Data Privacy & Security Lead

Back to Job search

Job Summary

  • Shanghai
  • Permanent
  • Ref ID: BBBH834996
  • 23 Nov 2022
  • ¥41k - ¥60k pm

Job Description

Insurance Broker

Responsibilities
* Develop and maintain a privacy management system (advising and drafting internal policies, standards, guidelines, SOPs and etc).
* Work with commercial teams to ensure client contracts and agreements with suppliers or third parties comply with all relevant privacy laws.
* Draft, review, and negotiate privacy and data protection language for our client, supplier, and third-party agreements.
* Work collaboratively within the OneTrust system to review initiatives for compliance with privacy laws, conduct privacy impact assessments and develop solutions that address privacy risks.
* Responsible for important data risk assessment, data cross-border transfer (DCBT) compliance, including overseeing the preparation and completion of DCBT self-assessment report, CAC security assessment approval request, conduct annual DCBT self-assessment and bi-yearly resubmission for CAC security assessment approval for DCBT as well as ensuring separate consent and privacy notice mechanisms are in place for DCBT.
* Advise on data privacy incidents; provide legal advice on notification obligations, best practices for communication. Manage regulatory interactions.
* Establish and maintain excellent working relationships with members of the business and work proactively with them to identify, mitigate and address privacy risks.
* Work closely with the relevant stakeholders in assisting business and shared services teams in responding to requests from individuals with common rights under the applicable data protection with respect to their personal information.
* Help support projects designed to maintain awareness throughout the organization of our approach to privacy and commitment to its privacy obligations locally and globally.
* Provide regular privacy training and communications to business and shared services teams.
* Help support projects designed to maintain privacy compliance.
* Keep abreast of regulatory developments. Analyze existing and new legislative and regulatory developments to ensure that we understands and remains compliant with evolving requirements.

Qualifications:
* 3-5 years relevant experience with a focus in privacy and data protection law and regulation, especially the China data protection laws (including but not limited to Data Security Law, Cybersecurity Law, and Personal Information Protection Law and their related subsidiary legislations, regulations, guidelines and measures), EU data protection laws (including the GDPR), China sectorial laws that are applicable to us which impact its data protection and privacy responsibilities, procedures and policies (including Circular of the General Office of the China Banking and Insurance Regulatory Commission on Issuing the Measures for the Supervision and Administration of the Informatization Work of Insurance Intermediaries) and other data protection and privacy guidelines, measures, standards and specifications issued by the China authorities and regulators that apply to our business and operations (including GBT35273/GBT39335/ISO27701).
* CIPP certified, or ability to demonstrate equivalent knowledge
* Experience drafting, reviewing, and negotiating commercial agreements, especially privacy and data protection provisions and addendums
* Experience with interpreting and implementing privacy programs
* Familiar with the new business and application system development process, be able to review and modify the privacy requirements analysis as well as consult with privacy design and privacy acceptance documents at the business and application levels for new system or major system changes. Additionally support for development & continuous privacy analysis for online sales platform
* Have risk assessment capabilities, familiar with privacy impact & data cross-border assessment process, can complete privacy impact assessment (PIA) and cross-border assessment report
* Familiar with the data cross-border assessment process, able to assist the cross-border assessment report for privacy data
* Familiar with the handling procedures and methods of privacy incidents, able to compile emergency plans according to different needs, and complete drills
* Familiar with the internal training and awareness process, able to establish training materials & deliver privacy training to internal staff based on existing and new regulatory requirements
* Familiar with the internal privacy inspection process, assist in the privacy inspection of each department

Agnes Yang's picture
Agnes Yang