Manager – Data Privacy
Job Description
Job Purpose As Manager - Data Privacy, you will report directly to the CISO/DPO and be an integral part of the team, driving the data privacy agenda within the broader data transformation initiative at GEMS Group.
In this role, you will play a key part in ensuring the organization’s compliance with privacy regulations (UAE and GDPR), safeguarding personal data, and fostering trust with customers and stakeholders.
You will be responsible for developing and implementing privacy policies, managing privacy risks, and promoting a culture of privacy awareness across the organization. This position will involve close collaboration with cross-functional teams to ensure that privacy practices are seamlessly integrated into business processes, systems, and operations.
Key Accountabilities
Data Privacy Strategy and Planning : Executing practical short, medium, and long-term data privacy strategies that align with GEMS’s objectives.
Privacy Risk Management: + Conducting ongoing risk assessments to evaluate the organization’s exposure to privacy-related risks.
+ Implementing mitigation strategies for identified privacy risks & continuously monitoring for emerging threats.
Policy and Compliance : Designing, implementing and maintaining privacy policies, standards, privacy notices, and procedures to ensure compliance with relevant privacy regulations.
Privacy Impact Assessments : + Performing Data Protection Impact Assessments (DPIAs) to identify privacy risks and recommend appropriate mitigation measures. Ensuring that privacy considerations are integrated into new projects, systems, and processes.
+ Document the ROPAS process, including the identified risks, mitigations, and any measures taken to reduce risk to an acceptable level.
Privacy by Design : Advocating for privacy by design principles across the organization. Collaborating with product development, IT, and other teams to ensure privacy controls are embedded into systems, processes, and projects from the outset.
Data Governance: + Collaborate with various teams (IT, Legal, Risk, Compliance, etc.) to implement data governance practices across the organization.
+ Ensure that data governance frameworks align with industry standards.
Privacy Governance : Integrating privacy governance within the newly established data governance framework and stage-gate delivery processes.
Privacy Audits and Assessments : Conducting privacy audits and assessments to assess compliance with privacy regulations and internal policies. Identifying any gaps or weaknesses and recommending corrective actions to ensure continuous compliance.
Data Subject Rights : + Overseeing processes for handling data subject rights requests, including access, rectification, erasure, restriction of processing, data portability, and objections to processing.
+ Addressing parental concerns related to children's data privacy.
+ Ensuring timely, accurate handling of requests in compliance with privacy regulations.
Regulatory Liaison : Supporting the Data Protection Officer (DPO) on data protection matters within the organization & acting as a point of contact with local regulatory authorities regarding data protection issues.
Privacy Incident / Breach Management : Establishing and managing incident response protocols to handle privacy breaches or incidents in collaboration with Infosec / IT teams.
Data Privacy Training and Awareness: Developing and delivering privacy training programs to educate employees about privacy policies, best practices, and their responsibilities in safeguarding personal information. Promoting privacy awareness throughout the organization, in line with the broader Data Transformation initiative.
Vendor and Third-Party Management : + Evaluating and managing third-party vendors and service providers to ensure they comply with privacy regulations and contractual obligations.
+ Reviewing Data Processing Agreements (DPAs) and ensuring privacy standards are met by external partners.
Privacy Technology Implementation: + Evaluating privacy-related technologies and tools to automate privacy controls, monitoring, and reporting.
+ Working with IT and Infosec teams to ensure technical measures (e.g., encryption, anonymization) are in place to safeguard personal data.
Skills
Expected Qualifications Masters or Bachelor’s Degree from a reputed university in relevant subjects
Expected Experience
Minimum of 8+ years industry experience working in a data/information and privacy environment
Job-Specific Knowledge & Skills
8+ years of experience in data privacy, data governance, or related fields, with at least 2 years in a managerial role. In-depth knowledge of data protection laws and regulations such as UAE PDPL and GDPR with strong understanding of privacy principles and best practices. Relevant certifications (e.g., CIPP/E, CIPM, CIPT or other data privacy certifications) are preferred. Experience in developing & implementing data protection policies, procedures, and strategies within an organization. Experience with data governance and privacy tools, technologies, and software. Ability to work independently, prioritize tasks, and manage multiple projects simultaneously. Be able to confidently liaise with Stakeholders. Excellent organizational, verbal, and written communication skills with proven ability to establish and cultivate relationships with vendors and business SMEs.
Job Location Dubai, UAE Company Industry Education Job Role IT
GEMS Corporate Office
Education Dubai, United Arab Emirates
