- To identify all processes, products, assets and third parties within a business area (global records or local records) where there is processing of personal information so that risk assessments can be performed and appropriate control measures implemented so that the organization can become compliant to applicable privacy legislations.
- To document processing activities according to their process/product hierarchies (process or product catalogues) in oder to ensure that the correct data flow maps/diagrams can be created and kept up to date within the Record of Processing Activities (RoPA).
- To conduct assessments of existing organisational processes, products, services, Apps and sytems.
- To conduct re-assessments of high and medium risk assessments of processing activities in order to re-evaluate the risk levels and adequacy /effectiveness of controls.
- To conduct privacy impact assessments (Privacy by Design & Assurance) of new processes, products and systems to be launched by the client or changes to existing processes, products or assets to ensure that all critical and high new business risks have been identified and mitigated before any product, service, promotion or campaign is launched with the client
Key accountabilities and decision ownership:
- Process Mapping
Identify primary record according to PRM reference model and then link
process or sub-process to primary record accordingly.
Product catalogue – ensure that there is an appropriate product catalogue with standard references and ensure that it is kept up to date per each business area.
- High & Medium Risk Processing Activities Re-assessments
Identify and conduct re-assessments of processes, products & assets every three years or when something significant changes. Up-to-date processing activity records information is maintained in the Personal Data Processing Register (PDPR).
- Assessment Quality Assurance
Ensure that all Organisational Privacy Impact Assessments (OPIA) and Privacy by Design (PDA) assessments performed meets the quality criteria in their respective areas.
- Data Flow Map
Ensure that every business area where there is personal information processing keeps up to date data flow diagrams/maps that shows standard reference numbers (PRM reference mode ) for personal information flowing from or to other business areas.
- Assets Risk Assessments
Ensure that all assets associated with a processing activity have been assessed and risk rated accordingly
Must have technical / professional qualifications:
- Engineering/Science/IT/Commercial/Business degree or NQF 7 equivalent
- Additional professional relevant certification will be an advantage.
- A minimum of 5 years relevant experience essential, with exposure to the following:
- Risk and compliance
- Business process related work
Desired Skills:
- Data Processing
- Risk and compliance
- Process Mapping
- Process Management
- Data Analysis
- Process modelling
- Quality Assurance
Desired Work Experience:
- 5 to 10 years
Desired Qualification Level:
- Degree