The Compliance & Data Protection Strategist works with general counsel, external stakeholders and businesses to drive compliance with data protection and privacy obligations. They will compile relevant templates, consent and authorisation forms, notices, etc that reflect organisation and legal practices and requirements. He/she will liaise with the appropriate regulatory and accreditation bodies to develop programs, policies and procedures that address data privacy and protection in an integrated and comprehensive manner. This individual will maintain current knowledge of applicable privacy laws and accreditation standards, monitoring advancements in information privacy technologies to ensure business adaptation and compliance. They will ensure that all processing and/or databases are registered with the local privacy/data protection authorities as required.
The Compliance & Data Protection Strategist builds and improves the privacy program, including the development and co-ordination of a risk management and compliance framework for privacy. This program will include but not limited to:
- Reviewing the company’s data and privacy projects and ensure that they are consistent with corporate privacy and data security goals and policies.
- Developing and managing enterprise-wide procedures to ensure the development of new products and services is consistent with company privacy policies and legal obligations
- Establishing a process for receiving, documenting, tracking, investigating and taking action on all complaints concerning the organization’s privacy policies and procedures
- Establishing with management and operations, a mechanism to track access to protected health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
- Providing leadership in the planning, design and evaluation of privacy and security related projects
- Periodically revising the privacy program in light of changes in laws, regulatory or company policy
- Providing development guidance and assist in the identification, implementation and maintenance of organisation information privacy policies and procedures in coordination with organization management and administration and legal counsel
This position works with internal stakeholders to ensure awareness of best practices on privacy and data security issues and establish an organisation-wide “privacy oversight committee”, acting in a leadership role on this committee. They interface and collaborate on cyber privacy, security policies and procedures and develop strategic plans for the collection, use and sharing of information that is value add but compliant to regulations. Working with business units, this position develops tools and methodologies that drives on-going compliance and co-ordinates procedures for documenting and reporting self-disclosures of any evidence of privacy violations. They provide strategic guidance regarding information resources and technology and assists with the implementation of an information infrastructure, acting as an information privacy liaison. This individual will also be accountable for:
- Ensuring compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organisation’s workforce, extended workforce and for all business associates
- Developing appropriate sanctions for failure to comply with the corporate privacy policies and procedures and related mitigation activities
- Resolving allegations of non-compliance with the corporate privacy policies or notice of information practices
- Developing and managing procedures for vetting and auditing vendors for compliance
- Compliance monitoring of all trading partner and business associate agreements and contracts
- Response to incidents and application of corrective action procedures
Training & public relations:
The individual in this position develops training material and other communication, including facilitating training sessions to increase awareness and understanding of company privacy policies, data handling practices and procedures and legal obligations. He/she develops relationships with a variety of external organisations such as consumer organisations, non-government and government organisations and represents Dimension Data’s information privacy interests with such stakeholders. They report on the status of the DD privacy program to the relevant internal stakeholders and responds to press and other enquiries on consumer and employee data.