WHAT DOES A DATA PRIVACY MANAGER DO?

Published: October 7, 2024 - The Data Privacy Manager provides essential guidance on establishing and updating data privacy standards, business rules, and policies in alignment with the Governance Council. This role is critical in coordinating efforts across the organization to ensure consistency and compliance of PepsiCo’s key data sets, integrating enterprise and digital strategies within the data governance framework. Additionally, the manager is responsible for the global alignment of data privacy processes, conducting privacy assessments, and actively participating in the creation and monitoring of global privacy standards to support strategic business objectives and compliance across projects.

A Review of Professional Skills and Functions for Data Privacy Manager

1. Data Privacy Manager Duties

  • Privacy Program Support: Support the further development of the BHI Global Privacy Program and serve as a BHI group-wide internal point of contact for obtaining advice, supporting privacy impact and risk assessments for new products and processes.
  • Cross-Department Collaboration: Collaboration with other BHI Global Privacy Team members or colleagues from other departments.
  • Data Mapping: Develop and maintain data maps and records of processing for BHI, including linkages to privacy impact assessments.
  • Policy and Procedure Development: Draft and implement policies and procedures, and detect opportunities for developing granular documents to provide guidance to support business objectives in regard to privacy risk management.
  • Privacy Operations Management: Enhance and support privacy operations management, including managing data subject requests and further building out privacy operations management processes.
  • Training and Awareness: Assist with privacy training requirements and awareness campaigns, including communications, content development, and completion oversight.
  • Third-Party Assessment Support: Support the privacy third-party assessment process and, where applicable, the transfer impact assessment process, which can include drafting appropriate privacy contract templates.
  • Incident Response: Support privacy incidents and personal data breach response activities, including incident intake, assessments, documentation, and escalations.
  • Awareness Program Leadership: Lead the Data Protection Staff Awareness Program.
  • Regulatory Compliance: Develop the Bank’s awareness of the newly introduced personal data-related regulations.

2. Data Privacy Manager Details

  • Privacy Assessment Management: Manage internal privacy assessments and contribute toward a global data privacy framework.
  • Policy Development: Create D+A privacy policies.
  • Privacy SME Support: Participate in assessment of consumer data privacy and act as SME for designated projects/assignments.
  • Privacy Issue Resolution: Research and navigate important privacy issues with stakeholders and provide technical advice, project management support, and policy recommendations.
  • Standards Implementation: Ensure standards are applied by all the stakeholders.
  • Conflict Resolution: Prevent or resolve conflicts by facilitating discussions across appropriate business units.
  • Document Review: Provide feedback on documents with Legal and Compliance teams to ensure Data + Analytics policy is incorporated.
  • Legal and Compliance Collaboration: Communicate regularly with Legal and Compliance to implement and adapt to new policies.
  • Regulatory Compliance Monitoring: Stay abreast of external laws (e.g., GDPR, CCPA, CPRA).
  • Risk Identification: Identify risks and controls related to enterprise data security changes.
  • Data Policy Management: Work with the Data Ecosystem team to create policies and standards for external data storage and usage and ensure adherence.

3. Data Privacy Manager Responsibilities

  • Data Standards Recommendation: Provide recommendations and supporting documentation for new or proposed data standards, business rules, and policies (in conjunction with the Governance Council as appropriate).
  • Cross-Functional Coordination: Coordinate across the organization (with fellow Enterprise Data Stewards and the EDG leader, strategic initiatives, Digital Use Cases, and the federated data network) to maintain consistency of PepsiCo's critical enterprise, digital, operational, and analytical data.
  • Data Governance Alignment: Accountable for ensuring that data-centric activities are aligned with the program and leverage applicable data standards, governance processes, and overall best practices.
  • Global Privacy Process Support: Support the global alignment of data privacy processes and standards with applicable enterprise, business segment, and local data support models.
  • Privacy Assessment Management: Manage privacy assessments to identify and review gaps.
  • Global Privacy Standards: Participate in the creation of a single set of global privacy standards and monitor compliance within dedicated sectors/projects.
  • Data Privacy Strategy: Provide perspectives in defining and continually evolving the roadmap for data privacy efforts based on strategic business objectives, existing capabilities/programs, cultural considerations, and understanding of emerging technologies and governance models/techniques.
  • Data Privacy Advisory: Advise on various projects and initiatives to ensure that any data privacy or security items are identified, communicated, and managed in adherence to the Enterprise Data Governance established standards.
  • Data Privacy Practice Management: Ensure proper practices regarding the collection, retention, reporting, and sharing of personal data in all systems and third-party authentication protocols.
  • Employee Awareness and Training: Collaborate with the Information Security function(s) to raise employee awareness of data privacy and security issues and provide training.
  • Incident Management and Compliance: Collaborate with the Information Security function(s) to maintain records of all data assets and exports, manage a data security incident management plan, and ensure timely remediation of incidents, including impact assessments, security breach response, complaints, claims, notifications, and responding to subject access requests (SARs).

