Data Protection Manager

Data Protection Manager (“DPM”) plays a crucial role in helping ABC Group and its Members to fulfil their data protection obligations.

The DPM will essentially assist the Data Protection Officer (“DPO”) with:

• Enhancing the group-wide Data Protection Framework, and keeping it updated;
• Facilitating and supporting the implementation of the group-wide strategic roadmap for data protection;
• The group-wide monitoring of compliance with the data protection laws and regulations and with Bank ABC’s Data Protection Framework;
• Raising data protection awareness and ensuring that relevant training is provided;
• Providing assurance of compliance with the data protection laws.

DPM will maintain contacts with the Local Data Protection Coordinators (“LDPCs”). S/he needs to have a good understanding of how ABC Group is organized, the countries it is operating in, the products offered and the main processes and systems that support the working of ABC Group. S/he needs to be familiar with the practices for sound management of data protection risk and the regulatory requirements related to data protection in the main countries where ABC has a presence.

DPM should be able to articulate data protection related issues and risks and have meaningful discussions with internal and external stakeholders at all levels. S/he should keep sight of the “big picture” of the countries and markets ABC is in and the overall trends in the financial industry.

S/he may be required to assume the LDPC role for Bank ABC B.S.C. branches.

Scope of the Job

Enhance and update the group-wide Data Protection Framework when new regulatory requirements are introduced.

1. Facilitate the implementation of the group-wide Data Protection Strategic Roadmap:

• Assist with coordinating and facilitating the implementation of the Data Protection Strategic Roadmap and all components across all Units of the Group specially the Personal Data Register;
• Providing day-to-day direction, guidance, training, and support to the first line for data protection and the management of related risks;
• Providing assistance with the identification of data protection issues and the definition of appropriate action plans;
• When required, review - and approve - local data protection policies, standards & procedures to ensure compliance and consistency with group policies, standards and procedures.

1. Monitoring and challenging:

• Monitor - and when required - challenge the compliance of the group-wide and local data protection policies, standards & procedures by the Units and raise any exceptions to the appropriate decision level (unit and group level).

1. Personal Data Register/Register of Processing Activities (ROPA):

• Assist with overseeing the regular maintenance of the ROPA by the Units and ensuring that they are always available and ready for inspection by the authorities.

1. Data Protection Impact Assessments:

• Support / facilitate / monitor / challenge the Data Protection Impact Assessments (or their outcomes) done by the Units.

1. Data Subjects’ Rights:
2. Testing and assurance:

• Challenge / test the effectiveness of the core data protection processes;
• Help with providing assurance that the Units comply with the provisions of the relevant data protection laws and regulations and with the data protection framework.

1. Incident management:

• Ensure that data protection related incidents across the Group are timely and properly identified, escalated, and resolved, and that when required, authorities are timely notified;
• Ensure that relevant data protection related incidents are analyzed and that proper actions are taken to address the root causes of these incidents.

1. Reporting:

• Prepare / oversee the preparation of consolidated data protection reports for the various internal and external stakeholders;
• Ensure that relevant data protection matters are timely reported to the local/group senior management and relevant risk oversight committees;
• Report on the global progress by the Units against the approved planning for the implementation of the data protection management framework.

1. Change management:

• Participate in major change projects to ensure that legal requirements for data protection / data retention and related risks are assessed and addressed prior to launch/implementation.

1. Raise awareness for data protection:

• Ensure that necessary training and guidance are provided to the staff and contractors in the unit, subsidiaries, branches and rep offices on all aspects of data protection and data retention;
• Disseminate - and explaining - policies, standards and procedures for data protection and date retention to the various stakeholders in the units;
• Raise awareness for data protection with employees, contractors and parties working with/ for ABC.
• Carry out “ad hoc” tasks related to data protection and data retention as directed by the GH - Cyber & IT Risk or Senior Management

**Job Cont