Job Description

Job Title: Personal Data Protection Analyst

Location: Dubai

Job Summary:

• The Personal Data Protection Analyst (Technology Controls implementation) plays a critical role in ensuring the effective implementation of data privacy measures and controls within an organization.
• The PDPA is responsible for translating data privacy policies and regulations into practical actions, working closely with various teams to implement and monitor compliance with these measures.

Key Responsibilities & Accountabilities:

• Implement data privacy controls and measures: The PDPA is responsible for translating data privacy policies, regulations, and best practices into practical controls and measures. They work closely with relevant teams to implement technical, administrative, and physical safeguards to protect personal data and ensure compliance with data protection regulations.
• Collaborate with IT teams: The PDPA works closely with IT teams to integrate privacy controls and requirements into technology systems, applications, and infrastructure. They provide guidance on data classification, data encryption, access controls, and data retention policies to ensure the secure handling of personal data.
• Conduct privacy impact assessments (PIAs): The PDPA conducts privacy impact assessments for new projects, systems, or processes to identify privacy risks and recommend appropriate measures for risk mitigation. They work with project teams to integrate privacy-by-design principles and ensure that privacy considerations are addressed from the early stages of development.
• Develop and deliver privacy training programs: The PDPA develops and delivers privacy training programs to raise awareness and educate employees on data privacy requirements and best practices. They collaborate with HR or training departments to ensure that privacy training is provided to new hires and periodically refreshed for existing staff.
• Monitor compliance: The PDPA monitors compliance with data privacy policies and regulations by conducting regular assessments. They assess the effectiveness of privacy controls, identify gaps or deficiencies, and recommend corrective actions to ensure ongoing compliance.
• Incident response and breach management: In the event of a data breach or privacy incident, the PDPA plays a key role in coordinating the response efforts. They work with IT, legal, and communication teams to investigate incidents, assess the impact, and ensure compliance with breach notification requirements. They also contribute to the development of incident response plans and protocols.
• Vendor and third-party management: The PDPA collaborate with procurement and legal teams to evaluate the privacy practices of vendors and third-party service providers. They review contracts and agreements to ensure that appropriate data protection measures are in place and periodically assess the privacy posture of external partners.
• Maintain documentation and records: The PDPA maintains documentation related to data privacy controls, assessments, and incidents. They ensure that records of data processing activities, data protection impact assessments, and data subject rights requests are properly documented and updated as required.

Education & experience:

• A bachelor's/master’s degree in a relevant field such as information security, computer science, & certification in data protection or privacy (e.g., CIPP/E, CIPM) is a plus.
• Strong knowledge of data protection regulations, such as UAE Protection of Personal Data Protection (PDPL), GDPR, and other relevant privacy frameworks.
• 3 to 5 years of experience in implementing personal data protection controls
• Specialized and working experience in the Personal Data Protection – Technology controls implementation on the various digital channels and applications.
• Strong communication and collaboration skills with various business stakeholders
• Strong knowledge of the UAE Personal data protection law and GDPR
• Familiarity with technology systems, infrastructure, and data management practices.
• Experience in implementing data privacy controls and measures within an organization.
• Knowledge of privacy-by-design principles and experience conducting privacy impact assessments.
• Familiarity with IT security practices, including data encryption, access controls, and incident response.
• Excellent communication and collaboration skills to work effectively with cross-functional teams.
• Analytical mindset and attention to detail for assessing and mitigating privacy risks.
• Ability to stay updated with emerging privacy trends, regulations, and best practices.
• Strong documentation and record-keeping skills.