Privacy Officer - Isando at PepsiCo

Responsibilities

What we’re looking for:

Were looking for a Privacy Officer to join our team. 

The Privacy Officer takes responsibility to drive compliance to all data privacy laws (this includes, but is not limited to; POPIA, PAIA, etc.) through developing and driving implementation of data privacy frameworks, policies, procedures and controls across South Africa inclusive of Namibia or Botswana and where PepsiCo SA operates on thr continent of Africa.

POPIA specific includes:

•  Ensuring the Company to comply with relevant Privacy Laws;
• Communicating with the Information Regulator, including working with the Information Regulator in relation to data breach investigations;
• Regular and ad hoc reporting on privacy compliance (CEO / ICRM / any applicable forums);
• Monitoring changes to local privacy laws and making recommendations to the applicable privacy compliance forums when appropriate;
• Maintenance of the PepsiCo SA privacy compliance framework and ensure it is implemented, monitored; &
• The management of POPIA related projects in order to ensure compliance.

PAIA

• Developing PAIA Manual and ensuring that the Manual is aligned to legal requirements.
• Managing PAIA queries from the public and reporting to the Informaiton Regulator as and when required.

Accountabilities 

The encumbant in the role will be required at any given time, for the below accountabilities, to make decisions and/or be informed and/or provide consultation and/or execute actions to manage impact on PepsiCo SA BU and AMESA Sector

POPIA Accountabilities, include:

• Establish and Develop standards, framework, control and polices through driving and supporting the implementation and integration of and embedding of privacy principles, policies, standards, and controls into standard business processes.
• Actively support the business on the embedding of current privacy policies, standards, and controls into “Business As Usual”, including third parties who process PEP personal data. This will involve assisting to formulate, embed and enforce protocols and ways of working with system owners across the business to ensure privacy risks are identified and addressed in system design as early as possible and prior to PepsiCo implementation and/or onboarding.
• Actively support the Data Subject in completion of data subject requests as received directly from Vendors, Customers and/or through the PepsiCo SA privacy compliance tool and/or through business / function representatives (including record locations, extraction, communication and managing and monitoring workflow) and continuously make updated to processes as regulatory requirements evolve.
• Ensure that a Personal Information Impact Assessment (PIIA) is completed by functions and business through facilitating the execution and completion of PIIAs by business units (BUs) and functional stakeholders, documents remediation plans, monitors their execution and provides appropriate updates to Privacy Councils / relevant reporting forums. This also involves if PIIAs trigger a high-risk processing activity that may need to be escalated to Sector Privacy Director / DPO.    
• Ensure continuous engagement with the Information Regulator including but not limited to keeping abreast with evolving regulatory requirements, working with the Regulator in relation to investigations around data breaches and reporting updates to the Regulator (where guided by law), Legal and/or Privacy Governance forums. And addressing data privacy and related requests from the Regulator/s.
• Ensure use and adoption of the SA Retention Policy and Schedules by the business and functions. Implement business initiatives to embed the policy into business-as-usual processes post the use of the record on business systems and monitor the end of use.   
• Work directly with BUs and Functions to develop, create and maintain a log of processing activities undertaken by the business. Where necessary manage maintenance of a record of all personal data processing activities (i.e. data inventory).
• Support in the development of a privacy compliance training programme. Promote privacy awareness throughout the business and ensuring adequate support is granted to the Sector DPOs in the roll out of a regular cadence of communications to keep privacy on the business agenda.
• Ensure use and adoption (e.g. by training and/or by leading required multi-functional initiatives) by the business of elected PepsiCo’s Global Privacy Compliance Platform for privacy related governance and operations and where necessary ensure the design of workflows/processes are capable of being incorporated into business-as-usual operations.
• Facilitate the development of processes to ensure PepsiCo SA implements PepsiCo’s Global Privacy Management Plan/Playbook and CoE procedures. Where necessary, recommend any required enhancements to address changing regulatory requirements or improve operational efficiencies of the CoE. Lead multifunctional initiatives in this regard (e.g. engaging needed areas, following up on needed actions etc).
• Otherwise ensuring compliance with the provisions of this Act

PAIA Accountabilities, include:

• Ensuring that a PAIA manual is developed, monitored, maintained and made available to the organisation and accordingly published on PepsiCo’s local website.
• Ensuring the evaluation and approval of requests for access to information received in terms of the grounds set out in PAIA, within the time constraint or any extended period.
• Ensure use and adoption (e.g. by training and/or by leading required multi-functional initiatives) by the business of elected PepsiCo’s Privacy Compliance Platform for privacy related governance and operations and where necessary ensure the design of workflows/processes are capable of being incorporated into business-as-usual operations.

Qualifications

• Bachelor level degree (preferably in law or data security)
• 6+ years’ experience
• Data Privacy , Regulatory Compliance, Risk Management, Audit, Data Governance experience
• Knowledge of data privacy legislative and regulatory landscape
• Commercial and financial acumen
• Technology: Highly proficient with Privacy Compliance Platforms (e.g. OneTrust, TrustArc), ServiceNow, ERP, Content management and Project Managenemet.
• Knowledge of reporting and presentation to various levels of stakeholders including senior management (Exco / Leadership Team )
• Communication and collaboration skills (Exco / Leadership Team level)
• Writing skills (Strategy Roadmaps, Reports, Service Level Agreements, Policies and Procedures and Standard Operating Procedures)
• Research skills