The Data Protection Officer will report directly to the Group Chief Risk Officer and will work closely with the Group’s IT Security and Operational Risk teams based in Malta.
Duties and responsibilities:
This is a new role with a key focus on ensuring that the organisation meets with requirements under the General Data Protection Regulations (GDPR) that come into effect across the EU in May 2018.
The main roles and responsibilities of the DPO include the following:
- Developing and implementing a data protection and privacy risk framework, processes, and training.
- Establishing and maintaining the business’ data protection and privacy risk framework
- Informing, advising, raising awareness and training group employees of their obligations under GDPR
- Monitoring compliance with GDPR
- Carrying out privacy impact assessments
- Supporting and co-ordinating senior management focus in promoting a culture of awareness of data security throughout the organisation
- Liaising with IT to ensure that implemented technical controls are in place when required
- Overseeing the implementation of technical and non-technical controls to ensure the group is in compliance with GDPR requirements together with IT and IT Security teams
- Ensuring thorough breach investigations are carried out and incidents are managed and reported to management, the IDPC and data subjects as appropriate
- Fulfilling the requirements prescribed in Article 39 of the GDPR to keep the business and customers’ datasafe
Required knowledge, skills and experience
- Strong knowledge and familiar with national and European data protection laws and practices and the General Data Protection Regulation
- Strong communication skills
- Experience as a DPO or a similar compliance role gained within a retail bank or in the financial sector
- Experience communicating with both Senior Management and Board of Directors
- Good understanding of IT Security techniques and related technical standards