The role of the EMEA HR Data Privacy Officer will be to act as the first line of defence across EMEA HR in relation to data privacy policies, standards, processes, programmes and issues arising.  The role will act as liaison between EMEA HR, Citi’s Chief Privacy Office, Citi Privacy Legal.  It is also responsible for working in partnership with all stakeholders to ensure that EMEA HR meets its data privacy obligations.

Key responsibilities:

The HR DPO will be responsible for:

• Managing/monitoring compliance with the Citi’s HR EMEA Data Protection Policy  and Citi’s Binding Corporate Rules policies.
• Monitoring HR’s compliance with privacy policies, standards, processes and legislation across EMEA, including GDPR. 
• Monitor privacy landscape for new and emerging trends within the privacy, cross border space.
• Providing advice and guidance to HR on its obligations to comply with GDPR and other relevant legislation across EMEA, including oversight of GDPR individual rights requests/Data Subject Access Requests. 
• Managing/review the responses to communications from Citi employees, former employees and ‘unsuccessful applicants for employment’, in partnership with relevant Citi stakeholders from across HR, Privacy Legal, Employment Legal and Data Privacy Office.
• Overseeing compliance with storage limitation obligations for HR data stored electronically and in hard copy 
• Providing support to EMEA HR on Citi cross border data clearance process
• Facilitating cooperation between Citi and its privacy regulators as it relates to HR, responding to enquiries in a timely manner through Citi Data Privacy Office
• Liaise between HR functions and Citi’s Data Privacy Office regarding privacy regulatory enquires
• Advising HR process owners around the completion of Citi Privacy Impact Assessment processes, Data Privacy Impact Assessments (DPIAs) and Global Privacy Impact Assessments and recommending controls to mitigate risk
• Advising on the incorporation of privacy requirements into Citi’s Regulatory Change Management process and Managers’ Control Assessments across EMEA HR
• Developing and executing privacy Corrective Action Plans to resolve identified control deficiencies in partnership with issue owners
• Reviewing Security Incident Response Team incidents impacting the processing of employee data and supporting mitigation and resolutionManaging the completion of HR’s Data Processing Inventory (GDPR requirement) 
• Reporting on privacy metrics (for HR and the EMEA Chief Privacy Office)
• Training of HR on data privacy matters 
• Liaising with relevant internal stakeholders including Citi’s EMEA Chief Privacy Office, the GDPR Data Protection Officer, the EMEA and global HR Control & Compliance functions, EMEA Data Privacy Legal and EMEA Employment Legal. 

• Expert knowledge of data protection law and privacy issues including familiarity with national and European data protection laws and practices 
• Experience of working in or for multi-national matrixed organisations 
• Experience working in a data privacy compliance or legal function 
• Strong communication and stakeholder engagement skills 
• Experience of engaging with data privacy regulators 
• Ability to work in a fast paced environment managing multiple priorities for multiple stakeholders 
• Willingness to make decisions and to take responsibility for actions. 
• Experience in delivering data privacy training in multiple media 
• A relevant qualification in privacy (e.g. the IAPP CIPP/E) would be advantageous
• Employment legal and/or HR experience desirable