Data Protection Correspondent
BNP Paribas
Madrid, Community of Madrid, Spain
hace 3 días

BNP Paribas Group has a presence in 75 countries with more than 185,000 employees, including 145,000 in Europe. It ranks highly in its two core activities : Retail Banking & Services and Corporate & Institutional Banking.

At BNP Paribas Group, we work continuously on behalf of our clients, helping them to realize their projects around the world.

You can be an important part of this, helping us to serve our clients both in mature and emerging markets, providing them with financial solutions across a diverse range of expertise, products and services.

Strong risk management, combined with the stability that comes from being part of one of the largest banking groups in the world, underpin our success.

Joining us, you’ll become an integral part of a dynamic team that spans nationalities, cultures and backgrounds, drawing together people from around the globe and reflecting our commitment to international placements.

DPC positioning

BNPP Group Personal Data Protection framework, defined to respond to the new General Regulation on Data Protection - GDPR coming into effect on 25 May 2018, relies on the accountability of teams within BNPP entities and territories in their processing of Personal Data (customer, employees, UBOs, representatives of corporate, vendors, etc.)

The 1st Line of Defence (Business, IT and CDO) has the responsibility to embed data protection regulations and Group policies and guidelines in the internal organization and processes within its perimeter (e.

g. privacy by design, PIA, security measures, etc.)

DPC is positioned in the 2nd line of Defence (within RISK function), and will be responsible for the scope outlined under his / her responsibility.

He / she will report hierarchically to the CRO of Entity with a functional reporting line to the Territory Data Protection Officer (T-DPO).

The DPC must assist the relevant T-DPO in supervising the compliance with data protection regulations and Group policies and guidelines, ensuring second level controls and giving the necessary guidance to support the 1st Line of Defence.

In order to ensure consistency with the Group's management structure, a DPC is positioned at Entity level.

A DPC will be appointed with the following key direct responsibilities within his / her scope :

  • Policies & Procedures : Verify all key documents and policies meet the required (local / Group) regulatory standards and obligations.
  • Support and advise on implementation of Group policies and guidelines on Personal Data Protection and monitor consistency in their implementation (Consent collection process, cross border transfers, management of retention or personal data obsolescence)

  • Data Subjects Requests (DSR) : Oversee the compliance to the DSR obligations (Take over, verifications, responses to DS, Follow-up ) and monitoring the privacy contact mail for ensuring the adequate response to the customers.
  • Support escalations to the relevant internal authority where required

  • Data Privacy Impact Assessment (DPIA) : Take an active role in the completion of both pre-PIA and DPIA Review and advise on implementation of Privacy by design principles from the design stage and during the life-cycle of all projects, products, services, activities, processes and systems Raise awareness & engagement on DPIA across business line Advise the business stakeholders , and engage with LEGAL and the other departments of the Entity on the completion of DPIAs;
  • Challenge the responses when required to have a clear understanding of how personal data flows in the process; Review and challenge plans on putting in place risk mitigating actions / a transfer agreement where risks are identified.

  • Register of Processing Activities (RoPA) : Support the relevant 1st line and T-DPO to oversee the record of processing activities ( RoPA ) Review and advise on rules regarding record of processing activities ( RoPA ) Verify there is a RoPA in place that accurately covers all the processing activities Advise on the completeness of the RoPA by continuously performing a gap analysis with the business line’s systems and applications
  • Training & Awareness : Conduct regular awareness sessions across the business line to embed the DP principles and requirements across Monitor and advise on the Identification of local training needs.
  • If needed, the creation / delivery of the training content. The training scope will include targeted teams processing high risk data or high volumes of personal data Attend BNP Paribas DP forums, trainings

  • Data Protection Performance Management Review (DP PMR) and / or DP Control Plan : Gather evidences for each point of control.
  • Where an evidence cannot be provided for a control, address the issue with the process owner; Oversee the implementation of remediation actions to tackle gaps and weaknesses identified during the revie Assess effectiveness of the 1st Line of Defence (business and IT) controls on Personal Data Protection based on Generic Control Plans defined by the Group Transparency : Monitor and verify the Cookie policy meets the Data Privacy Notice published Advise and support 1LOD to ensure documentation published across the business line is compliant with the Group ones and the DP regulations.

    Personal Data Breaches (PDB) : Oversee and monitor the local Breach Management procedure in place with roles and responsibilities Review and advise on implementation of Personal Data Security principles and management of personal data breaches.

    Report on all PDB to Territory DPO, using tools and processes in place. Provide T-DPO with a knowledgeable point of view when reporting PDB.

    Advise on control and improvements in processes to reduce re-occurrence Governance : Monitoring of the regulatory landscape on data protection regulations and the relevant communication performed by LEGAL.

    Where needed, seek advice from / cooperate with the Territory Data Protection Officer on DP-related matters Lead the Entity's Data Protection Committee and Support / participate in all other committees on DP matters / Report on the status of the DP activities regularly Coordinate the collections of monthly reporting on DP Indicators Challenge existing ways of working and develop a continuous improvement culture, suggest automation solutions where possible.

    Communication with DP Authority : Support the DPO by preparing the communication with external stakeholders, DP Authority & Data Subjects, Participate in exchanges with the relevant DPA and cooperate with the DPA, based on DPO’s instructions Third Party Management : Monitor the controls in place for ensuring existing and new contracts are compliant to DP regulations in place

    Reportar esta oferta

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    Mi Correo Electrónico
    Al hacer clic en la opción "Continuar", doy mi consentimiento para que neuvoo procese mis datos de conformidad con lo establecido en su Política de privacidad . Puedo darme de baja o retirar mi autorización en cualquier momento.
    Formulario de postulación