Digit Insurance - Data Protection Officer - DPDP

Job Description - Data Protection Officer - DPDP

Location : Bangalore

General Summary : Go Digit General Insurance is looking to recruit an experienced Data Protection Officer (DPO) to meet its obligations under the Digital Personal Data Protection Act ("DPDP"). The DPO will monitor compliance and data practices internally to ensure the business and its functions comply with the applicable requirements under the DPDP and relevant national legislation. The DPO will be responsible for advising on, and where required carrying out, staff training, data protection impact assessments and internal audits. The DPO will also serve as the primary contact for supervisory authorities and individuals whose data is processed by the organization.

Essential Duties and Responsibilities : In this role, you will work closely with the Legal, Compliance, Information Security, HR, Marketing and Customer Services and functions to develop and monitor policies and standards applicable to the business and in compliance with the DPDP and relevant national legislation. Duties will include :

- Implementing measures and a privacy governance framework to manage data use in compliance with the DPDP and relevant national legislation, including developing templates for data collection, advising on, and assisting with data mapping and records of data processing, and vendor management reviews.

- Working with key internal stakeholders in the review of operations and projects and related data processing to ensure compliance with data privacy laws, and where necessary, advising on and monitoring data protection privacy impact assessments.

- Serving as the primary point of contact and liaison for the India Data Protection Authority ("DPA") on all data protection related matters under the DPDP and relevant national legislation.

- Ensuring that the Company's IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data).

- Participating in the DPDP Committee.

- Managing and conducting ongoing reviews of Company's privacy governance framework and regular and ad hoc reporting on data privacy compliance within the organisation

- Monitoring changes to local privacy laws and making recommendations to the DPDP Committee when appropriate.

- Assist in setting standards and reviewing policies and procedures that meet the requirements under the DPDP and any localization requirements in countries of operation.

- Developing and delivering privacy training to various business functions and collaborating with Information Security functions to raise employee awareness of data privacy and security issues.

- Coordinating, conducting, and monitoring data privacy audits.

- Responding to and advising on data subject rights requests, where escalated including data subject access requests (DSARs) and other requests from individuals.

Qualifications :

- Bachelor's degree in a relevant field (e.g., law, information technology, or business).

- Proven experience in data protection and privacy roles.

- In-depth knowledge of relevant data protection laws and regulations, with a specific emphasis on GDPR.

- Strong understanding of information security principles and practices.

- Excellent communication and interpersonal skills.

- Certification in data protection (e.g., Certified Information Privacy Professional (CIPP)) is a plus.

Experience :

- Minimum of 12-15 years of experience in data protection and privacy roles.

- Demonstrated experience in implementing and managing GDPR compliance programs.

- Track record of effectively communicating complex privacy concepts to various