The Data Privacy Analyst will support the organization in maintaining compliance with data protection laws, implementing privacy controls, managing Data Principal Rights workflows, and strengthening privacy governance across business processes. This role requires strong analytical abilities, cross-functional collaboration, and a working understanding of regulatory requirements such as the DPDP Act, GDPR, and global privacy frameworks.
Key Responsibilities
- Manage and execute day-to-day data privacy operations, ensuring compliance with regulatory requirements and internal policies.
- Manage and respond to Data Principal Rights requests (e.g., access, rectification, erasure, data portability), consent lifecycle, and privacy incident workflows.
- Conduct and support Data Protection Impact Assessments (DPIAs) to identify risks and recommend mitigation strategies.
- Review and contribute to the development and upkeep of internal data privacy policies, SOPs, notices, and guidelines.
- Review third-party contracts with a focus on Information Security and Data Privacy clauses to ensure adequate safeguards in collaboration with the legal team.
- Review and recommend data sharing and data access requests in line with business requirements.
- Monitor and assess the effectiveness of data protection controls, policies, and technical measures such as encryption, IAM, DLP, masking, logging, etc.
- Contribute to the development and implementation of data privacy strategies, frameworks, and privacy-enhancing technologies (PETs).
- Collaborate cross-functionally with legal, IT, and business teams to embed privacy by design into systems, processes, and technologies.
- Track and analyze emerging data protection laws, regulations (e.g., DPDP Act), and industry trends, and advise internal teams on their implications.
- Automate compliance workflow and evaluate data protection and privacy technologies to enhance trustworthy computing and meet all applicable compliance requirements
- Develop and deliver training to internal and external stakeholders on data protection obligations and best practices.
Skills & Competencies
- Strong understanding of data protection laws and frameworks (e.g., DPDPA, GDPR, ISO 27701, or NIST Privacy Framework).
- Familiarity with Cybersecurity, data governance, discovery, classification tools, and security controls (e.g., DLP, encryption, access management).
- Capable of conducting cross-functional collaboration and demonstrate negotiation skills to meet and exceed data privacy and protection requirements.
- Demonstrated analytical and problem-solving skills with the ability to assess complex privacy risks.
- Excellent written and verbal communication skills; ability to convey complex legal and technical concepts to diverse audiences.
