Title: Data Protection Officer
Location: Ireland
Employee Status: Full Time, Permanent
Experience Required: 5 years +
Travel: Occasional
Role
We are looking to hire a Data Protection Officer (DPO) with responsibility for ensuring compliance with local data protection regulations, such as the GDPR for the European Union, and HIPAA in North America, within iCabbi. The DPO will handle all matters related to the protection of personal data within iCabbi and serves as the primary contact for the Data Protection Commission.
The DPO will also act as the point of contact for iCabbi Privacy Ambassadors and Project Owners regarding GDPR compliance. The DPO will ensure that the group’s data protection policies are implemented across all business units. Hierarchically, they will report to the iCabbi Director of Compliance. Functionally, they will report to the Renault Group DPO.
Responsibilities
- Data Protection:
- The DPO will deploy the group’s privacy roadmap, ensuring compliance with local regulations (if stricter).
- They will adapt group procedures related to privacy protection and oversee their implementation.
- The DPO will apply data protection governance rules within their group of entities and deploy additional rules if necessary.
- They will maintain data flow diagrams and the register of data processing activities.
- In case of personal data breaches, the DPO will manage the situation in accordance with the group’s procedure.
- Support and Advice:
- The DPO will support and advise the Privacy Ambassadors within their entities.
- They will provide guidance to business units and departments on data protection matters.
- Legal Validation:
- The DPO will legally analyze and validate data processing activities recorded in BCSI sheets or other tools.
- They will keep the register of data processing activities up to date and co-create impact assessment sheets (to evaluate non-compliance risks).
- Communication and Exercise of Rights:
- The DPO will ensure compliance and deployment of information to individuals through Privacy Policies, Cookie Policies, and legal notices.
- They will organize the process for exercising rights within their entities, collaborating with corporate teams or other group entities when necessary. They will handle requests from clients and employees within their scope and escalate any arbitration needs to the Group DPO.
- Contractual and Aspects:
- The DPO will identify contract evolution needs to comply with current or upcoming data protection regulations. They will work with iCabbi General Counsel to co-create Data Privacy Annexes (DPA) for these contracts.
- Training:
- In collaboration with the Group DPO, the entity’s DPO will identify training needs for all employees and contractors.
- They will participate in creating training offerings and deliver them with the assistance of the Group DPO or other relevant teams (e.g., IT Security, audit).
- They will ensure the tracking of training conducted.
- Internal Control and Audit
The DPO:
- Will receive and process audit requests from regulators. They will promptly report any regulator’s control/audit requests to the Group’s DPO, their management within the entity, and the Legal Data Corporate team. Depending on the nature of the controls, the Group’s DPO may assist the DPO of the audited entity during the control period.
- Drive the advancement of compliance action plans for data processing within their entity, collaborating with Internal Control teams alongside the Global Privacy Ambassador and Privacy Ambassador.
- Participate in defining audit plans related to Personal Data Protection for their entity.
- Deploy these plans with Privacy Ambassadors within their entity and each entity they supervise.
- Collaborate with auditors and internal controllers.
- Regulatory Monitoring
- The DPO will conduct regulatory monitoring (in countries where the entities they oversee are based) regarding any regulatory developments (or proposed changes) related to Personal Data, Information Systems Security, or any other domain that could impact or affect data protection within their entity.
- To this end, the DPO will attend events organized by regulators and/or associations involved in Personal Data Protection and Information Systems Security. They will promptly inform the Group’s DPO and the Legal Data Corporate team of any significant developments that could impact their entities, their entities’ subsidiaries, or the Group.
- Key Deliverables and Indicators
- Legal and regulatory analyses, both prospective and preventive.
- In support and coordination with risk-owning entities, development and implementation of compliance programs to ensure the company operates within legal and regulatory frameworks.
- Provision of technically reliable, timely, and commercially adapted legal advice; positioning as a ‘business partner’; all documented through positive ‘Voice of Customers’ surveys.
- Calculation and reporting of key performance indicators (KPIs) based on criteria defined with the Group’s DPO.
Qualifications
- Master’s degree in Personal Data Law, Intellectual Property, Contracts, or a business school with a legal/data protection option.
- Minimum 5 years of experience as a DPO within a legal department of a company (preferably international) responsible for Data Privacy aspects, a law firm, or a Data Protection Authority.
- Autonomy and ability to work with multiple teams across different departments. Rigorous, detail-oriented, and skilled in community management, training, and maintaining close relationships with multidisciplinary teams.
- Excellent communication, interpersonal and leadership skills
- A flexible and proactive mindset which anticipates future needs and can identify and implement creative and practical solutions.
- Strong analytical and problem-solving skills.
- Ability to work independently and as part of a team in a fast-paced environment.
- Strong organisational and project management skills.