Position: Entry level

Job type: Full-time

Loading ...

Job content

CIB PDP 1st LOD SPOC (Corporate & Institutional Banking – Personal Data Protection – 1st Line of Defense – Single Point of Contact)

The CIB PDP setup is focus on non-HR personal data. For HR personal data, a dedicated Governance is in place. The PDP SPOC will redirect requests to HR point of contact accordingly and will collaborate when needed.

The CIB PDP 1st LOD SPOC will contribute to a positive team spirit by:
  • Coordinating with all the areas inside CIB and outside CIB when needed
  • Keeping updated the manager and the DPO with the status of the job
  • Escalating issues when appropriate
  • Performing the required controls
  • Sharing documentation and knowledge
  • Collaborating with other tasks when needed
  • Looking for a high quality service
  • Showing willingness to help
Objectives
  • Help to identify and mitigate the risks to which the organization is exposed in terms of data protection
  • Carry out CIB controls related to data protection and ensure that the corresponding reports are carried out, as well as the pertinent action plans
  • Align the entity’s data protection strategy with the policies of the Group and CIB
  • Contribute to the identification of personal data processing activities
  • Ensure that existing and future projects and activities in the organization are carried out in compliance with data protection requirements
  • Assist the DPO of territory and business in the relationship with the local regulator on data protection
Description

Governance
  • Organization
    • Be Territory 1LOD entry point for CIB Chief Data Officer (CDO)
    • Ensure continuity of role through Knowledge Management & Transfer (ex. through a local repository) in case of any event (ex. turnover)
    • Inform CIB Data Office of any organizational changes / issues within local framework
  • Budget & Reporting
    • Participate in annual budget exercise for PDP Topics and communicate finalized PDP budget to CIB Data Office
    • Report PDP topics in local committees (dedicated to DP or not) with top management and communicate key issues to CIB Data Office
    • D2PC CIB Committee (D2PC – Data Privacy & Protection Committee)
    • Report KPIs to CIB DO as required
    • Performance Management test review
Training & Awareness
  • Ensure all target populations receive advanced trainings within a year of arrival
  • Assist employees at Territory CIB level to answer any PDPrelated questions
ROPA Management
  • Be consulted by Processing owners when filling out the CROPA Questionnaire (CROPA – Cartography & Records of Processing Activities)
  • Review and signoff CIB Territory ROPA every two months as part of the Health Check process
DPIA
  • Ensure all business processes embed DPIA Methodology: PrePIA / PDP-Q, DPIA (DPIA – Data Privacy Impact Assessment)
  • Be consulted by Project managers when filling out the PrePIA (Preliminary PIA) / PDP-Q (Personal Data Protection Questionnaire)
Data Subject Rights Request (DSRR) & Transparency
  • Be consulted by CIB GDPR Desk on client requests related to the Territory
  • Investigate requests on Subject Rights received from DPODESKSPAIN (L)
  • Coordinate with Business managers to ensure the updated & translated version of the Data Protection Notice is in place
  • Coordinate with Business managers to ensure cookies & consent are properly managed across digital platforms at CIB Territory level
Data Breach
  • Coordinate with 2LOD and 1LOD stakeholders to properly manage any CIB Territory Level Personal Data Breach Incident
Third Party Management
  • Coordinate with GSS (Global Sourcing) and other 1LOD stakeholders to properly manage third parties (internal and external)
  • Suppliers contract updates in case of potential Personal Data (including GDPR clauses)
PDP Control Plan
  • Ensure PDP (Personal Data Protection) Control Plan transposition at CIB Territory Level is consistent with Group and Global CIB standards
  • Coordinate with OPC to make sure execution of PDP Control Plan at CIB Territory Level is properly managed
Local DPO Support
  • Attend Monthly Territory Data Protection Committee chaired by the DPO; documents review and actions followup as per assigned in the Territory Data Protection Committee
  • Collaborate as requested in local events or visits (ex. Data Protection Week)
  • Ensure compliancy with the local procedure agreed on Data Breaches (calculate AEPD risk analysis, preparation of forensic, Data Breach Risk Assessment, Data Breach Report, followup the forensic action plan until completion)
  • Provide support to the auditor to perform External Audit & recommendations followup
  • Monthly completion of the DP Hub indicators, coordinate with all areas involved to collect the data (HR, Legal, Procurement, CISO)
  • Followup DPO requests (ex. ROPA information, DPN – Data Protection Notice documents)
Primary Location

ES-MD-Madrid

Job Type

Standard / Permanent

Job

MISCELLANEOUS

Education Level

Bachelor Degree or equivalent (>= 3 years)

Experience Level

At least 3 years

Schedule

Full-time
Loading ...
Loading ...

Deadline: 30-03-2024

Click to apply for free candidate

Apply

Loading ...
Loading ...

SIMILAR JOBS

Loading ...
Loading ...