Data Privacy Specialist: Responder at NTT Ltd.

Your day at NTT DATA

• The Data Privacy Specialist reporting into the NTT DATA, Inc. Group Global Data Privacy Center of Excellence, will be responsible for supporting the effective operation of NTT DATA Inc. Group’s global Data Privacy program by managing personal data breach response activities, data subject requests and central data privacy enquiries. The role is responsible for ensuring timely, accurate, and regulator defensible handling of privacy matters, working closely with Legal, Office of Information Security (OIS), IT, People and Culture (P&C), Data Protection Officers (DPO) and business stakeholders to ensure compliance with applicable data protection laws and internal standards.

Key Roles and Responsibilities
Personal Data Breach & Incident Response Management

• Coordinate the global intake, triage, and coordinated management of actual or suspected Data Privacy Incidents, including Personal Data Breaches, unauthorized processing, and other privacy non‑compliance.
• Perform an initial assessment and classification of incidents (Minor, Major, Critical) by collecting, validating, and documenting incident information provided by Incident Management Teams and business stakeholders.
• Perform and document Minor risk assessments, including assessment of potential harm to Data Subjects and identification of applicable notification obligations under relevant Data Protection Legislation and support Major and Critical ones with the Incident Management Teams.
• Coordinate with Legal, DPOs, Incident Management Teams, and business stakeholders to support the preparation, review, execution, and evidence retention of required notifications to Clients, Data Subjects, Data Protection Authorities, and other stakeholders, where required.
• Maintain comprehensive breach registers, investigation records, and decision rationales on OneTrust to support audit, regulatory review, and accountability obligations.
• Contribute to the ongoing improvement of Incident Management Process, including development of templates, and standard operating procedures.
• Support the preparation of Incident metrics, trend analysis, and reporting to demonstrate compliance and inform continuous improvement.

Data Subject Requests (DSR) Management

• Manage and coordinate the end‑to‑end intake, triage, investigation, and response to Data Subject Requests (DSRs), including access, correction, deletion, restriction, objection, portability, and consent withdrawal requests in line with applicable data protection laws and internal policies and procedures
• Work closely with IT, Legal, P&C, Marketing, OIS, DPO’s and business stakeholders to identify relevant systems, data sources, and records required to fulfil DSRs accurately and within statutory timelines.
• Assess the validity, scope, and complexity of requests, applying exemptions and limitations where appropriate, escalating complex or high‑risk matters to DPO’s or legal stakeholders and ensuring requests are handled in a fair, lawful, transparent, and secure manner.
• Ensure that all DSR activities, decisions, consultations, and outcomes are documented, logged, and retained in accordance with record keeping and confidentiality requirements.
• Contribute to the ongoing improvement of DSR, including development of playbooks, templates, and standard operating procedures.
• Support the preparation of DSR metrics, trend analysis, and reporting to demonstrate compliance and inform continuous improvement.

Global Data Privacy Inbox Management

• Monitor and manage the central Global Data Privacy group inbox, acting as a first point of contact DSR and Incidents requests and assign the other privacy requests to the other privacy areas.
• Ensure timely, consistent, and well documented responses, aligned to global Data Privacy policies, standards, and approved guidance.
• Identify recurring themes, pain points, and knowledge gaps in queries to inform updates to guidance materials, training, and process enhancements.

Knowledge, Skills and Attributes

• Demonstrates a high level of accuracy, thoroughness, and attention to detail, particularly when handling sensitive personal data and regulatory‑driven activities
• Strong analytical and critical thinking skills, with the ability to assess privacy risk, impact to individuals, and regulatory obligations
• Demonstrates a pragmatic, risk‑based approach to data privacy, balancing compliance requirements with operational realities
• Strong written and verbal communication skills, with the ability to produce clear, structured, and defensible correspondence and documentation
• Ability to manage high‑volume, time‑critical casework (e.g., Data Subject Requests, incidents, enquiries) while meeting statutory and internal timelines
• Comfortable working in fast‑paced, high‑pressure environments, including during live incident and breach response situations, including supporting global incident and breach response activities which may require availability outside standard working hours
• Strong organizational and case management skills, with the ability to prioritise competing requests and escalate issues appropriately
• Demonstrated ability to work independently with minimal supervision, while aligning to defined policies, procedures, and escalation paths
• Proven ability to work effectively with cross‑functional stakeholders across regions and cultures
• High level of professional judgement and discretion, with a strong understanding of confidentiality and need‑to‑know principles
• Sound knowledge of global data protection laws and regulatory requirements, particularly in relation to data subject rights and personal data breaches
• Operates with a high degree of integrity and accountability, recognising the sensitivity and regulatory impact of the role

Academic Qualifications and Certifications

• Bachelor’s degree or equivalent
• CIPP, CIPM or CIPT (Preferred)

Required Experience

• 3-5 years’ experience in Data Privacy or related fields
• Experience supporting or managing Data Subject Requests (DSRs) and/or personal data breach and incident response activities.
• Experience in working with or advising large, multinational organizations.
• Experience supporting compliance or operational governance activities (e.g. case management, issue tracking, reporting)
• Experience in telecommunications, technology and/or professional services (preferred)
• Experience using privacy management or GRC tooling such as OneTrust and/or 6clicks (preferred)

What will make you a good fit for the role?

• Strong interest in and commitment to Data Privacy and Data Protection, with an awareness of evolving global regulatory expectations
• Able to communicate clearly, professionally, and confidently with internal and external stakeholders at all levels
• Comfortable working in a globally distributed environment, interfacing with multiple cultures, regions, and time zones
• Demonstrates a strong analytical mindset, sound judgement, and the ability to work independently within defined processes
• Highly effective in time and workload management, with the ability to manage competing priorities and statutory deadlines
• Resilient and composed under pressure, particularly during time‑critical response activities such as live incidents or breach response
• Takes ownership of work, follows through on actions, and understands the importance of accuracy, confidentiality, and audit‑ready documentation