The Data Protection Officer (DPO) role is to ensure ADGM meet its obligations under the ADGM Data Protection Regulations, primarily focused on accountability regarding personal data processing by ADGM. The DPO will monitor compliance and data practices of ADGM internally to ensure its operations and functions comply with the ADGM DP Regulations and relevant national legislation. The DPO will be responsible for advising on, and where required carrying out, staff training, data protection impact assessments and internal audits. The DPO will also serve as the primary contact for the ADGM Data Protection Commissioner, supervisory authorities and individuals.
- Monitor ADGM’s compliance with:
- the ADGM DP Regulations;
- any other data protection or privacy related laws or regulations to which ADGM is subject; and
- any policies relating to the protection of personal data, including the assignment of responsibilities, raising awareness and training of staff involved in Processing operations, and the related audits.
- Work closely with the key functions to develop and monitor policies and standards applicable to the business and in compliance with the ADGM DP Regulations and relevant national legislation.
- Implement measures and a privacy governance framework to manage data use in compliance with the ADGM DP Regulations and relevant national legislation, including developing templates for data collection and assisting with data mapping.
- Work with key internal stakeholders in the review of projects and related data to ensure compliance with the ADGM DP Regulations.
- Inform and advise ADGM, senior management and employees who carry out Processing of their obligations pursuant to the ADGM DP Regulations and to other data protection provisions, including where ADGM is subject to overseas provisions with extra-territorial effect.
- Manage and conduct ongoing reviews of ADGM’s privacy governance and regular and ad hoc reporting on data privacy compliance within ADGM.
- Oversee data protection impact assessments, including:
- an annual assessment of ADGM’s Processing activities ("the Annual Assessment");
- prepare a report on ADGM’s Processing activities in the Annual Assessment;
- prepare mandatory reports to be submitted to the Commissioner; and
- undertake regular reviews proportionate to the extent and type of ADGM Processing activities to assess compliance with the ADGM DP Regulations and data protection impact assessment(s), including material changes in the risks of Processing operations.
- Provide advice where requested in relation to data protection impact assessments undertaken pursuant to the ADGM DP Regulations.
- Co-operate with both the Commissioner and individual data subjects in accordance with the ADGM DP Regulations.
- Act as the contact point for the Commissioner on issues relating to Processing.
- Ensure filing and fee requirements with the Commissioner are achieved.
- Receive and act upon any relevant findings, recommendations, guidance, directives, resolutions, sanctions, notices or other conclusions issued or made by the Commissioner.
- Respond to and advise on subject access requests (SARs) and other requests from individuals.
- Review contracts for data privacy compliance (including model clauses where cross-border transfers are required) and accountability.
- Develop and deliver privacy training to various business functions and collaborating with the information security function(s) to raise employee awareness of data privacy and security issues, and providing training on the subject matter.
- Coordinate, conduct and monitor data privacy audits.
- Collaborate with the information security function(s) to maintain records of all data assets and exports, and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications.
- Ensure that ADGM’s IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including retention and destruction of data).
- Work with designated lawyers, subject matter experts or champions across ADGM’s offices and, where necessary, outside legal advisers to help advise on local data privacy law issues.
- Law degree or post graduate law qualification required
- Hold at least one professional Data Protection or Privacy qualification or certification
- 10 years plus prior experience within a Legal, Compliance, Audit/Risk or Privacy role
- Substantial experience with EU Data Protection Regulations, namely GDPR