Job Description
Job Overview
This role is responsible for leading and managing data privacy and compliance programs in accordance with the Philippine Data Privacy Act of 2012 (RA 10173), National Privacy Commission (NPC) regulations, and relevant international standards such as GDPR and CCPA.
The Data Privacy Officer will ensure that sensitive personal and business data is properly protected across all operations, particularly in regulated environments such as Banking, FinTech, and BPO/IT-BPM.
Key Responsibilities
Privacy Compliance & Governance
Ensure compliance with the Data Privacy Act of 2012 (RA 10173), its Implementing Rules and Regulations (IRR), and NPC issuances.
Monitor organization-wide privacy compliance and recommend corrective actions when needed.
Develop, maintain, and update privacy policies, manuals, consent forms, and data-sharing agreements.
Privacy Risk Management
Conduct Privacy Impact Assessments (PIAs) for new products, systems, workflows, and third-party vendors.
Identify privacy risks and implement mitigation strategies aligned with data protection standards.
Support privacy-by-design principles and data lifecycle governance.
Incident & Breach Management
Lead data breach response activities and investigations.
Ensure timely reporting and notification to relevant authorities and affected data subjects.
Coordinate with internal teams during security and privacy incidents.
Training & Awareness
Conduct privacy and compliance training programs for employees.
Promote awareness of data protection principles and responsible data handling practices.
Regulatory & Stakeholder Management
Serve as primary liaison with the National Privacy Commission (NPC).
Manage Data Subject Requests (DSRs) in accordance with regulatory requirements.
Provide guidance to internal teams on privacy and compliance matters.
Qualifications
Required
Bachelor's degree in Law, Information Technology, Business Administration, or related field.
3–5 years of experience in Data Privacy, Compliance, Risk Management, or Information Security.
Experience in Banking, Financial Services, FinTech, BPO, or IT-BPM industries.
Strong understanding of the Philippine Data Privacy Act (RA 10173) and related regulations.
Knowledge of data governance, privacy frameworks, and information security principles.
Strong analytical, communication, and documentation skills.
Preferred
NPC DPO ACE Level 1 or Level 2 certification.
IAPP certifications (CIPP, CIPM, CIPT).
Familiarity with GDPR, CCPA, and other international privacy frameworks.
Experience with BSP regulations on data governance and consumer protection.
Exposure to cross-border data processing and client data-sharing agreements.
