Data Privacy Officer - AAA

Job Summary:

Partner with DRLs business teams in the AAA (Asia Africa and ANZ) region on a daytoday basis and support them in complying with both DRLs Global Data Privacy Policy processes and standards as well as various Data Protection laws in all the countries with DRLs and its subsidiaries operations. Interpret applicable Data protection laws within the countries interact with Regulatory authorities where applicable.

Roles and Responsibilities:

Business Partnering

• Partner closely with business and functional teams in the region and provide necessary support to ensure compliance with both DRLs internal Data Privacy processes/ requirements as well as applicable Data Protection laws.

Privacy Risk and Issue Management

• Identify and register Data Privacy risks and issues associated with various business processes/ projects and initiatives and enable their management by assigning them to the right owners and tracking them to closure against mutually agreed due dates.

Personal Data Incident and Breach Management

• Train business and functional teams on how to identify and report Data Security Incidents.
• Manage reported personal data incidents for the countries in the region to closure by identifying root causes proposing corresponding corrective and preventive actions and tracking actions to closure.  Adhere to any Breach Management and Notification requirements under applicable DP laws in the region.

Data Subject Requests

• Manage Data Subject Requests received for the countries in compliance with any requirements laid down under respective laws.

Local SOPs DPAs ICAs Notices / Consent

• Assess the need develop local Data Privacy procedures and provide necessary training to help business comply with specific requirements under local law.
• Where required adapt global notices or consents to meet local requirements.
• Provide inputs to help create Data Processing Agreements Agreements/ BCR to enable crossborder transfer of data within DRL entities etc.

Training and Awareness

• Develop content for ad hoc and function specific Data Privacy trainings and deliver them to business teams on a periodic basis. Ensuring that the effectiveness of trainings is also assessed.
• Facilitate Data privacy awareness campaigns and initiatives for the countries within the region to raise overall awareness levels around Data Privacy.

Monitoring testing and reporting

• Perform periodic monitoring/ testing of controls to identify level of compliance to the requirements under applicable law.
• Do periodic reporting for the region as required for Steercos and other Review meetings. Present the outcomes to top leadership.

Internal / External Audits and Review

• Facilitate all internal / external DP audits and reviews for the countries in scope.
• Work closely with business and functional teams to track all findings identified during such audits and reviews to closure.

External Interface

• Be DRLs face to the Data Protection Regulatory Authorities in the countries (where applicable) and ensure compliance with any notification/ registration requirements under such laws e.g. registration of DPO or Processing systems notification related to data transfers data breach etc.
• Post alignment with Functional leadership identify and work with external law or consulting firms to fulfil obligations under the law if any.

Internal Governance and Meetings

• Participate in internal GLC and periodic DP related governance and all hands meetings. Maintain or provide timely and accurate regional specific inputs on governance activities initiated by Corporate/ Global Data Privacy team.

Qualifications :

• Law/ management graduate OR a certified Privacy Professional from globally recognized institutes/bodies with ability to interpret Data Protection laws and experience in interacting with Regulatory bodies.
• Experience of 57 years in Data Privacy roles with large multinational organizations of which at least 23 years handon experience should be in managing compliance with laws in multiple countries (preferably within APAC region).
• Experience in conducting Data Privacy monitoring testing and reviews.
• Good Understanding of Risk Management and controls concepts and Information Security Management System (ISO 27001 Cloud Security etc).
• Experience in leading team of privacy professionals in addition to being accountable for their own deliverables.
• Experience and understanding of use of data and technology (including AI) and how it impacts data privacy.
• Experience in handling privacy enabling tools and solutions (One Trust etc).
• Robust stakeholder management and interaction across all levels (including senior management).
• Ability to understand business demands and how privacy requirements should be applied in a changing environment including both at a process as well as in technology related setups.
• Understanding and prior experience in Pharmaceutical and Generics business will be an added advantage.
• Legal knowledge as it relates to Data Protection laws including contracting drafting Data Processing Agreements/ EU Model Clauses and similar crossborder transfer provisions under different DP laws in the region.
• Understanding of Data Protection laws (APAC region preferred) and emerging challenges.
• Data Privacy Training and Awareness building.

Additional Information :

About the Department:

The Legal & Compliance function has three broad verticals which cut across global geographies. The verticals provide advice and documentation relating to Intellectual property matters commercial contracts and business arrangements corporate structures and registrations Compliance with industry specific laws rules and regulations and Data Privacy and Protection compliance across 75 countries.

The Legal team is comprised of the Global General Counsel Regional/ Associate/Assistant General Counsels Senior Legal Counsels and Legal Counsels. The Compliance team at Dr. Reddys is comprised of the broad work profiles such as Corporate Compliance Compliance CoE and Business Compliance and role holders housed in these profiles. Lastly Global Data Privacy team includes Global DPO and Deputy DPO Global Data Privacy Lead Regional DPOs and other Data Privacy Partners representing specific countries and Business units.

Your Team:

Internal: Global GC Global DPO/Deputy DPO DPO Corporate Regional Data Privacy Officers Country/ Business Unit Data Privacy Partners and Information Security Team.

External: Regulatory Authorities Law Firms OEMs and Consultants (Implementation partners)

Remote Work :

No

Employment Type :

Fulltime