4. Data Privacy Manager Job Summary

  • Privacy Audit Management: Design and conduct data privacy/protection audits of current practices, analyze results, draft and deliver reports on audit outcomes, provide recommendations for process and policy improvements, and manage the implementation of recommendations, including the use of third-party tools or platforms.
  • Privacy Governance Framework Implementation: Implement and maintain a privacy governance framework to manage data use in compliance with applicable data protection regulations, including developing policies, standards, and templates for data collection, and assisting with data mapping and vendor management reviews.
  • Regulatory Compliance Support: Support compliance with state, federal, and international data privacy laws (e.g., GDPR, CCPA), regulations, and self-regulatory regimes, including enforceable commitments made in external-facing privacy statements.
  • Policy and Standards Development: Set standards and review policies and procedures globally to meet the requirements under GDPR, CCPA, and any localization requirements in countries of operation.
  • Data Processing Documentation: Document data processing activities conducted by the businesses and participate in new product, initiative, or function due diligence risk management processes to ensure they address data protection and privacy issues.
  • Customer Forms and Assessments Review: Review and complete customer-supplied forms, questionnaires, and data impact protection assessments.
  • Data Privacy Guidance: Provide data privacy-related guidance and support for the business, including guiding partner-facing teams and answering inquiries.
  • Privacy Education and Awareness: Develop workforce educational activities addressing access, use, and disclosure of private and confidential information, and generally build a privacy-aware culture.
  • Incident Response and Risk Assessment: Respond to incidents and conduct data privacy risk/impact assessments.

5. Data Privacy Manager Accountabilities

  • Data Protection Advisory: Serve as a subject-matter expert to provide practical guidance and advice internally on data protection matters and work closely with internal parties to ensure alignment across the Company.
  • Regional Management Collaboration: Serve as a member of the regional management team and participate in meetings to remain aware of current business goals, needs, and initiatives.
  • Compliance Program Implementation: Understand the Company’s Ethics & Compliance Program and applicable protected data regulations to develop and implement assessments, agreements, notices, policies, procedures, and training.
  • Training Development: Develop and conduct onboarding and annual trainings, and create resource materials for employees on regional data privacy regulatory expectations and applicable internal processes.
  • Data Privacy Requirement Integration: Work closely with business partners to ensure that data privacy requirements are considered during the planning phase and that new initiatives using protected data align with internal and external applicable standards.
  • Compliance Monitoring: Maintain awareness of changing business needs and compliance with data privacy requirements.
  • Regulatory Knowledge Management: Maintain knowledge of applicable data privacy regulations, changes to existing laws, and awareness of new and pending legislation in the region.
  • Global Privacy Collaboration: Work collaboratively with the global data privacy team and relevant cross-functional stakeholders to achieve a consistent approach to data privacy requirements.
  • Project Reporting: Report completion of assigned projects, quarterly and on time, through the global data privacy team’s program calendar.
  • External Network Building: Work collaboratively with the external data privacy community to build an Asia Pacific network of contacts and advisors through industry working groups.
  • Process Improvement: Seek opportunities for process improvement within the regional data privacy program and program maturation.
Relevant Information
What Does A Data Analytics Manager Do?
What Does A Data and Reporting Analyst Do?
What Does A Data Management Analyst Do?
What Does A Data Center Technician Do?