Data Protection Correspondent (DPC) - Italy - Porto or Lisbon

Data Protection Correspondent (DPC) – Italy – Porto or Lisbon

About the Job

BNPP Group Personal Data Protection framework, designed to respond to the new General Data Protection Regulation (GDPR) coming into effect on 25 May 2018, relies on the accountability of teams within BNPP entities and territories in their processing of personal data (customers, employees, UBOs, corporate representatives, vendors, etc. ).

The 1st Line of Defence (Business, IT and CDO) is responsible for embedding data protection regulations and Group policies and guidelines within its perimeter (e. g. , privacy by design, PIA, security measures, etc. ).

DPC is positioned in the 2nd line of Defence (within the RISK function) and is responsible for the scope outlined under his/her responsibility. The DPC must assist the relevant Data Protection Officer (DPO) in supervising compliance with data protection regulations and Group policies and guidelines, ensuring second‑level controls by providing the supervision and assistance required to the 1st Line of Defence.

To ensure consistency with the Group’s management structure, a DPC is positioned at Entity or Territory level and reports to the DPO of the relevant business line or territory.

Your Main Activities Are

The Key Responsibilities Of a Data Protection Correspondent Are:

• Communication with internal (e. g. , employees) and external stakeholders.
• Assist the territory DPO on exchanges with the authorities in charge of personal data protection, in coordination with the Business Line DPO.
• Assist the territory DPO in the supervision and monitoring of the implementation of its main responsibilities, including:

• Review and advise on the implementation of Group policies and guidelines on personal data protection and monitor consistency in implementation (consent collection process, cross‑border transfers, management of retention or personal data obsolescence).
• Review and advise on the implementation of privacy‑by‑design principles from the design stage and throughout the lifecycle of all projects, products, services, activities, processes, and systems.
• Provide advice on privacy impact assessments (PIA), e. g. , whether or not to carry out a PIA, what methodology to follow, what safeguards to apply to mitigate risks to the rights and interests of individuals, and monitor that PIAs are performed correctly.
• Monitor the local implementation of the Group security strategy in line with personal data protection regulatory requirements.
• Contribute to risk evaluation in case a personal data breach occurs to ensure timely action.
• Participate in local Data Protection Committees when requested by the DPO.
• Support the relevant DPO to oversee the Records of Processing Activities (ROPA).
• Supervise and elevate cases of non‑compliance with regulations to data protection authorities and to local and central senior management.
• When required, assist the DPO with respect to local language, law, and practices.
• Assist in the construction and implementation of the awareness programme and contribute to the promotion of a culture of protection of personal data within its scope of responsibility.
• Contribute to the promotion of a data‑protection culture within his/her scope of responsibility.
• Assist the DPO with the second level of controls and independent data protection testing to monitor compliance with regulations and internal rules:
  • Carry out second‑level controls on processes related to the protection of personal data as part of a risk‑based approach.
  • Evaluate the effectiveness of the controls relating to the protection of personal data carried out by the 1st line of defence.

Confidentiality Obligation

The DPC will be bound by secrecy or confidentiality regarding the performance of his/her tasks, in accordance with applicable laws.

Profile and Skills To Success

Background

• 6+ years’ experience with significant knowledge and experience in data protection/privacy and the banking sector.
• Understanding of data processing operations, including business applications and data use.
• Experience in transversal management and working.
• Experience interacting with regulators (a plus).
• Experience managing compliance programs on regulatory requirements.
• Strong knowledge and interest in information technology, digital and new technologies, and an understanding of information security controls and principles.

Business Skills

• Fluent in English (mandatory); Italian professional proficiency preferred.
• Data protection.
• Risk knowledge and awareness.
• Risk anticipation.
• Data quality & security.
• Regulatory.
• Business analytics.
• New technologies and digital law (IT/IP).
• IT risk and cyber security awareness.

Behavioural Skills

• Excellent writing and communication skills – allowing him/her to act as a communicator across the bank, on behalf of the DPO.
• Attention to detail/rigor.
• Ability to lead, engage, and work transversally on behalf of the DPO.
• Independence, objectivity, and integrity.
• Creativity, innovation, and problem solving.
• Client focus, high commitment, self‑motivation, and enthusiasm.

Transversal Skills

• Analytical ability.
• Ability to develop and leverage networks.
• Ability to develop and adapt processes.
• Ability to conduct negotiations.
• Ability to understand, explain, and support change.

Conduct

• Be a role model, supporting and fostering a culture of good conduct.
• Demonstrate proactivity, transparency, and accountability for identifying and managing conduct risks.
• Consider the implications of your actions on colleagues, partners, and clients before making decisions.
• Take responsibility for your team’s conduct and conduct risks.

Certification

Qualifications

Qualification on data privacy is highly appreciated. The candidate will be required to enrich his/her competencies with additional professional qualifications relevant to data protection, such as:

• IAPP Information Privacy Professional/Europe (CIPP/E) or Certified Information Privacy Professional/IT (CIPP/IT)
• Certified Information Privacy Manager (CIPM)
• Practitioner Certificate in Data Protection (PC. dp)
• Fellow of Information Privacy (FIP)
• ISEB Data Protection or equivalent data privacy qualification.

Why Join BNP Paribas?

• Leading banking institution.
• Our presence in Portugal.
• International reach.
• Retain a three‑division focus: Retail Banking, Investment & Protection Services, and Corporate & Institutional Banking.
• Diversity and inclusion commitment.
• Commitment towards work/life balance.
• Remote working conditions – smart working framework with flexible hybrid arrangements.
• Exclusive partnership benefits for equipment purchase.

BNP Paribas is an equal‑opportunity employer and proudly provides equal employment opportunities to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity/paternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy.

Only applications submitted in English will be considered.