Implementing and operating a framework of controls and management strategies to promote compliance with personal data legislation.
Includes legislation regulating the holding, use and disclosure of personal data.
Activities may include - but are not limited to:
providing expert advice on policies, procedures and governance
designing privacy-friendly products, services and systems that respect customer privacy and embed data protection
performing impact assessments, identify risks whilst enabling prudent use of data and addressing issues with products and services
responding to incidents
following legislative developments
creating privacy risk models and frameworks
working with subject matter experts in areas such as - but not limited to - legal, public relations, learning and development, procurement, security, data management, architecture.
Contributes to the development of policy, standards and guidelines related to personal data legislation.
Provides expert advice and guidance on implementing personal data legislation controls in products, services and systems. Investigates major data breaches and recommends appropriate control improvements.
Creates and maintains an inventory of data that are subject to personal data legislation. Conducts risk assessments, business impact analysis for complex information systems and specifies any required changes.
Ensures that formal requests and complaints are dealt with according to approved procedures. Prepares and submits reports and registrations to relevant authorities.
Develops strategies for compliance with personal data legislation.
Ensures that the policy and standards for compliance with personal data legislation are fit for purpose, current and correctly implemented.
Acts as the organisation's contact for the regulatory authorities.
Operates as a focus for personal data legislation for the organisation, working with specialists to provide authoritative advice and guidance.
No notes added yet.