CÔNG TY CỔ PHẦN PAYTECH

We seek a Deputy Data Protection Officer (DPO) to join our team and support our efforts in ensuring awareness and compliance with personal data privacy and protection local regulations and Servier Group policies. This role will also involve overseeing data processing and governance practices to ensure the integrity, security, and lawful processing of data and personal data in particular.
Main mission
To protect personal data and uphold the privacy rights of all data subjects, the mission as a Deputy Data Protection Officer (DPO) is to assist the DPO in promoting a culture of data protection, ensuring data governance, control, and streamlining our personal data processing activities, while assessing and mitigating risks. Our commitment is to continuously engage our organization and manage personal data responsibly, promoting trust and compliance in an ever-changing regulatory landscape.
Main Responsibilities
1. COMPLIANCE MANAGEMENT:
• Monitor and ensure compliance with Vietnamese laws and Servier Group policies or guidelines regarding personal data privacy and protection.
• Keep abreast of regulatory updates and changes and implement necessary adjustments to organizational policies and procedures.
• Assist in the development and implementation of processes to address compliance gaps and mitigate risks.
2. DATA GOVERNANCE:
• Control, manage, rationalize, and optimize our data processing activities within the organization.
• Establish and maintain data governance frameworks to ensure the lawful and ethical handling of personal data.
• Collaborate with relevant stakeholders to implement data governance models and standards.
3. SPRITE, DPIA AND CTIA MANAGEMENT:
• Maintain and update the Data Protection Impact Assessments (DPIA) and Cross-border Transfer Impact Assessments (CTIA) in accordance with regulatory requirements.
• Conduct assessments to identify and mitigate risks associated with the processing of personal data, particularly in cross-border transfers.
• Lead the conduct of the SPRITE (Security PRIvacy regulaTory Evaluation) Servier process for all our existing projects.
4. STAFF AWARENESS AND ENGAGEMENT:
• Engage staff across all levels to promote understanding and adherence to data protection principles and regulations.
• Provide guidance and training to employees on data protection best practices, including data handling procedures and security measures.
• Foster a culture of data privacy awareness and accountability throughout the organization.
5. INTERNAL CONSULTANCY:
• Provide internal consultancy to the internal project leader and purchasing department, to evaluate our external partners' alignment with data protection regulations and Servier commitments to mitigate business risks.
• Provide contractual terms and procedures clarifying the responsibilities of Data Controller and Data Processor roles, the data processing purpose, and the data collected, to mitigate compliance risks and ensure accountability.
• When necessary, work with our lawyers for legal advice and compliance with local laws and practices.
6. CONSENT AND POLICY MANAGEMENT:
• Maintain the consent, processing purpose, and internal policies to ensure consistency with the personal data processing and data governance practices.
• Implement mechanisms to track and manage consent obtained from data subjects, ensuring transparency and accountability in data processing activities.

Required qualifications & skills
• Natural affinity and strong interest in data protection management and governance areas.
• Proven experience in data protection, privacy compliance, and data governance.
• In-depth knowledge of the Vietnamese Decree 13, GDPR, and other relevant data privacy regulations.
• Experience in reviewing privacy law possess valuable expertise in drafting and reviewing privacy policies, contracts, and agreements, as well as providing legal guidance on compliance matters.
• Critical thinker with strong analytical and process logic, with the ability to assess risks and impacts, and to propose effective mitigation options to DPO.
• Strong ability to communicate effectively, present, persuade, and engage people on the importance of personal data protection, and obligations.
• Demonstrate a combination of legal expertise, and an understanding of the technical aspects of data protection, including encryption, access controls, and vulnerability assessments.
• Proficiency in using Microsoft O365, including MS Office, Teams, Forms, Planner, Power-BI.
• Experience in the pharmaceutical or healthcare sector is a plus.
• Bachelor's degree in Law, Information Technology, or related field.
• Minimum 3 years of experience in a similar position or having acquired proven hard and soft skills to develop yourself in this career path.
• Vietnamese candidate with a very good level of oral and written English.
Hierarchy and functional report
• Working in the DDIS (Digital, Data and IS) department with stakeholders of all departments (Sales, Marketing, HR, Finance, Medical, ....) or 3rd party.
• Direct report to DPO & IS Business Manager (in English).
Apply through our email or jobs.servier.com/ with you CV !

Thưởng
Mức lương hấp dẫn
Chăm sóc sức khoẻ
Chế độ Bảo hiểm và ngày nghỉ theo quy định hiện hành của Luật Lao động.
Hoạt động nhóm
Môi trường làm việc chuyên nghiệp, thân thiện