Data Protection Manager
Reliance Health
Reliance Health is on a mission to make quality healthcare accessible, affordable and delightful in Emerging Markets. We use technology to build an integrated health system that includes affordable health insurance, telemedicine and a combination of partner and proprietary healthcare facilities. This allows us to offer innovative healthcare solutions that meet the needs of our end users when they need us most.
We are seeking an experienced Data Protection Officer (DPO) who will play a crucial role in ensuring data privacy compliance and establishing data protection best practices across our operations in emerging markets. This role requires in-depth knowledge of global and local data privacy laws, cultural awareness of emerging markets, and the ability to navigate regulatory complexities across diverse jurisdictions.
Key Responsibilities:
Regulatory Compliance and Strategy
- Design, implement, and oversee a comprehensive data protection program tailored to emerging markets, ensuring compliance with local and international data privacy laws (e.g., GDPR, POPIA, LGPD).
- Monitor changes in data protection legislation in emerging regions, identifying risks and proposing adjustments to data protection policies accordingly.
- Develop strategies to address regional data privacy concerns in collaboration with legal and compliance teams.
Policy Development and Training
- Create and maintain data protection policies, procedures, and documentation to safeguard data in line with both company standards and local regulations.
- Conduct regular data privacy training and awareness sessions for employees, tailored to the cultural context and specific data protection challenges in emerging markets.
Data Handling and Cross-Border Data Transfers
- Advise on cross-border data transfer mechanisms, particularly for high-risk transfers in emerging markets, ensuring compliance with relevant international frameworks.
- Evaluate and manage vendor contracts, including data processing agreements, focusing on privacy considerations and compliance with local regulations.
Data Subject Rights and Incident Management
- Develop and oversee processes for handling data subject requests, ensuring compliance with regional legal requirements and maintaining a high standard of user experience.
- Lead incident response for data breaches or privacy incidents, conducting root cause analysis and coordinating remediation efforts in collaboration with IT, legal, and regional teams.
Risk Assessment and Data Impact Assessments
- Conduct data protection impact assessments (DPIAs) and privacy risk assessments for new projects, technologies, or initiatives, particularly those involving personal data in emerging markets.
- Identify, analyze, and mitigate risks associated with data processing in regions with evolving regulatory environments.
Stakeholder Engagement and External Liaison
- Act as the primary point of contact for regulatory authorities in emerging markets regarding data privacy inquiries, audits, and compliance reviews.
- Collaborate with internal stakeholders (e.g., IT, product development, HR) to embed data privacy principles into processes, policies, and systems from the outset.