Data Privacy Specialist

Role: Data Privacy Officer

Job Title: Deputy Vice President / Vice President

Work Location: Goregaon East, Mumbai

Role Objective

• Setup the privacy framework for Kotak Life

• Serve as the single point of contact within the organization for staff members, regulators, and

relevant public authorities on issues related to data protection

• Ensure that company policies follow codes of practice such as, DPDPA

• Evaluate the existing data protection framework to identify areas of no or partial compliance, and

rectify any issues

• Devise training plans and provide data protection advice to stakeholders

• Inform and advise external and internal stakeholder on all matters related to data protection

• Promote a culture of data protection and compliance across all units of Kotak Life

Roles and Responsibilities

Privacy Governance:

• Periodic reporting on risks, compliance, and related activities with regards to personal data

processing within the Bank

• Ensure all the policies and procedures are in-line with the applicable law.

• Design, develop and document policies and procedures

• Test applicability of data privacy laws and regulations (and industry standards).

• Provide advice on processing personal data in a lawful and legally compliant manner

• Define data privacy strategy and drive balance innovation, compliance, and ethical use of

personal data.

• Define and track Key Performance Indicators (KPI's) for the privacy function.

Privacy Operations

• Be responsible for responding to all the issues related to processing of personal data of the Data

Principal.

• Will be responsible for facilitating the exercise of Data Principal rights to ensure timely response

to the requests.

• Ensure and track responses to Data Principals Requests within specified period as per

applicable law.

• Oversee day to day operations of responding to Data Principal Requests

• Be the point of contact for the grievance redressal mechanism under the provisions of the

regulations.

• Will be responsible for ensuring that detailed Records of Processing Activities (RoPA) across all

processes are updated and reflect the latest changes (if any) in the said process flow.

• Assist business in creating RoPA for all the products and Business Functions

• Responsible for establishing a process to define consent management framework for the

Company, through which a centralized tracking of consent lifecycle (collection, storage,

modification, and revocation) is maintained in an auditable manner.

• Responsible for introducing tools and technologies to implement consent management

framework for adequately managing the consent capturing and withdrawal.

• Create and increase awareness amongst employees, vendors and other applicable stakeholders

processing personal information.

• Responsible for reporting data breaches and thefts to supervisory authority, notify the Data

Principal about the breach as per defined timelines.

• Actively manage data privacy incidents and breaches to help mitigate and contain harm suffered

by data principals due to the said breach.

Privacy Risk Management

• Keep abreast of the status and direction of privacy issues within the global banking industry in

general and amongst Indian banks.

• Co-ordinate with internal and external auditing groups to assess the effectiveness of the privacy

program.

• Track Key Risk Indicators (KRI's) for the privacy function.

• Responsible for establishing and reviewing privacy metrics, as appropriate.

• Responsible in establishing and implementing Data Privacy Impact Assessment (DPIA) process

in the Company,

• Actively manage the identified privacy risks.

• Oversee day to day operations for conducting DPIA's.

• Advise/consult and or undertake assessments to determine the effectiveness of privacy controls

implemented with third party service providers/partners/vendors with access to Company's

personal data.

• Responsible in establishing and implementing Privacy by Design process which shall include

assessments to identify privacy risks at the design level of the application/process development.

• DPO shall ensure the identified risks are remediated before the implementation/deployment of

the said change.

Internal Relations:

All internal departments

External Relations:

External Auditors, Third Party Audit SPOCs, Regulators, Data

Protection Board

Educational Qualifications:

Post-Graduate in Information Security, Computer Science, IT, Law or Privacy domain

• Expertise in data protection laws and practices, including deep understanding of GDPR, DPDPA

• Experience in a legal, audit, or risk management role

• Shall have strong experience in related disciplines such as information governance, incident

response, risk management, etc.

• Shall have knowledge of company's business sector, data processing needs, information

technologies and data security.

• Shall have the ability to promote data protection culture within the company.

• Strong project management skills

• Ability to work effectively under pressure and to manage sensitive and confidential information

• Excellent verbal and written communication skills, with strong attention to detail

Certifications preferred:

• IAPP certifications, namely CIPP/e, CIPP/US, CIPM

• Any DPO certifications