Data Privacy

Roles and Responsibilities

1.  Ensure Compliance & Policy Implementation – Ensure compliance with DPDP Act, ISO 27701, ISO 27001,   and   HMG Global Privacy Regulations by developing and implementing data privacy policies, procedures, and guidelines for KIA India.

2.  Regulatory Coordination & Risk Assessment – Work closely with Legal, IT Security, and HR to ensure  privacy-related regulatory compliance, conduct privacy impact assessments (PIA) and data protection risk  assessments (DPIA), and define data retention, deletion, and access control policies.

3.  Internal Audits & Risk Mitigation – Conduct regular internal audits to ensure compliance with privacy regulations, identify privacy risks, gaps, and vulnerabilities, and implement corrective measures to mitigate potential threats.

4.  Technical Privacy Controls & Vendor Risk Assessment – Work with IT security teams to evaluate and  enhance technical privacy          controls (including encryption, access management, and anonymization) and conduct third-party privacy risk assessments for vendors handling KIA India’s data.

5.  Training & Awareness Programs – Conduct regular training and awareness sessions for data handlers, employees, and stakeholders to strengthen data privacy understanding and promote a privacy-first culture within the organization.

6.   Data Processing & Agreements Management – Monitor and evaluate data processing activities to ensure compliance with privacy laws, assist in drafting and reviewing data processing agreements (DPA) and privacy  notices, and ensure proper governance of data-sharing practices.

7.  Documentation & Compliance Reporting – Maintain comprehensive privacy documentation, including data mapping, processing activities, and risk registers, and generate periodic compliance reports for senior management and regulatory bodies.

8.  Regulatory Updates & Policy Enhancements – Stay updated with emerging privacy regulations and industry best practices, ensuring timely updates to policies and procedures to maintain compliance with evolving data privacy requirements.

Key Skills & Certification

§Strong understanding of the Digital Personal Data Protection (DPDP) Act §Expertise in ISO 27001 (Information Security Management System) and ISO 27701 (Privacy Information Management System) §Experience in privacy impact assessments (PIA) and data subject rights §Strong understanding of data security controls, encryption, anonymization, and risk assessment §Experience in conducting internal audits on data privacy compliance §ISO 27001/27701 , CIPP/E , CIPM , CIPT  

---