BNP Paribas Group has a presence in 75 countries with more than 185,000 employees, including 145,000 in Europe. It ranks highly in its two core activities : Retail Banking & Services and Corporate & Institutional Banking.
At BNP Paribas Group, we work continuously on behalf of our clients, helping them to realize their projects around the world.
You can be an important part of this, helping us to serve our clients both in mature and emerging markets, providing them with financial solutions across a diverse range of expertise, products and services.
Strong risk management, combined with the stability that comes from being part of one of the largest banking groups in the world, underpin our success.
Joining us, you’ll become an integral part of a dynamic team that spans nationalities, cultures and backgrounds, drawing together people from around the globe and reflecting our commitment to international placements.
BNPP Group Personal Data Protection framework, defined to respond to the new General Regulation on Data Protection - GDPR coming into effect on 25 May 2018, relies on the accountability of teams within BNPP entities and territories in their processing of Personal Data (customer, employees, UBOs, representatives of corporate, vendors, etc.)
The 1st Line of Defence (Business, IT and CDO) has the responsibility to embed data protection regulations and Group policies and guidelines in the internal organization and processes within its perimeter (e.
g. privacy by design, PIA, security measures, etc.)
DPC is positioned in the 2nd line of Defence (within RISK function), and will be responsible for the scope outlined under his / her responsibility.
He / she will report hierarchically to the CRO of Entity with a functional reporting line to the Territory Data Protection Officer (T-DPO).
The DPC must assist the relevant T-DPO in supervising the compliance with data protection regulations and Group policies and guidelines, ensuring second level controls and giving the necessary guidance to support the 1st Line of Defence.
In order to ensure consistency with the Group's management structure, a DPC is positioned at Entity level.
A DPC will be appointed with the following key direct responsibilities within his / her scope :
Support and advise on implementation of Group policies and guidelines on Personal Data Protection and monitor consistency in their implementation (Consent collection process, cross border transfers, management of retention or personal data obsolescence)
Support escalations to the relevant internal authority where required
Challenge the responses when required to have a clear understanding of how personal data flows in the process; Review and challenge plans on putting in place risk mitigating actions / a transfer agreement where risks are identified.
If needed, the creation / delivery of the training content. The training scope will include targeted teams processing high risk data or high volumes of personal data Attend BNP Paribas DP forums, trainings
Personal Data Breaches (PDB) : Oversee and monitor the local Breach Management procedure in place with roles and responsibilities Review and advise on implementation of Personal Data Security principles and management of personal data breaches.
Report on all PDB to Territory DPO, using tools and processes in place. Provide T-DPO with a knowledgeable point of view when reporting PDB.
Advise on control and improvements in processes to reduce re-occurrence Governance : Monitoring of the regulatory landscape on data protection regulations and the relevant communication performed by LEGAL.
Where needed, seek advice from / cooperate with the Territory Data Protection Officer on DP-related matters Lead the Entity's Data Protection Committee and Support / participate in all other committees on DP matters / Report on the status of the DP activities regularly Coordinate the collections of monthly reporting on DP Indicators Challenge existing ways of working and develop a continuous improvement culture, suggest automation solutions where possible.
Communication with DP Authority : Support the DPO by preparing the communication with external stakeholders, DP Authority & Data Subjects, Participate in exchanges with the relevant DPA and cooperate with the DPA, based on DPO’s instructions Third Party Management : Monitor the controls in place for ensuring existing and new contracts are compliant to DP regulations in place