Data Protection Coordinator
BNP Paribas is a leading European bank with an international reach. It has a presence in 73 countries, with more than 192,000 employees – including more than 146,000 in Europe and over 4,000 in Portugal alone.
BNP Paribas is present in Portugal since 1985, having been one of the first foreign banks to operate in the country. Today, BNP Paribas has several entities operating directly in this territory, offering a wide range of integrated financial solutions to support its clients and their businesses.
Worldwide, the Group has key positions in its three main activities: Domestic Markets and International Financial Services (whose retail-banking networks and financial services are covered by Retail Banking & Services) and Corporate & Institutional Banking, which serves two client franchises: corporate clients and institutional investors. The Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realise their projects through solutions spanning financing, investment, savings and protection insurance.
The Data Privacy and Protection department, under the Group Data Protection Officer (Group DPO) who in turn reports to the Group Chief Risk Officer (CRO), is part of the Group Risk Functions within BNP Paribas acting as a 2nd Line of Defence (LoD). With a multidisciplinary team (e.g. management, legal, IT) integrated in the RISK ORC ICT - Global Lisbon CoE, this department has the responsibility for Group-wide approach of key data privacy and protection topics and for coordination of activities for DPOs at Group level.
ROLE AND RESPONSIBILITIES
The Data Protection Coordinator will assist with the implementation, management and monitoring of the data privacy and protection strategy and the creation and roll-out of policies, guidelines, and data protection awareness training.
Moreover, will identify and manage risks related to data privacy and protection, and escalate risks and issues to executives, as needed.
Will coordinate and oversight of activities in relation to the following:
- Review controls implemented by the business (1st LoD) to inform, advise and issue recommendations to the business with regards to data protection, privacy and compliance, including with data protection laws (e.g. GDPR, HIPPA, DPAct) and internal policies and guidelines
- Foster a data protection culture within the Group and help to implement essential elements of the data protection (e.g. principles of data processing, data subjects’ rights, data protection by design and by default, security, data breaches management)
- Advise 1st LoD (controllers/ processors) and DPOs regarding data protection and privacy management requirements and policies (e.g. DPIA process & objectives, safeguard measures to mitigate the risks – technical, organizational & formal –, record of processing operations management)
- Promote continuous training to maintain data protection awareness and feedback, and also include protection as part of the Group agenda
- Document all decisions taken consistent with and opposing DPO’s advice
- Support DPO Group in the communication and as point of contact for both data subjects (e.g. customers) and the regulatory authorities
- Offer consultation once a data breach or other incident has occurred and must be involved in relevant issues in a timely manner and report directly to highest management level
- Attend regular/ ongoing data protection, information security and privacy training
- Previous experience and expertise in national and transnational data privacy laws (e.g. GDPR, HIPPA, DPAct, POPI), regulations and practices
- Understanding of data processing operations, including business applications and data use
- Understanding of cross over between legal, IT and data security requirements.
- Experience of promoting a data privacy culture of awareness and understanding (preferably within a Bank)
- Experience of developing and assessing privacy policies and controls that minimize risk and ensure compliance
- Experience of responding to potential privacy incidents, to mitigate risk, determine reporting requirements, and developing corrective action plans when needed
- Demonstrated leadership and problem-solving skills, and ability to work under pressure
- Experience of communicating effectively with the highest levels of management and decision-making individuals within the organization
- Familiarity with privacy and security risk assessment, best practices and gap analysis, privacy certifications/seals, and information security certifications
- Team-player such that focus on the success of the team. Working well both with others, as well as individually, in a multicultural and multidisciplinary context
- Privacy, data protection and information security certifications (a plus)
- Fluent in English (mandatory) and French or other languages (desirable)