Data Protection Officer

Senior Talent Acquisition Specialist | Executive Search | Global Recruiter I. Reporting Line · Reports directly to the Group Head Data Protection Officer and the President/Head of Offline and Online. · Coordinates closely with Legal and Compliance and Risk Management to ensure aligned governance and compliance implementation across all operations. II. Role Purpose The Data Protection Officer (DPO) is responsible for ensuring full organizational compliance with the Data Privacy Act of 2012, its Implementing Rules and Regulations, and all National Privacy Commission (NPC) issuances across multiple offline (physical) and online sites. The role ensures that data protection principles are embedded in business processes, contracts, incident handling, and system implementation while providing leadership in governance, training, and continuous improvement. III. Job Responsibilities Strategic Reporting and CoordinationReport to the Group Head Data Protection Officer and the President/Head of Offline and Online to align privacy programs with organizational strategies and leadership direction.Coordinate with Legal and Compliance and Risk Management to support integrated governance and regulatory compliance. Oversight of Offline and Online SitesOversee data privacy compliance across multiple offline (physical) and online sites.Ensure consistent implementation of privacy policies, documentation, reporting, and regulatory compliance at the site level. Regulatory Compliance and ImplementationEnsure compliance with the Data Privacy Act of 2012, its IRR, and NPC issuances.Embed Privacy by Design and Privacy by Default in organizational processes, contracts, and incident response. Contract Reviews and Data Sharing ControlsLead the privacy review of contracts to ensure lawful basis, limited purpose, proportional data collection, proper retention, breach notification timelines, subcontractor and cross-border controls, and security safeguards.Issue DPO privacy clearance prior to contract execution and ensure alignment with internal governance frameworks. Privacy Impact Assessments (PIAs)Review and approve PIAs for new or modified data processing activities across offline and online operations.Ensure privacy risks are identified, assessed, and treated in line with NPC guidance and company policy. Data Subject Rights (DSR) ManagementOversee the acknowledgment and fulfillment of DSR requests, including access, correction, deletion, restriction of processing, and portability.Ensure records retained for legal purposes are appropriately tagged and managed. Incident Response and InvestigationsLead investigations of privacy incidents, including triage, containment, documentation, and reporting.Prepare legally required notifications to the NPC and affected individuals.Coordinate with Business Continuity and Security teams to maintain privacy safeguards during disruptions. Governance, Training, and AwarenessStrengthen privacy governance across sites through guidance, compliance oversight, and operational control support.Conduct privacy training and awareness activities for site personnel, ensuring proper understanding of privacy obligations and procedures. Monitoring and Continuous ImprovementMonitor compliance and effectiveness of data protection measures.Recommend corrective actions and improvements to sustain compliance across all operations. IV. Job Requirements Educational Background and Certifications Bachelor’s degree in Law, Information Technology, Business Administration, or a related field. Certified Data Protection Officer (DPO) from a National Privacy Commission (NPC)–recognized training provider (mandatory). Additional certifications in Privacy, Compliance, Risk Management, or Information Security (e.g., CIPP, CIPM, GRCP/GRCA, ISO/IEC 27001) are an advantage. Professional Experience Minimum of four (4) years of relevant experience in data privacy, compliance, legal, or risk management functions, preferably within multi-site operations or regulated industries (e.g., gaming, financial services, healthcare, telecommunications). Reviewing and approving PIAs. Managing DSR requests in line with NPC requirements. Conducting contract privacy reviews and issuing DPO clearances. Investigating and reporting personal data breaches. Coordinating with multiple business units and regulators. V. Technical and Regulatory Knowledge Strong knowledge of the Data Privacy Act of 2012, its IRR, and NPC circulars, advisories, and memoranda. Familiarity with Privacy by Design and Privacy by Default, data governance, third-party management, retention and disposal (NPC Circular No. ), and cross-border data transfers. Seniority level Executive Employment type Full-time Job function Legal and Management Location Pasig, National Capital Region, Philippines #J-18808-Ljbffr