Synopsis

The Senior Manager Data Privacy & DPO (the “DPO”) shall have primary responsibility for keeping strategic oversight of the Etihad Data Privacy program and for managing it. The incumbent shall act as the key contact for all related matters. The DPO shall display the utmost integrity and shall maintain objectivity and impartiality when performing the functions of this role.

Accountabilities

•    Plan, structure and implement Etihad’s global privacy programme in line with globally accepted standards such as the GDPR. Develop and execute global privacy strategy for Etihad.
•    Direct, manage the Data Privacy Office to ensure that it is has clear objectives and manage the Data Privacy team’s budget, which is part of the Ethics & Compliance budget.
•    Direct and independent escalation to the Board’s Audit, Risk and Compliance Committee with the opportunity to attend committee meetings. 
•    Advise executive management on privacy policy and privacy related matters. 
•    Define and implement privacy policies, procedures and processes to ensure compliance with globally applicable data privacy laws and Etihad’s policies. 
•    Identify and deliver appropriate privacy training and communications and awareness programmes for employees to mitigate risk (and direct the Data Privacy Office to do the same). 
•    Perform or review Privacy Impact Assessments on often complex systems and processes to support the business to meet its objectives and maintain a Record of Processing Activities (and direct the Data Privacy team to do the same).
•    Monitor developments in global and often complex Data Privacy laws and regulations, identify risks and work with business unit leaders to understand Etihad’s complex systems and processes and implement suitable mitigation strategies and effective controls.
•    Report data breaches to the relevant authorities based on business (e.g. IT, commercial and operation departments) input in accordance with the applicable global laws and regulations. Ensure that notifications are submitted within the applicable timelines (e.g. within 72 hours under GDRP). 
•    Act as a contact point for Supervisory Authorities (DPO). 
•    Direct the Data Privacy team to ensure that regulatory requirements for data subjects are met.
 

Education & Experience

•    At least 8 years of experience in a data privacy compliance role. 
•    University degree (degree in law and advantage).
•    Excellent communication skills, business friendly, good attention to details, strong influencing, and implementation skills, self-motivated, and able to manage own workload effectively. 
•    Line management skills and experience.