This position directs and oversees all data protection activities for Mondelēz International (MDLZ) in its AMEA region and informs, advices, and issues recommendations regarding Data Privacy regulatory compliance. DPO's primary concern is MDLZ' compliance with data privacy regulations in different AMEA countries. The position devises the policies and procedures that bring the organization into compliance with data protection regulations, foster a data protection culture within the organization and help to implement and maintain ongoing compliance on essential regulatory principles. The position monitors the implementation of those policies, ensures training, assigns responsibilities and handles requests regarding personal data from data subjects and regulators. The DPO keeps management informed regarding their obligations under the Regulation, and is the primary contact point for supervisory authorities
Key Accountabilities Include:
• Senior role leading privacy compliance in AMEA. Partner with Regional Functions, e.g. HR, IBS and Marketing on Regional Privacy matters.
• Manage and advise on privacy compliance for Regional/Global systems in AMEA.
• Continuous training to embed a culture of data protection and privacy in MDLZ
• Support MDLZ legal counsel in interactions with Government and Industry groups on general privacy issues in AMEA.
• Work with authorities and lead investigations related to privacy breaches and reporting to regulators.
• Reviewing and adapting breach and incident management response protocols to implement best practices or recommendations and lessons learned from post-incident reviews
• 1st escalation point for IBS-ES Privacy Team – handle advice, coordinate with BU Counsel/local DPOs.
• 1st escalation point for Regional Concentrix consumer privacy issues
• Reviewing and revising policies as needed following assessments or audits, in response to a breach or complaint, new guidance, industry based best practices, or as a result of environmental scans- Ongoing owner of the AMEA Data Privacy program
• Monitor compliance and report to management with metrics
Specific Responsibilities Include:
• Advice MDLZ regarding:
o Whether or not to carry out a data protection impact assessment (DPIA),
o Ensure adequate methodology is in place to follow when carrying out a DPIA,
o Ensure proper preservation of DPIA and follow up on relevant issues
o What safeguards (including technical and organizational measures) to apply to mitigate any risks to the rights and interests of the data subjects,
o Whether or not the DPIA has been correctly carried out and whether its conclusions (whether or not to go ahead with the processing and what security controls to apply) are in compliance with the respective regulatory requirements
• Notification / Registration
o Notifying the relevant DPA of the company's data processing activities
o Keeping notifications updated from time to time
o Making any necessary filings in relation to international data transfers with the Data Protection Authority
• Identify, understand, and maintain the record of processing operations under the responsibility of MDLZ as one of the tools enabling compliance monitoring, informing and advising MDLZ;
• Document all decisions taken consistent with and contrary to DPO's advice;
• Ensures data mapping documents and related systems are periodically updated;
• Offers consultation once incident has occurred
• Managing data controllers and data processors
o Monitor the activities of data controllers
o Manage data processors on behalf of the company (including outsourcing of data processing activities)
• Will have additional activities in regards to data protection and information risk management
DPOs would be supported be In-country counsels, whose responsibilities would include
-Supporting regional DPO where local input is required in privacy matters.
-Being the local contact for local privacy regulators/Authorities
-Ensuring coverage from a local language standpoint
-Ensuring that local issues (e.g. language) are addressed sufficiently
Career Experience required for this Role:
• 5+ years of experience as DPO or data protection professional, in Audit/Information Security, Legal or another related function
• Bachelor's degree.
• Relevant data protection certifications preferred (e.g. IAPP CIPP/A and CIPM)
• In-depth understanding of the privacy regulations and Data Protection techniques and strategies
• Sound knowledge of information security standards and technology
• Knowledge of the CPG or manufacturing industry
• International experience managing complex initiatives and projects
• Multilingual (English mandatory)
• Proven interpersonal skills: two-way communication skills (oral and written), ability to build relationships, influence others without authority, work with a diverse internal stakeholder base.
• Ability to handle multiple demands, shifting priorities, and ambiguous situations.
• Strong project management and planning skills; balances strategic priorities with tactical execution priorities
• Ability to develop diverse positive relationships both internally (with various functions) and externally (supervisory authorities, data protection authorities, data subjects, etc.)
• Ability to work independently
• Strong business acumen
• Proactive, pragmatic, leader
• Ability to understand data protection risks and articulate these risks in easy-to-understand business language which accurately shows the true degree of business of risk and impact
Mondelēz International is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation or preference, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.Job Type RegularBusiness Integrity & Security GovernanceLegal
Apply on company website