We’re a health insurance company that acts like a technology company. We’re using software, data science and telemedicine to make health insurance more affordable, easier to access and more of a delightful experience
We are seeking an experienced Data Protection Officer (DPO) who will play a crucial role in ensuring data privacy compliance and establishing data protection best practices across our operations in emerging markets. This role requires in-depth knowledge of global and local data privacy laws, cultural awareness of emerging markets, and the ability to navigate regulatory complexities across diverse jurisdictions.
Key Responsibilities:
Regulatory Compliance and Strategy
- Design, implement, and oversee a comprehensive data protection program tailored to emerging markets, ensuring compliance with local and international data privacy laws (e.g., GDPR, POPIA, LGPD).
- Monitor changes in data protection legislation in emerging regions, identifying risks and proposing adjustments to data protection policies accordingly.
- Develop strategies to address regional data privacy concerns in collaboration with legal and compliance teams.
Policy Development and Training
- Create and maintain data protection policies, procedures, and documentation to safeguard data in line with both company standards and local regulations.
- Conduct regular data privacy training and awareness sessions for employees, tailored to the cultural context and specific data protection challenges in emerging markets.
Data Handling and Cross-Border Data Transfers
- Advise on cross-border data transfer mechanisms, particularly for high-risk transfers in emerging markets, ensuring compliance with relevant international frameworks.
- Evaluate and manage vendor contracts, including data processing agreements, focusing on privacy considerations and compliance with local regulations.
Data Subject Rights and Incident Management
- Develop and oversee processes for handling data subject requests, ensuring compliance with regional legal requirements and maintaining a high standard of user experience.
- Lead incident response for data breaches or privacy incidents, conducting root cause analysis and coordinating remediation efforts in collaboration with IT, legal, and regional teams.
Risk Assessment and Data Impact Assessments
- Conduct data protection impact assessments (DPIAs) and privacy risk assessments for new projects, technologies, or initiatives, particularly those involving personal data in emerging markets.
- Identify, analyze, and mitigate risks associated with data processing in regions with evolving regulatory environments.
Stakeholder Engagement and External Liaison
- Act as the primary point of contact for regulatory authorities in emerging markets regarding data privacy inquiries, audits, and compliance reviews.
- Collaborate with internal stakeholders (e.g., IT, product development, HR) to embed data privacy principles into processes, policies, and systems from the outset.
Requirements
- Bachelor’s degree in Law, Information Security, Computer Science, or a related field; a Master's degree is a plus.
- Professional certifications such as CIPP, CIPT, CIPM, or equivalent.
- 5+ years of experience in data protection, privacy law, or compliance, preferably with experience in emerging markets.
- Expertise in international data protection regulations, particularly in regions across Africa, Asia and Latin America.
- Strong cultural sensitivity and the ability to work effectively with diverse teams and stakeholders.
Key Skills
- In-depth knowledge of NDPA, GDPR, POPIA, LGPD, and other relevant data protection regulations in emerging markets.
- Strong analytical, negotiation, and problem-solving skills.
- Excellent communication skills to present complex privacy concepts in a clear and accessible manner.
- Experience conducting DPIAs, risk assessments, and privacy audits.
- Ability to adapt to a rapidly changing regulatory landscape and communicate changes to internal teams effectively.
Method of Application
Signup to view application details.
Signup Now