Job Summary

The Data Privacy and Protection Officer (DPPO) is responsible for monitoring compliance with the Digital Personal Data Protection (DPDP) Act, 2023, and other applicable data protection laws. The DPPO will serve as the primary point of contact for the Data Protection Board of India (DPBI) and data principals (individuals whose data is being processed) regarding all data privacy matters. This role requires a strategic leader who can implement and oversee an effective data privacy governance framework while balancing compliance with business objectives.  

Key Responsibilities

Strategy
Support Head, CFCR Governance to 
•    Proactively develop regulatory relationships with regulators in Country through a structured engagement programme with consistent adherence to regulatory expectations. 
•    Ensure that Standard Chartered Bank's operations in the country are in line with regulatory expectations and Group requirements. 
•    to set and implement the vision, strategy, direction and leadership, consistent with the vision and strategy for CFCR and in support of the Group's strategic direction and growth aspirations. 
•    Promote the culture and practice of compliance with compliance standards (including conducting business within regulatory requirements, and to high ethical standards) within the Bank and embed a Here for good culture and the Group Code of Conduct. 

Business
•    Support relevant stakeholders to make decisions based on current and possible future policies, practices, and trends. 
•    In conjunction with the relevant stakeholders, analyse the impact of regulatory compliance matters on the bank and its operations. 
•    Use general knowledge of business products undertaken in the jurisdiction to work with business compliance specialists to respond to regulatory questions and keeps the in-Country regulators updated on developments in the Bank. 
 
Processes
Data Principal rights and grievance redressal
•    Handle requests: Act as the nodal officer for addressing grievances and requests from Data Principals.
•    Manage rights: Ensure the organization has procedures in place to honor data principal rights, such as the right to access, correct, and erase personal data.
•    Ensure timely responses: Supervise processes for responding to Data Principal requests within the statutory timelines. 
•    Transparent grievance redressal – Ensure effective and transparent grievance redressal mechanisms are in place and followed.

Data protection impact assessments (DPIA)
•    Oversee DPIAs: Supervise and advise on Data Protection Impact Assessments for any new processing activities that pose a high risk to data principals.
•    Mitigate risk: Advise on appropriate risk mitigation strategies for new and existing projects.
•    Integrate privacy by design: Ensure that data protection principles are integrated into the design and development of new products, systems, and services. 
Regulatory liaison and reporting
•    Interface with the Board: Act as the single point of contact for the Data Protection Board of India.
•    Collaborate with authorities: Collaborate with the Data Protection Board during any audits, investigations, or inquiries.
•    Report data breaches: Oversee the development and implementation of an incident management and breach response protocol. Ensure timely notification of breaches to the Data Protection Board and affected Data Principals. 
•    Data Security: Oversee the investigation and remediation of data security incidents.
Advisory and Training 
•    Educate employees: Inform and advise the organization and its employees on data protection obligations under the DPDP Act.
•    Develop training programs: Create and deliver targeted training and awareness programs to foster a company-wide culture of privacy and data protection. 
•    Privacy by Design: Integrate the principles of “Privacy by Design” into the development of new products, services and systems.
•    Data Advisory: Provide advisory to stakeholders in country and Group on the requirement and the obligations under the DPDP Act.

Policy Development and Management
•    Policies and Procedures: Develop, implement and maintain internal data protection policies, guidelines, and procedures.
•    Third Party Contracts: Ensure all vendor and third-party contracts include appropriate data protection.

Risk Management
Data protection impact assessments (DPIA)
•    Oversee DPIAs: Supervise and advise on Data Protection Impact Assessments for any new processing activities that pose a high risk to data principals.
•    Mitigate risk: Advise on appropriate risk mitigation strategies for new and existing projects.
•    Integrate privacy by design: Ensure that data protection principles are integrated into the design and development of new products, systems, and services. 

