Data Protection Officer

Lazada (Thailand) (Bangkok, Bangkok City, Thailand)

Bangkok, Thailand

Founded in 2012, Lazada Group is the leading eCommerce platform in Southeast Asia. We are accelerating progress in Indonesia, Malaysia, the Philippines, Singapore, Thailand and Vietnam through commerce and technology. With the largest logistics and payments networks in the region, Lazada is a part of our consumers’ daily lives in the region and we aim to serve 300 million shoppers by 2030. Since 2016, Lazada is the Southeast Asia flagship platform of the Alibaba Group powered by its cutting-edge technology infrastructure.

About this position

As the country data protection officer, you will own and improve the data protection compliance program in the country, leveraging group resources and supporting compliance requirements in other jurisdictions as necessary.

Responsibilities

• Own and improve the data protection compliance program in country, leveraging group resources. Support data protection compliance requirements in other jurisdictions as necessary.
• Identify and remediate critical data protection compliance risk areas.
• Conduct privacy impact assessments, identify risks, evaluate business and operational impact, recommend controls to mitigate risks and track implementation of controls.
• Negotiate and draft contractual clauses relating to data privacy, develop contracting templates and checklists.
• Develop Policies, SOPs, guides and templates for various departments, to facilitate compliance with privacy management policies.
• Monitor and update management on data protection regulatory developments, and app developer data protection compliance requirements.
• Regular management reporting on compliance program, risk areas and progress on compliance initiatives, conduct data protection training.
• Handle compliance operations, such as regulatory submissions, records of processing activities, DSRs and complaints, updating privacy notices and consent management.
• Handle data protection audits, due diligence checks and incident management.
• Build professional network with key stakeholders across relevant industry groups, represent the organization in industry meetings, forums, and conferences to stay updated on emerging data protection compliance trends, regulations, and best practices. Actively participate in industry groups to influence policy development and advocate for organizational interests.
• Leverage inhouse tech capabilities to automate compliance operations, identify risks and improve efficiency.
• Personally drive cross-team (front-end and back-end) collaboration matters. Output project deliverables within agreed deadlines.

Requirements

• Strong privacy background.
• At least 8 years PQE.
• Strong project execution skills.
• Take full ownership of compliance matters assigned.
• Plan and schedule project timeline, working backwards from final deadline to schedule and deliver on intermediate milestones.
• Commercially minded, able to recommend practical solutions to achieve compliance while minimizing operational and commercial impact.
• Motivated to fully understand all aspects of business operations, interest in compliance operations.
• LLB or Juris Doctor.
• CIPM/CIPP an added advantage.