Job description / Role
About the Role
As head of data protection (acting DPO) you are directly reporting to the CDAO and part of his SLT owning the data privacy mandate as part of wider data transformation initiative for GEMS group.
As the Head of Data Privacy, you play a crucial role in ensuring the organization's compliance with privacy regulations, protecting individuals' personal information, and building trust with customers and stakeholders. You are responsible for developing and implementing privacy policies, managing privacy risks, and fostering a privacy-conscious culture across the organization.
- Data Privacy Strategy and Planning: Developing and implementing pragmatic short/medium and long term data privacy strategies aligned with GEMS's goals and more importantly maturity.
- Policy and Compliance: Developing, implementing, and maintaining privacy policies, standards, privacy notices and procedures to comply with applicable privacy regulations.
- Privacy Impact Assessments: Conducting data protection impact assessments (DPIAs) to identify privacy risks and recommend measures to mitigate those risks. Ensuring privacy considerations are incorporated into new projects, systems, and processes.
- Privacy by Design: Promoting privacy by design principles throughout the organization. Collaborating with product development, IT, and other teams to embed privacy controls and considerations into systems, processes, and projects from the outset.
- Privacy Audits and Assessments: Conducting privacy audits and assessments to evaluate compliance with privacy regulations and internal policies. Identifying gaps or weaknesses and recommending remediation actions to ensure ongoing compliance.
Data Subject Rights:
a. Managing processes to handle data subject rights requests, including rights to access, rectify, erase, restrict processing, data portability, and object to processing.
b. Oversight over parents complaints related to data privacy of children
c. Ensuring requests are handled promptly, accurately, and in compliance with privacy regulations
- Regulatory touch point: Serve as point of contact for data protection matters within the organization and act as a liaison with regulatory authorities regarding data protection issues.
- Privacy Incident Management: Establishing incident response processes and procedures to handle privacy breaches or incidents. This needs to happen with wider collaboration across CISO/IT areas.
- Privacy Governance: Embed privacy governance on newly setup data governance chain of command and in the stage gate delivery processes.
- Data Privacy Training and Awareness: Developing and delivering privacy training programs to educate employees on privacy policies, best practices, and their roles and responsibilities in protecting personal information. Raising privacy awareness across the organization. This needs to be embedded as part of wider Data Transformation initiative
Masters or Bachelor's Degree from a reputed university in relevant subjects
Minimum of 10+ years industry experience working in a data/information and privacy environment
Job-Specific Knowledge & Skills:
- 3 + Years experience in a Data Protection lead role. Experience of managing a small data privacy delivery function
- In-depth knowledge of data protection laws and regulations, such as PDPL/GDPR, and a strong understanding of privacy principles and best practices.
- Experience in developing and implementing data protection policies, procedures, and strategies within an organization.
- Ability to work independently, prioritize tasks, and manage multiple projects simultaneously.
- Be able to confidently liaise with Stakeholders.
- Excellent organizational, verbal, and written communication skills
About the Company
GEMS Education is a pioneering education company with an international network of award winning K-12 schools. Over the past 55 years GEMS has grown from one school to being a truly global company with one incredible mission â€“ to make quality education available to every student. Over 20,000 education professionals unlock the potential of over 250,000 students across 14 countries each and every day, preparing children of all ages for real world success.