Data Protection Engineer / Data Protection Officer (DPDP Act)

We are looking for a dedicated Data Protection Engineer / Data Protection Officer (DPO) to ensure the organisation complies with the Digital Personal Data Protection (DPDP) Act, 2023.

The role involves implementing privacy controls, managing data flows, ensuring secure handling of customer data, coordinating audits, and acting as the primary contact for privacy-related matters.

Role & responsibilities

1. DPDP Act Compliance

• Track and implement all requirements of the DPDP Act, 2023.
• Ensure correct consent collection, withdrawal, and privacy notice mechanisms.
• Maintain compliance documentation and update policies as the Act evolves.

2. Data Mapping & Governance

• Identify, classify, and document all personal data processed by the company.
• Prepare and maintain data-flow diagrams, retention schedules, and data inventories.
• Ensure data-minimization and purpose-limitation principles are followed.

3. Technical Data Security Controls

• Work with tech teams to ensure secure storage, encryption, access control, and monitoring.
• Recommend and validate implementation of security measures for apps, databases, APIs, and cloud infrastructure.

4. Incident & Breach Management

• Establish a breach-response process.
• Coordinate investigations, reporting, and communication in case of a data incident.
• Prepare required notifications to the Data Protection Board of India (DPBI) if applicable.

5. User Rights & Grievance Handling

• Serve as the contact for Data Principals.
• Manage requests for access, correction, deletion, or consent withdrawal.
• Respond to privacy-related grievances within statutory timelines.

6. Internal Awareness & Policy Enforcement

• Train employees on correct data-handling practices.
• Create and enforce internal privacy, data-handling, and security policies.

7. Vendor & Third-Party Compliance

• Assess external partners and ensure they meet DPDP-mandated privacy requirements.
• Maintain processor agreements and monitor data sharing.

Required Skills:

• 2-6 years experience in Information Security, Data Governance, Cybersecurity, Compliance, or IT Risk.
• Familiarity with DPDP Act 2023 (training or certification preferred).
• Understanding of:
• Data classification & governance
• Security controls (encryption, IAM, access control, logging, SIEM basics)
• Privacy frameworks (GDPR / ISO 27701 is a bonus)
• Ability to document processes, prepare reports, and work with legal & engineering teams.
• Strong communication skills and detail-orientated mindset.

Preferred candidate profile

Certifications like CIPP/Asia, ISO 27001 LA/LI, ISO 27701, CDPSE, CIPT.

Experience in cloud platforms (AWS, Azure, GCP).

Exposure to audits or compliance assessments.