The person will be responsible for designing, implementing, and managing the organization's data privacy framework in compliance with applicable regulatory requirements (such as DPDP Act, RBI guidelines etc.).
The role involves ensuring the protection of customer and employee personal data, embedding privacy-by-design principles, and minimizing privacy risks across business operations.
Develop, implement, and maintain enterprise-wide data privacy policies, standards, and procedures.
Establish a robust privacy governance framework aligned with regulatory and business requirements.
Drive privacy-by-design and privacy-by-default principles across products and
Ensure compliance with applicable laws such as:
Digital Personal Data Protection (DPDP) Act, India
RBI guidelines for NBFCs
Liaise with regulators, auditors, and legal teams during assessments and reviews.
Conduct periodic compliance assessments and gap analysis.
Oversee data classification, retention, and deletion frameworks.
Ensure proper handling of sensitive personal data across its lifecycle.
Monitor third-party data processing and ensure contractual privacy obligations
Conduct Data Protection Impact Assessments (DPIAs) and Privacy Impact Assessments (PIAs).
Identify privacy risks and implement mitigation strategies. Integrate privacy risks into enterprise risk management frameworks