Governance 
Compliance oversight and governance
•    Monitor compliance: Regularly monitor and enforce compliance with the DPDP Act and other applicable data protection laws.
•    Establish frameworks: Develop, implement, and maintain a robust data privacy governance framework and internal policies to ensure efficient data utilization.
•    Record processing activities: Maintain a comprehensive and verifiable record of all data processing activities.
•    Audit data practices: Work closely with the Compliance Testing and Internal Audit team for review of data privacy and risk assessments to identify and rectify compliance gaps. 

Regulatory & Business Conduct 
•    Display exemplary conduct and live by the Group’s Values and Code of Conduct. 
•    Take personal responsibility for embedding the highest standards of ethics, including regulatory and business conduct, across Standard Chartered Bank. This includes understanding and ensuring compliance with, in letter and spirit, all applicable laws, regulations, guidelines and the Group Code of Conduct.
•    Effectively and collaboratively identify, escalate, mitigate and resolve risk, conduct and compliance matters.

Key stakeholders
Internal 
•    Region CFCR; Group CFCR; Business; GIA; GBS 

External 
•    RBI; Auditors , Data Protection Board

Skills and Experience

•    Data Protection
•    Compliance
•    Legal
•    Cybersecurity
•    Risk Management

Qualifications

•    Education: A degree in law, cybersecurity, IT or a related field. Professional certifications such as Certified Information Privacy Professional (CIPP/A) or Certified Information Privacy Manager (CIPM) are highly desirable.
•    Experience: Proven experience in a data protection, compliance, legal, cybersecurity, or risk management role with a strong track record of interpreting and implementing data protection laws.
•    Expert knowledge: Deep understanding of India's DPDP Act, GDPR, and other relevant data privacy principles and regulations and the ability to apply DPDP principles to organisational practices.
•    Technical expertise: Familiarity with data security tools and technologies, including encryption, anonymization, and security controls.
•    Communication skills: Excellent written and verbal communication skills to effectively advise management, train staff, and liaise with regulators.
•    Problem-solving: Strong analytical and problem-solving skills to manage complex privacy issues. 
•    Integrity: Must be free from any conflict of interest that would compromise their ability to oversee the organisation’s data protection activities

About Standard Chartered

We're an international bank, nimble enough to act, big enough for impact. For more than 170 years, we've worked to make a positive difference for our clients, communities, and each other. We question the status quo, love a challenge and enjoy finding new opportunities to grow and do better than before. If you're looking for a career with purpose and you want to work for a bank making a difference, we want to hear from you. You can count on us to celebrate your unique talents and we can't wait to see the talents you can bring us.

Our purpose, to drive commerce and prosperity through our unique diversity, together with our brand promise, to be here for good are achieved by how we each live our valued behaviours. When you work with us, you'll see how we value difference and advocate inclusion.

Together we:

• Do the right thing and are assertive, challenge one another, and live with integrity, while putting the client at the heart of what we do
• Never settle, continuously striving to improve and innovate, keeping things simple and learning from doing well, and not so well
• Are better together, we can be ourselves, be inclusive, see more good in others, and work collectively to build for the long term

What we offer

In line with our Fair Pay Charter, we offer a competitive salary and benefits to support your mental, physical, financial and social wellbeing.

• Core bank funding for retirement savings, medical and life insurance, with flexible and voluntary benefits available in some locations.
• Time-off including annual leave, parental/maternity (20 weeks), sabbatical (12 months maximum) and volunteering leave (3 days), along with minimum global standards for annual and public holiday, which is combined to 30 days minimum.
• Flexible working options based around home and office locations, with flexible working patterns.
• Proactive wellbeing support through Unmind, a market-leading digital wellbeing platform, development courses for resilience and other human skills, global Employee Assistance Programme, sick leave, mental health first-aiders and all sorts of self-help toolkits
• A continuous learning culture to support your growth, with opportunities to reskill and upskill and access to physical, virtual and digital learning.
• Being part of an inclusive and values driven organisation, one that embraces and celebrates our unique diversity, across our teams, business functions and geographies - everyone feels respected and can realise their full potential.