Role purpose:
(Note: the role will be part of a team of 5 senior specialist fulfilling one or more of the following on a rotational basis)
To identify, document and assess Vodacom SAs existing processing of personal information activities(and changes in such activities) in order to identify privacy risks and issues and assist business operations to mitigate same and implement appropriate privacy control measures.
To conduct privacy impact assessments (Privacy by Design & Assurance) of new processes, products and systems to be launched by Vodacom SA in order to to identify privacy risks and issues and assist business operations to mitigate same and implement appropriate privacy control measures before launch.
To assist in the development, implementation and rollout of the privacy program elements and controls across Vodacom SA and its subsidaries in order minimize compliance risks and ensuring adherence to Vodacom/Vodafone privacy frameworks, policies, standards and methodologies. Support the Privacy Governance, Risk and Control (GRC) function to execute on their privacy control monitoring, risk management, assurance and reporting activities.
To assist in Vodacom SA privacy counsel and governance activities, which includes setting out data processing agreements; monitoring regulatory/legislative developments; updating company policies, processes and procedures in line with new privacy requirements; supporting data subjects in exercising their privacy rights; and supporting regulatory engagement activities (such as compliance reviews and addressing privacy complaints).
To assist in the development and fulfilment of privacy training and awareness initiatives across the Vodacom SA privacy capabilities.
To support the customisation and adoption of the above for purposes of Vodacom group-wide adoption and application.
Your responsibilities will include:
Personal Data Processing Register(PDPR)
Ensure the PDPR is maintained and up-to-date in line with Vodacom standards and methodologies, including but not limited to the linking of business processes and data flow maps. Moreover, identify and conduct privacy assessments on existing processes, products & assets processing personal information in line with Vodacom SA requirements and quality assurance standards.
Conduct Privacy Impact Assessments (PIAs):
Assess privacy risks for new projects, systems, or processes, and recommend risk mitigation strategies. Collaborate with cross-functional teams to design and integrate privacy considerations into new processing activities. Collaborate with technical teams to implement privacy-by-design principles and perform technical assessments of systems, applications, and infrastructure to ensure compliance with privacy requirements.
Conduct Privacy Training and Awareness:
Deliver privacy training and awareness initiatives, educating employees on policies, regulations, and best practices. Foster a privacy-conscious culture
Compliance, Monitoring, Reporting
Conduct privacy assurance reviews and assessments, including self assessments (evidence based testing) of privacy activities and controls and communicate critical risks and issues to management. Perform oversight of remedial actions to address privacy risks and issues identified. Prepare privacy reports for various stakeholders and committees (including the Vodacom Group Privacy Steering Committee, Privacy KPI quarterly reporting). Monitor the implementation of the privacy program by Vodacom SA subsidiaries.
Privacy compliance/legal advisory and support
Provide privacy compliance/legal advisory and support to Vodacom SAs business operations, which includes adherence to the Protection of Personal Information Act, No 4 of 2013 (POPIA).
Supplier Compliance/Data Processing Agreements (DPA)
Assess suppliers involved in the processing of personal information to ensure that same is compliant and risk rated and supplier inventories are created accordingly. Moreover, ensure an up to date register of all data processing agreements for these suppliers is available and up-to-date.
Engagement with regulators and external parties on privacy matters
Assist in actioning/resolving regulator requests and queries, including the reporting of privacy incidents and responding to privacy complaints raised through the regulator. Moreover, assist in actioning/resolving customer privacy complaints.
The ideal candidate for this role will have:
Must have technical / professional qualifications:
Strong educational background in a relevant field such as Legal/Compliance/Information technology/Engineering/Commercial/Business degree or privacy-related disciplines ( NQF 7 equivalent).
Additional professional relevant certification will be an advantage such as CIPP/E, CIPT, or CIPM from the International Association of Privacy Professionals (IAPP).
A minimum of 5 years relevant experience essential, with exposure to the following:
Legal, Risk and compliance
Business process related work
Ability to build relationships and influence at all levels of an organisation
Exceptional organisational and communication skills
Excellent reporting skills
Experience in conducting privacy impact assessments and fulfiling the role of the Data Privacy/Protection Officer will be advantageous.
Core competencies, knowledge and experience:
Process knowledge, including business analysis and data flow mapping:
Ability to map or willing to learn to map business processes and data flows. Knowledge of telecoms processes and functions will be an advantage.
Ability to understand data flows and business processes and assist in creating visual representations of same processing personal information.
Privacy Impact Assessments:
Experience in conducting privacy impact accessments and/or the implementation of privacy-by-design princples using clearly defined methodologies or tools.
Risk & Compliance:
Ability and knowledge to assess business activities and advise on the processing of personal information in compliance with privacy laws and regulations such as POPIA.
Self-starter:
Ability to work independently with high standard of accountability problem solving ability and owning responsibility around decisions, timelines and quality.
Business Skills & Stakeholder Management:
Excellent stakeholder management skills across all levels of the organisation. Experience within the technology & Telecoms industry & extensive exposure to working in a team environment.
Closing date for Applications: 16 June 2023.
The base location for this role is, Midrand, Vodacom Campus.
The Companys approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.
Vodacom is committed to an organisational culture that recognises, appreciates and values diversity & inclusion.