About the Role
- The Privacy Officer ensures the protection of personal data and compliance with privacy regulations. This role is crucial for harmonizing data processing activities (as defined in Art. 4 of the GDPR) and sensitive data within the company's core business and information governance, integrating technological, organizational, and legal skills. The Privacy Officer supports business processes with a cross-functional approach, observing, evaluating, and organizing data processing management to ensure legal compliance
Responsibilities
-
Maintain and document a comprehensive and compliant Data Privacy Model, periodically revise, coordinating with the Risk & Compliance Manager, the internal procedures and responsibilities to address changes in laws, regulations and company policies Supervise the updating of the Records of Processing Activities (RoPA) to ensure all processing and/or databases, tolls, data processors and other information are recorded, monitoring and assisting the business owners in the updating of the RoPA Analyze the role of third parties in personal data processing activities, draft and update data protection clauses in contracts with third parties to ensure all privacy concerns, requirements and responsibilities are addressed Work with the business teams to ensure the company has and maintains appropriate privacy consents, authorizations, forms, Privacy Policy and Privacy Notices Conduct, together with the Data Protection Team proper evaluation in case of data breaches Coordinate with business teams to ensure existing and new services comply with privacy and data security obligations Assist and support the business teams to actually put in place the “Privacy by Design” and “Privacy By Default” approach in developing project either ICT or business oriented Assist and support business teams in conducting impact assessments (DPIAs) and oversee risk analysis and mitigation activities Ensure that access procedures meet security requirements, including two-factor authentication, and that the Principle of Least Privilege (PoLP) is applied Support the different Departments in the evaluation of software and/or applications and assessment of data processors to ensure compliance with the privacy and data security policies and legal requirements Maintain an active communication channel with the DPO, ensuring that any recommendations are implemented Verify proper classification of data and manage destruction and storage procedures according to company policies Oversee and ensure delivery of privacy training and orientation to all internal staff and their updating on the latest privacy regulations, privacy policies and any Data Privacy Model updates Regularly monitor the communication channels defined and communicated by the company for the exercise of the data subject’s rights to ensure proactive response and compliance with the deadlines provided by GDPR On-going monitoring and updating on the regulatory framework with reference to any legislation that may impact and/or have intersections with privacy and the processing of personal data
Qualifications
- Master’s Degree in Law (as privileged title) or Management Engineering with in-depth knowledge and proven experience in data management and privacy compliance or Master's degree in Computer Science, Computer Engineering or related technical disciplines Data Privacy related.
Technical
Skills - In-depth knowledge of GDPR and applicable local and international data protection laws, as well as guidelines and/or orders issued by the Data Protection Authority and the European Data Protection Board and general knowledge of all those regulations that may have any interactions with privacy and personal data (e.g. Whistleblowing, Cybersecurity, Online Payments, E-Privacy, AI Act, Data Act, etc..) Practical skills in conducting Data Protection Impact Assessment (DPIA) to assess and manage privacy risks in high-risk processing Familiarity with Identity and Access Management (IAM) systems and technical measures for data protection Familiarity with Data Privacy management tools Certification in privacy management or compliance, such as CIPP or CIPM, is
preferred Working knowledge of computer security, including encryption, pseudonymization and MultiFactor Authentication (MFA) techniques
Soft Skills- Details oriented attitude Professional ethics approach Risk management ability and strategic vision Ability to explain complex privacy and data protection concepts in a clear and understandable way to different audiences, from technicians to management
All qualified candidates will be considered for employment without regard to race, color, religion, gender, sexual orientation, gender identity, national origin, disability, or any other characteristic. Ready to drive change and innovation? Apply now and join Juventus! We will be in contact with candidates whose qualifications closely align with our requirements.