Position Title: Data Protection Officer - Turkey
Immediate Supervisor: Global Deputy Chief Privacy and Compliance Officer
General Purpose: The data privacy officer oversees all ongoing activities related to the development, implementation, maintenance of, and adherence to the organization’s policies and procedures covering the privacy of, use and access to, protected data as set forth the Turkish Data Protection Regulation
· Provides development guidance and assists in the identification, implementation, and maintenance of organization information privacy policies and procedures in coordination with organization management and administration, the Deputy Chief Privacy and Compliance Officer, the CEO of Turkey and legal counsel.
· Serves in a leadership role for the Data Protection Activity within Turkey
· Will develop a Data Privacy framework within for company in Turkey that adheres to the Turkish Data Protection Laws and Regulations in compliance with Turkish Law Number 6698 “Kişisel Verilerin Korunması Kanunu”
· Will become the expert for Turkey developing a deep understanding of the Data Protection Regulation in Turkey and will develop an ongoing process to stay abreast of any changes with the law
· Will develop a strong working relationship with the DPA in Turkey
· Works with legal counsel and management, key departments, and committees to ensure the organization has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
· Oversees, directs, delivers, or ensures delivery of initial and privacy training and orientation to all employees, volunteers, medical and professional staff, contractors, alliances, business associates, and other appropriate third parties.
· Participates in the development, implementation, and ongoing compliance monitoring of all trading partner and business associate agreements within company in Turkey, to ensure all privacy concerns, requirements, and responsibilities are addressed.
· Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel.
· Will work closely with the groups Global Director of Incident Response on all matters concerning Privacy Breaches
· Ensures compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organization’s workforce, extended workforce, and for all business associates, in cooperation with the Deputy Chief Privacy and Compliance Officer, Turkey Human Resources, the information security officer, administration, and legal counsel as applicable.
· Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities.
· Reviews all system-related information security plans throughout the organization’s network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department.
· Serves as information privacy consultant to the organization for all departments and appropriate entities.
· Knowledge and experience in information privacy laws, access, release of information, and release control technologies. Minimum experience of 5 years in Data Protection, Information Security or a similar role required.
· Knowledge of Turkish Data Protection and Electronic Commerce Communication (Permission Marketing) laws, including but not limited to: 6698 sayılı “Kişisel Verilerin Korunması Kanunu” and 6563 sayılı “Elektronik Ticaretin Düzenlenmesi Hakkındaki Kanun”
· Able to work in a highly matrixed environment. Position requires dotted-line reporting to Turkey CEO.
· Demonstrated organization, facilitation, communication, and presentation skills.
· English and Turkish language required.
· Certifications – Should have attained one or all of the following “CIPP” (Certified Information Privacy Professional), “CIPM” (Certified Information Privacy Manager), “CIPT” (Certified Information Privacy Technologist” . If the candidate does not have these certifications, they must be able to attain at least one of them within the first 12 months of employment.