embed privacy controls and considerations into systems, processes, and projects from the outset.
- Privacy Audits and Assessments: Conducting privacy audits and assessments to evaluate compliance with privacy regulations and internal policies. Identifying gaps or weaknesses and recommending remediation actions to ensure ongoing compliance.

Data Subject Rights:
a. Managing processes to handle data subject rights requests, including rights to access, rectify, erase, restrict processing, data portability, and object to processing.
b. Oversight over parents complaints related to data privacy of children
c. Ensuring requests are handled promptly, accurately, and in compliance with privacy regulations

- Regulatory touch point: Serve as point of contact for data protection matters within the organization and act as a liaison with regulatory authorities regarding data protection issues.
- Privacy Incident Management: Establishing incident response processes and procedures to handle privacy breaches or incidents. This needs to happen with wider collaboration across CISO/IT areas.
- Privacy Governance: Embed privacy governance on newly setup data governance chain of command and in the stage gate delivery processes.
- Data Privacy Training and Awareness: Developing and delivering privacy training programs to educate employees on privacy policies, best practices, and their roles and responsibilities in protecting personal information. Raising privacy awareness across the organization. This needs to be embedded as part of wider Data Transformation initiative