We are looking for a strong candidate to implement our privacy programme meeting both the local legal requirements and our global group policy. In this role, you will report to the General Counsel in Japan and work in close cooperation with the Global Head of Privacy and Data Privacy team that oversee data privacy matters globally. Your role will require you to work closely with your counterparts in all regions, as well as our IT, Information Security, HR and Operational teams.
Taking into account the nature, scope, context and purpose of the range of processing operations, you will identify the obligations relating to personal data and its protection, raise awareness and design and implement training in regards to data privacy issues, advise the various teams in terms of impact assessment, cooperate with the supervisory authorities as necessary and continue to drive our data privacy programme.
About the Job
Your role consists of 3 main deliverables:
• Data privacy compliance: deployment of data privacy compliance, thorough analysis, processes definition and implementation, drafting and updating of privacy notices (customers and employees), tools, training and monitoring to demonstrate compliance with local regulation as well as obligation under group’s data privacy governance.
• Deployment: you will be in charge of deploying the global privacy programme locally in cooperation with the global Head of Privacy as well as IT, legal and operational teams in the Businesses.
• Regulatory & internal privacy contact: you will be the preferred contact person for interaction with competent data protection authorities and the in-house contact responsible for responding to matters related to data privacy.
Detailed tasks include the following:
・Work as the primary contact point and an extended arm of the global Data Privacy Office team to deploy and implement global privacy initiatives.
・Identify the obligations relating to collection and management of personal data and deploy a compliance programme that satisfy local legal obligations as well as obligation under the group’s data privacy governance
・Support the business in maintaining a personal data processing register in order to have a clear view of all the processing of personal data happening in the business and ensuring all processing is fully compliant
・Lead local Data Privacy Committee comprising IT, legal and operational teams to help establish data governance rules and security measures
・Ensure every and any new personal data management system and project managing personal data are integrated to this process
・Advise business units and corporate functions on various initiatives from a privacy point of view
・Work with IT/security/data owner on the implementation of data security systems and systems to manage risks, notifications and claims of system breaches as well as coordinating the data breach response teams (Data Breach Management)
・Coordinate the responses to data privacy requests or complaints from employees, customers or third parties
・Advise the company as to the necessary data privacy impact assessment, if necessary, and help conduct and document these
・Cooperate with the competent authorities on all data privacy matters and be their point of contact for any and all questions
・Coordinate audits with the IT and Internal Audit and ensure regular tests are performed with a view to continuous improvement of the Data Privacy programme
・Ensure that the employees and partners are aware and trained on the obligations under the privacy programme and local data privacy regulations
・Alert and advise on any legislation change and be the guarantor of the applicable practises and standards
・Have a law degree and sound expertise (at least 5 years) with laws, regulations and standards relating to data protection
・Have sound understanding of requirements and experience of implementing data privacy requirements under Japanese regulations. Preferably have a recognised data protection certification.
・Preferably have sound understanding and experience of implementing EU privacy regulation (GDPR) in a Japanese company.
・Fluency in Japanese and English (verbal and written) to conduct business.
・Have a significant experience in project management, process implementation and global team interactions
・Have preferably already implemented or participated in the implementation of a complete compliance programme in the field of data protection within an international organisation
・Have experience in regulatory affairs, engaging and responding with regulators and Data Protection authorities
・Be ready to deal with unknown (possibly new rules/regulations) but also stay calm under pressure (e.g. data breach)
・Have a marked ability to establish and maintain trust-based relationships with a variety of stakeholders, influence and energise a group of diverse functions around the topic of data privacy
・Have a sound experience in managing an activity and change management in a complex, matrix and international environment that will allow you to optimally meet the business challenges in this assignment
・Be curious about new technology and data in general to create a link between new projects/tools and the protection of personal data