Deputy Data Protection Officer

We seek a Deputy Data Protection Officer (DPO) to join our team and support our efforts in ensuring awareness and compliance with personal data privacy and protection local regulations and Servier Group policies. This role will also involve overseeing data processing and governance practices to ensure the integrity, security, and lawful processing of data and personal data in particular.Main missionTo protect personal data and uphold the privacy rights of all data subjects, the mission as a Deputy Data Protection Officer (DPO) is to assist the DPO in promoting a culture of data protection, ensuring data governance, control, and streamlining our personal data processing activities, while assessing and mitigating risks. Our commitment is to continuously engage our organization and manage personal data responsibly, promoting trust and compliance in an ever-changing regulatory landscape.Main Responsibilities1. COMPLIANCE MANAGEMENT:• Monitor and ensure compliance with Vietnamese laws and Servier Group policies or guidelines regarding personal data privacy and protection.• Keep abreast of regulatory updates and changes and implement necessary adjustments to organizational policies and procedures.• Assist in the development and implementation of processes to address compliance gaps and mitigate risks.2. DATA GOVERNANCE:• Control, manage, rationalize, and optimize our data processing activities within the organization.• Establish and maintain data governance frameworks to ensure the lawful and ethical handling of personal data.• Collaborate with relevant stakeholders to implement data governance models and standards.3. SPRITE, DPIA AND CTIA MANAGEMENT:• Maintain and update the Data Protection Impact Assessments (DPIA) and Cross-border Transfer Impact Assessments (CTIA) in accordance with regulatory requirements.• Conduct assessments to identify and mitigate risks associated with the processing of personal data, particularly in cross-border transfers.• Lead the conduct of the SPRITE (Security PRIvacy regulaTory Evaluation) Servier process for all our existing projects.4. STAFF AWARENESS AND ENGAGEMENT:• Engage staff across all levels to promote understanding and adherence to data protection principles and regulations.• Provide guidance and training to employees on data protection best practices, including data handling procedures and security measures.• Foster a culture of data privacy awareness and accountability throughout the organization.5. INTERNAL CONSULTANCY:• Provide internal consultancy to the internal project leader and purchasing department, to evaluate our external partners' alignment with data protection regulations and Servier commitments to mitigate business risks.• Provide contractual terms and procedures clarifying the responsibilities of Data Controller and Data Processor roles, the data processing purpose, and the data collected, to mitigate compliance risks and ensure accountability.• When necessary, work with our lawyers for legal advice and compliance with local laws and practices.6. CONSENT AND POLICY MANAGEMENT:• Maintain the consent, processing purpose, and internal policies to ensure consistency with the personal data processing and data governance practices.• Implement mechanisms to track and manage consent obtained from data subjects, ensuring transparency and accountability in data processing activities.