Data Privacy Officer

• Ensure compliance with applicable data protection regulations, including the GDPR, CCPA, HIPAA, or other relevant privacy laws.
• Advise the organization on the regulatory landscape surrounding data privacy and its implications on business operations.
• Lead and assist in preparing for and responding to privacy-related regulatory inquiries, audits, and assessments.
• Develop, implement, and maintain data privacy policies, procedures, and practices to ensure compliance with relevant laws and regulations.
• Review and update privacy policies and procedures periodically to ensure their alignment with changes in laws and industry best practices.
• Ensure that data retention, handling, and storage practices are in line with organizational policies and regulatory requirements.
• Conduct privacy and data protection training for employees, contractors, and third parties.
• Promote a privacy-conscious culture within the organization and raise awareness about data privacy matters.
• Serve as a point of contact for all employees regarding privacy concerns and questions.
• Oversee the management of data subject rights requests (e.g., access, rectification, erasure, data portability, etc.).
• Ensure that data subjects' rights are respected in a timely manner and in accordance with legal requirements.
• Coordinate responses to data breach notifications and ensure that proper documentation and reporting mechanisms are in place.
• Responsible for Risk Assessment and Data Protection Impact Assessments (DPIAs)
• Conduct regular risk assessments and privacy impact assessments for new projects, processes, or initiatives involving personal data.
• Advise business units on the privacy risks and mitigation strategies associated with new or existing data processing activities.
• Ensure that data protection impact assessments (DPIAs) are conducted where necessary and that mitigation measures are implemented.
• In conjunction with the Director of Information Security, coordinate the response to data privacy incidents, including data breaches, by following an established incident response plan.
• Work with legal, IT, and compliance teams to investigate data breaches and manage notifications to regulators and affected individuals.
• Ensure timely reporting of data breaches to regulatory bodies in accordance with applicable laws.
• Evaluate data protection practices of third-party vendors and service providers through risk assessments and due diligence.
• Ensure that data processing agreements (DPAs) are in place with all third parties and that they meet privacy and security requirements.
• Continuously monitor the organization's data privacy and protection practices to ensure compliance with established policies and legal requirements.
• Report findings of privacy audits and compliance reviews to senior management.
• Work closely with internal Information Security team, legal, compliance officers, and IT personnel to align privacy and security strategies.
• Collaborate with senior management to ensure that privacy risks are effectively managed and addressed.

• Bachelors Degree in Information Security, or a related field is required.
• Proven experience in data privacy, compliance, or information security roles.
• Strong understanding of global privacy regulations, including GDPR, CCPA, and other relevant data protection laws.
• Experience with conducting data privacy risk assessments, audits, and DPIAs.
• In-depth knowledge of data privacy principles and best practices.
• Strong analytical, problem-solving, and decision-making skills.
• Ability to communicate complex privacy issues clearly to stakeholders at all levels of the organization.
• Strong project management skills and ability to handle multiple tasks simultaneously.
• Ability to stand/walk for long periods of time and lift up to 21 - 30 pounds.

Oneida Innovations Group