- Located within the RISK Function of BNP Paribas (BNPP), the role of the Data Protection Correspondent (DPC) is to ensure that the components of the operational risk management framework are implemented and operating effectively within ISPL, and to provide RISK ORM management and Business senior management with relevant, synthetic, transparent, exhaustive and consistent information and a front-to-back view of operational risk across ISPL activities. To achieve this objective, this 2nd line of defense (LOD2) role works closely with RISK ORM Regional and Central teams and with ISPL management and stakeholders.
- The DPC provides expertise on personal data protection related topics in accordance with the relevant RACI. India DPC must assist India Data Protection Officer (DPO) in supervising the compliance of projects and with legal and regulatory personal data protection requirements throughout the APAC region as well as the Groups and APAC personal data protection policies.
- RISK ORM ISPL mandate is to independently challenge and supervise the operational risk management framework of ISPL activities as described in level 2 procedure Organizational framework and governance for Operational Risk Management & Permanent Control Framework. This includes control framework adequacy checks, independent challenge, proximity with the business and contribution to the sign-off process on key decisions. The DPC is to ensure second level controls by providing the required supervision and assistance to the 1st Line of Defense
Due to the global and regional models applied by the BNP Paribas (BNPP) activities outsourced to ISPL, the role covers the contribution as well to reviews, control testing, analysis and reports carried out under the supervision of the APAC DPO Regional teams.
Responsibilities
Direct Responsibilities
To contribute to relevant personal data protection activities realization
To guarantee
required norms and methods definition and application to a companys good data protection risks apprehension (follow-up of projects, information systems adaptation, declarations conception and maintenance, subcontractors contracts analysis, follow-up on control plans reporting, etc.)
To guarantee
advice and assistance to strategical program ongoing.
To support the implementation of the privacy strategy defined by DPO
To assist
the DPO in the supervision and monitoring of implementation of the Group's Data Protection policies and guidelines, bearing the local regulatory requirements in mind, to ensure consistency
To define
action plans and corrections related, and to ensure application of the same
To alert
DPO when activity is under operational risk (non-appropriateness between needs and resources, etc.), to propose correction solutions and to implement those solutions
To contribute
to continuous efficiency improvement and to any optimization process.
To contribute to operational collaborative activities
To support and assist
APAC DPO team for control campaigns, typical DPO and RISK ORM activities in BAU (e.g. RCSA check & challenge, data breach assessments, project and third-party risk assessment support see below), but also in case of emergencies and escalated issues
To contribute to permanent control actions
To contribute
to perform LOD2 controls and challenge LOD1
To contribute
to perform the check and challenge of the RCSA
To contribute
to RISK ID exercise
To contribute
to OR&C report
To ensure professional network development
To participate
in local Data Protection Committees when requested by the DPO
To contribute
to Internal Control Committee
To collaborate
with local CROs and RISK teams
Contributing Responsibilities
To assist
the DPO on exchanges with the authorities in charge of the protection of personal data under the responsibility of the DPO
To assist
the DPO in the supervision and implementation of Privacy by Design principles throughout the lifecycle of all projects, activities, products, services, processes and systems
To contribute
to role development by validating data protection requirements for new activities, new products, services or specific operations, and to carry technical assistance
To receive, process and advise
internal and external local solicitations about data protection
To receive, process and advise
requests from data subjects, subcontractors and partners etc.
To itemize
existing processes and identify breaches regarding data protection requirements using your broad knowledge on APAC-wide local regulation (at minimum: Indias new DPDPA & GDPR requirements
To contribute
to perform risk assessment on personal data breaches
To assist
the DPO in monitoring documentation, e.g. the RoPA (Register of Processing Activities)
To contribute
to the identification and notification process for data protection violations according to defined procedures and local legal requirements
To realize
effectiveness for data protection controls and to ensure expected reporting
To ensure
regular reporting to DPO about the activity
To contribute
to the creation and implementation of awareness programs and to the promotion of a culture of protection of personal data within the scope of responsibility. * DPO may refer to India DPO or APAC DPO or Business Line DPO as the case may be reflecting a matrix organization while maintaining a direct reporting to the India DPO
Technical & Behavioral Competencies
Knowledge (Required to exercise the position)
Level *
To know standards and norms about data protection
Know-how (implementation of technics, methods, tools to achieve activities)
Level *
Technics
To know how to assess maturity level of the existing facility about Data Privacy
Transverse
To have a professional face-to-face or phone discussion with an overseas colleague
To prioritize
To efficiently manage several topics at the same time
To issue advice / recommendation considering every parameter
To have an efficient speaking communication
Tools
To work with BNP Paribas tools (e.g. Data Protection Hub, RISK360)
Behavioral and soft skills
To efficiently multi-task with topics and maintain attention to detail / rigor
To issue advice / recommendation considering all parameters
To have efficient communication skills (oral & written)
To conceptualize / formalize an idea, a process or a project
To work as a team / transversally
To identify and analyse risks for the activities that are handled
To assess, issue an opinion
To deploy a strategy and to define an action plan
To animate resources and coordinate their intervention
To show diplomacy to allow a message to be heard
To show conviction, to generate interlocutors acceptance
Being able to anticipate and come up with ideas
Creativity and innovation
To show discretion about delicate and / or confidential topics
Ability to manage conflict
To integrate multicultural dimension
Specific Qualifications
Legal background with IAPP Certification (CIPP/E) or equivalent
Skills Referential
Behavioural Skills : (Please select up to 4 skills)
Communication skills - oral & written
Attention to detail / rigor
Creativity & Innovation / Problem solving
Client focused
Transversal Skills:
Analytical Ability
Ability to develop and leverage networks
Ability to develop and adapt a process
Ability to understand, explain and support change
Ability to set up relevant performance indicators
Education Level:
Bachelor Degree or equivalent
Experience Level
At least 5 years
Other/Specific Qualifications
(if required) Business Skills
1. Data Protection
2. Risk knowledge and awareness
3. Risk anticipation
4. Data quality & Security
5. Regulatory
6. Business analytics
7. New Technologies and Digital Law [IT/IP]
8. IT risk and cyber security