The DPO position sits in a European team working predominantly out of France and Italy, and ensures data protection for the group. The role consists of 5 key areas, each with individual areas of focus, listed below;
Strategy and Governance
- Support the EL Group Privacy Officer in designing the strategic plan and implementing the personal data global group strategy within GV’s affiliates over the world, including LGPD, EU GDPR and also other privacy laws;
- Support the Group DPO in coordinating the Governance Bodies in the Personal Data organization, communities and beyond their relationships with the business;
- Support the Group DPO as well as local DPO or Points of Contact in drafting local analysis and local position papers to be discussed with regulatory authorities in Data Privacy;
- Support the DPO in ensuring cross-functional consistency of Personal Data management, especially when operated by multiple entities or departments;
- Initiate and participate to the DPIA review at local and group level (Large Scale of Processing);
- Benchmark personal data & privacy protection related policies with partners and competitors.
Support to operations
- Monitor compliance with Group Policies and Data Protection Regulation including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;
- Liaise and work closely with business and functions (HR, IT, Marketing, Online, Security and Business) to facilitate the implementation of the Group policies, the good practices to set up a solid/sustainable personal data management;
- Design and implement tools to assist the network of DPOs and legal experts;
- Supporting operations in the negotiation of complex contracts and Data Agreements including personal data processing (subcos including internal subcos (EL affiliates), sales or procurement);
- Assist and advise operations and DPOs in reviewing assessment of processing including the issuance of DPIAs to evaluate the risk of non-compliance;
- Identify the contractual evolution to comply with the Data Protection;
- Conduct regular session of reviewing processes / manage personal data protection register of processes;
- Support operation in managing complex Data Subject Requests.
- Set up actions as part of major personal data & privacy protection events (GDPR anniversary, Personal Data & Privacy Protection day, Security events, etc.);
- Populate to specific functions the specifics of Data Protection in their particular domain of working;
- Preparation and anticipation of controls;
- Pay regular attention to the legal and technological evolutions allowing a compliance of the processing of personal data.
- Participate in the definition of the curriculum for training sessions;
- Identify necessary training internally and externally;
- Ensure consistency of Personal Data & Privacy Protection communication.
- Define Data Protection audit plan for internal and external audit;
- Participate to the rules to be implemented in the GSG;
- Random and targeted audit of personal data processing;
- Collaborate with auditors and define improvement actions plan.