.-job description*(agnostic* *location* *-* *role* *can* *be* *hired* *in* *the* *location* *where* *talent* *is* *found)*job summary*:data privacy officer (dpos) are responsible for ensuring that hsbc complies with its obligations under data protection and privacy laws within its particular jurisdiction.
they provide expert advice, guidance and direction and support the necessary rules and controls to enable the bank, including its employees and relevant third parties, to manage privacy risks and comply with its obligations under data protection laws in relation to the processing of personal data.to establish a privacy culture within hsbc, the dpo latam will have to work in collaboration with key business stakeholders and will be responsible for keeping executives assessed of privacy risks and issues.the incumbent of the function is the director of operations designated within the jurisdiction responsible for carrying out the following tasks:- inform and advise the business and its employees about their data privacy and protection compliance obligations; - provide expert guidance, oversight, and challenges on all aspects of the data protection strategy and privacy and compliance risk, focusing efforts on areas that pose greater risks to data privacy; - to monitor compliance with the data privacy provisions and hsbc group policies on the protection of personal data, including the allocation of responsibilities, staff education and awareness training, and to ensure that the findings of the related audits are corrected; (a) review and advise ondata protection impact assessments (dpias) and monitor mitigation performance, where necessary; (b) cooperate with the regulatory authority; - advise and support thecompany to ensure that safeguards and controls are in place to ensure compliance with requirements for the international transfer of data by identifying all circumstances in which personal data is transferred outside the relevant jurisdiction; and- provide advice and/or support on incident management, as necessary, and ensure that incidents and data violations are effectively addressed and managed with stakeholders and that relevant authorities are informed within the necessary time frames.
*main responsabilities*:*business impact*- maintain, support and review procedures to enable customers to exercise their individual rights.- under the direction of chief risk officer or regional data privacy lead provide advice to smes related to data privacy and information governance, including issues that are complex or have potential for significant legal, financial and/or reputational impact.- ensure that the company offers daily operations through engagement with the risk manager, such as compliance with dsars and dpias