Data Protection & Privacy Officer

Overview

The DPO acts as the central authority for privacy governance, balancing legal, operational, and technical controls across departments to safeguard customer and employee data. (Operational & Technical – focused on data protection, security, and governance) Responsibilities

Governance & Oversight

Own and maintain the company-wide data privacy and protection framework. Serve as the primary liaison between internal teams, auditors, and regulators on all privacy-related matters. Develop, implement, and maintain privacy and security policies in alignment with ISO 27001, NCA ECC / CCC, and PDPL standards. Work closely with Product & Engineering to ensure privacy and security by design are embedded into all products and workflows. Track data flows across SaaS infrastructure, including cloud hosting, backups, and third-party integrations. Define and enforce policies on data handling, sharing, and lifecycle management across all departments. Maintain a data inventory, ensuring proper classification, access control, and retention practices. Act as the point of contact for data subject rights requests (DSRs), including access, correction, and deletion requests.

Access Control & Data Handling

Design and enforce Role-Based Access Control (RBAC) to grant or restrict capabilities based on role and authority. Ensure all data handling, storage, and transfers adhere to industry-accepted standards, encryption, and security best practices. Oversee incident response and data breach management in coordination with IT Security and relevant stakeholders.

Third-Party Compliance

Lead the compliance review and approval process before licensing or integrating any third-party tools, vendors, or data processors. Maintain a Third-Party Risk Register, tracking compliance obligations, data protection requirements, and mitigation actions. Manage incident response and reporting for security or privacy breaches involving external vendors.

Training & Awareness

Design and deliver data privacy and security awareness programs for all employees and new hires. Develop and administer role-specific training for teams that process or manage personal data (e.g., Product, Marketing, Customer Success). Promote a culture of privacy across the organization through ongoing communication and engagement initiatives.

Continuous Improvement

Conduct periodic Privacy Impact Assessments (PIAs), risk assessments, and internal audits. Continuously monitor and interpret local and international data protection regulations, including GDPR, PDPL, and related NCA frameworks. Recommend and implement updates to privacy policies, security controls, and governance frameworks as regulations or technologies evolve.

KPIs

% of staff completing privacy training % of privacy incidents or audit findings (target : zero) Average vendor review turnaround time % of systems covered under RBAC controls Successful completion of external audits (ISO, SOC2, PDPL, etc.)

#J-18808-Ljbffr