MISSION STATEMENT
Ensure that Bulgari Greater China is compliant with the requirements of data protection laws, data security, cybersecurity and AI laws, regulations and standards.
MAIN RESPONSIBILITIES
- Provide privacy feasibility assessment and consulting advice for business projects; lead Data Protection Impact Assessments (DPIA) and track remediation actions.
- Draft, review and revise internal data protection policies, procedures, data processing agreements, privacy policies, etc.; support the regional roll-out of data protection initiatives/programs with local market responsibilities to develop, implement, manage and monitor the brand's internal group policies and compliant processes for data protection, covering collection, accuracy, retention, use, security, transparency, access and correction of personal data.
- Assist in providing privacy compliance training to business units.
- Monitor compliance with PIPL and other relevant data protection laws; assist PIPL compliance audits and drive issue remediation; inform the Greater China DPO & HQ DPO and senior management of obligations and any risks under relevant data protection laws.
- Track regulatory developments on personal information protection, cybersecurity, data security and AI-related laws; prepare legal analysis in the context of the company's business; report at committee meetings to keep senior management informed of changes in data protection laws; support the DPO in conducting legal research on specific issues.
- Act as contact point for data subjects regarding all issues related to the processing of their personal data and the exercise of their rights.
- Manage data breaches (in coordination with IT Security), implement remediation actions in accordance with the incident response plan, and coordinate notifications as required; maintain the Record of Processing Activities (ROPA) and report compliance status to management.
- Coordinate with contact windows from functional teams in Greater China (including IT, Marketing, HR, Retail, Digital, CRM, etc.) in relation to the above responsibilities.
QUALIFICATION, EXPERIENCE & SKILLS REQUIRED :
Education: Bachelor’s degree and above
Languages: Fluent in both Chinese and English
Professional experience & know how:
Plus/not mandatory: CIPP/CN, CIPP/E, CIPM
Technical & management skills:
- A solid understanding of information security and in-depth knowledge of the personal data protection law, data security, cybersecurity, AI related laws and regulations
- Personal & interpersonal skills:
- Self-motivated, quick learner, High sense of responsibility and accountability for their work; Excellent team player and able to work with people at all levels across the organization.
ADDITIONAL INFORMATIONS (Type of contract, status…)
Requirements:
- University law degree graduate with 3+ years of experience specializing in data protection and privacy, or a compliance professional with 3+ years of data privacy experience, or in-house legal with 1~3+ years of experience specializing in digital/data/privacy related affairs.
- Solid legal skills: legal research, legal documentation drafting and review experience
- Experience working with CRM, IT; Basic IT system knowledge (data flows); basic AI sense
Fluent spoken and written Chinese and English.
-