Manager Data Privacy

At the Emirates Group, we are committed to treating our customers’ privacy with respect, fairness, transparency and integrity, honouring the trust they place in us. Our Data Privacy Office (DPO) is critical in supporting our organisation’s efforts to support this commitment and complying with privacy laws around the world. The advisory specialists in our DPO are key to advising the organisation on how to manage the millions of personal data records.

The successful candidate will contribute to the enhancement of the privacy program framework and the operationalisation of key privacy program processes; and, provide privacy regulatory advice on projects; privacy strategies, policies, procedures and processes; and privacy incidents, to manage and minimise the privacy risk to the organisation. The role will lead a functional advisory team and strategic privacy projects and support the Data Privacy Officer as part of privacy leadership.

In this role, you will:

• Advise on privacy requirements for business strategic and high-risk projects and programme through identifyingandevaluatingtheorganisation'sdataprocessingactivitiesanddriveprivacybydesignatall levels.Act as a trusted advisor on the creation and maintenance of a personal data inventory and designing with the organisation proper systems of control over personal data and advise on Data Subject Rights Requests (DSRRs), data breach incidents and supporting the organisation in conducting PrivacyImpactAssessments(PIAs)whilstensuringthatanyregulatoryupdatesorindustrytrendsare brought to the table.
• Lead on the Privacy Programme through provide insights and guidance to a network of Business Privacy Leads(BPLs)andactasapointofescalationforrisksandissuesraisedbythemondataprivacy.Develop and implement necessary strategies and projects to minimise data privacy risk and provide advice to the DPOonprivacyprogrammeandDPOstrategies.Ensurethatanywritteninformationontheorganisations obligations relating to data privacy (such as privacy notices and contractual clauses) is available to customers, employees, temporary staff, contractors and third parties. Ensure that such information is modified in line with changes to data privacy laws.In addition, support the organisation in complying with consent requirements such as gathering appropriate consent for marketing, cookie compliance on websites and maintaining an up-to-date privacy policy for customers and staff.
• Ensure the smooth running of the privacy operations through advising and supporting relevant DPO resourcesregarding DSRRs aswellasadvisingonthecreationandmaintenanceof records of processing activities (ROPA).
• Actastheprimarypointofcontactforprivacyincidentsandmaintainalogofanydata privacy incidents and remedial recommendations and actions. Co-ordinate responses to data breaches with relevant DPO resources, especially breaches that require reporting to regulators.
• Provideadvicetoallemployees,temporarystaffandcontractorsrelatedtotheirrolesandresponsibilities with regard to data privacy laws and good practice and be the organisational SME for other employees, temporarystaffandcontractorsbyprovidingexpertadviceondataprivacylawsaswellasanyotherrelated issues.Provide advisory services for strategic business units, projects and programmes and take the lead onthemanagementofcomplexnegotiationswithexternalstakeholders.Whererequiredliaisewithexternal counsel to ensure compliance with privacy laws.
• Monitordatamanagementproceduresandcompliancewithintheorganisationandcapture,highlightand make recommendations to the organisation on how to manage risks and issues affecting data privacy.
• Escalate risks and issues when required and provide advice on conducting PIAs.Lead on the maintenance of the organisation’s policies and procedures in respect of data privacyandreportonnon-compliancetotheorganisation.Managedataprivacyrisksassociatedwiththird parties through the creation of data processing agreement templates, review of contracts in co-ordination with the Data Privacy Contracts Advisor for compliance with data privacy laws and guidance to the procurement department on managing the privacy due diligence of vendors.
• Monitor regulatoryupdatesandindustrytrendsandmaintainanup-to-dateknowledgeofdataprivacy laws, guidance and industry trends as it affects the management of data privacy risk. Understand the impact of these on the organisation and inform the stakeholders where changes are needed.Evaluate necessarypolicyandprocedurechanges,accordingtobusinessneed,legislationorregulatorychanges.
• Develop or advise on the development of new policies and/or best practice to manage risk.
• Support the organisation in maintaining an awareness of its obligations to comply with data privacy laws, withinalldepartmentsareaofresponsibilitiesandidentifytrainingrequirementsonprivacycompliancefor employees.