Data Privacy Officer

Location:

2. Key Responsibilities

• Develop, implement, and maintain the CGCL

  Privacy Governance Framework

  , policies, standards, and processes.
• Ensure compliance with:

• DPDP Act 2023

• RBI Guidelines on IT Governance, Outsourcing, Cybersecurity & Data Governance

• UIDAI requirements

• NHB / CIC guidelines

  where applicable
• Establish a system for periodic privacy audits and assessments.
• Provide periodic privacy compliance reports to the Board / Senior Management.

B. Data Mapping, Classification & Lifecycle Management

• Lead the creation and maintenance of data flow maps for customer data, employee data, vendor data, and partner data.
• Ensure implementation of

  data minimization

  ,

  purpose limitation

  ,

  lawful processing

  , and

  data retention

  principles.
• Work with IT, InfoSec, HR, and Ops teams to ensure proper data classification and secure data handling processes.

C. Data Subject Rights Management

• Define and manage processes for handling:
• Consent
• Withdrawal of consent
• Data access requests
• Correction and erasure requests
• Establish a privacy grievance redressal mechanism and ensure timelines as per DPDP rules.
• Maintain records of all requests and actions taken.

D. Privacy-by-Design & Advisory

• Engage with business, product, IT, and digital teams for early involvement in projects and new initiatives.
• Review:
• New digital product features (apps/portals)
• Vendor integrations (KYC, credit bureau, payment gateways)
• Digital lending journeys
• Data analytics and AI/ML initiatives
• Ensure

  Privacy Impact Assessments (PIA)

  are conducted for new or high-risk data processing activities.
• Advise on cross-border data flows and ensure compliance with allowed jurisdictions.

E. Vendor & Third-Party Privacy Management

• Conduct privacy assessments of DSAs, service providers, SaaS providers, cloud vendors, and digital partners.
• Ensure contracts have:
• Data processing clauses
• Data breach obligations
• Security controls
• Sub-processor requirements
• Data return/destruction mandates
• Monitor vendor compliance with privacy obligations.

F. Data Breach & Incident Management

• Collaborate with CISO, SOC, and IT teams to develop a data breach response plan.
• Maintain incident logs and ensure reporting obligations are met under DPDP Act.
• Conduct root-cause analysis, forensic readiness, and implement corrective actions.

G. Awareness & Training

• Drive organization-wide privacy training programs for employees, DSAs, field staff, call centers, and other stakeholders.
• Promote privacy culture via emailers, awareness sessions, and behavioural nudges.
• Guide employees on safe handling of customer information and internal records.

H. Record Keeping & Documentation

• Maintain mandatory privacy documents, including:
• Notice & consent records
• Data processing registers
• Data breach records
• DPIA/PIA reports
• Vendor privacy assessments
• Retention & deletion logs
• Ensure all documentation is audit-ready.

3. Qualifications & Experience

• Graduate/Postgraduate in Law, IT, Management, or a related field.
• Preferred: LLB/LLM or specialization in Privacy/Technology Law.

Certifications (Preferred but not mandatory)

• CIPP/E or CIPP/A equivalent
• CIPM
• DCPP (from DSCI)
• ISO 27701 Lead Implementer/Auditor
• Any privacy or data governance certification

Experience

• 7 - 15 years of experience in privacy, data governance, risk, compliance, or IT/security roles.
• Preferably from

  Banking,

  or

  regulated financial institutions

  .
• Strong understanding of DPDP Act, RBI compliance expectations, and data lifecycle management.

4. Skills & Competencies

• Strong understanding of DPDP Act 2023
• Good knowledge of RBI guidelines on outsourcing, IT, cybersecurity
• Experience with data protection technologies (DLP, encryption, masking)
• Experience in PIAs, privacy governance, audits
• Understanding of digital lending and customer lifecycle in CGCLs

Behavioural Skills

• Strong communication and stakeholder management
• Ability to influence leadership decisions
• High ethical standards and confidentiality
• Analytical thinking and attention to detail
• Ability to manage cross-departmental initiatives