Data Privacy Officer (DPO)

Location : Bacoor

Work set-up : On-site, Morning Shift (Mon-Fri)

The Data Privacy Officer (DPO) will oversee the organizations compliance with data privacy laws and regulations, ensuring the protection of personal data across all company functions. This role serves as the primary point of contact for data privacy matters, ensuring the company adheres to the Data Privacy Act and other relevant regulations, while fostering a culture of privacy awareness throughout the organization.

Key Responsibilities :

• Ensure the organizations full compliance with data protection laws, including the Data Privacy Act and regulations set by the National Privacy Commission (NPC).
• Act as the primary liaison between the company and the NPC, managing communication regarding data privacy matters.
• Develop, maintain, and implement essential privacy documents, including the company's data privacy manual, privacy notices, consent forms, and privacy impact assessments.
• Create and roll out internal privacy policies and guidelines for employees to follow, ensuring clarity and consistency in privacy practices.
• Establish data privacy frameworks for both online (e.g., website, CRM, surveys) and offline (e.g., retail store surveys, manual forms) data collection channels.
• Collaborate with IT, marketing, HR, and operations to ensure data handling processes are in line with privacy regulations and best practices.
• Conduct regular privacy training and awareness programs for employees, store personnel, and other stakeholders.
• Promote a privacy-first culture within the organization by fostering continuous awareness of data protection principles.
• Stay updated with developments in data protection regulations and attend professional development seminars to maintain and enhance expertise.
• Manage privacy risk assessments and monitor the organizations data processing activities to identify areas for improvement or concern.
• Lead the response to data breach incidents, preparing necessary notifications to the NPC and affected individuals, when required.
• Handle data subject requests, including requests for access, correction, and deletion of personal data in compliance with applicable laws.
• Ensure privacy rights are clearly communicated and accessible to customers, addressing their concerns and inquiries about data handling practices.
• Perform other data privacy-related tasks and duties as needed to support the organizations overall privacy compliance.
• Qualifications :
• Bachelors Degree in Law, IT, Business Administration, or a related field (JD or legal background preferred but not required).
• At least 24 years of experience in data privacy, legal compliance, or IT security; preferably with exposure to e-commerce, retail, or FMCG sectors.
• Strong working knowledge of the Data Privacy Act of 2012, NPC Circulars, and global best practices (e.g., GDPR is a plus).
• Demonstrated ability to draft legal or policy documentation (e.g., manuals, notices, data-sharing agreements).
• Strong analytical, communication, and training skills.