•The NADPO will be responsible for the AXA XL legal entities operating in the region to ensure compliance with the requirements of the AXA XL Data Privacy program including applicable local Data Privacy law and GDPR, as appropriate.
•The DPO should attend the annual offsite meeting of all AXA Group DPOs and engage with the AXA Group community of DPOs.
What will your essential responsibilities include?
- Serve as contact person for any interaction with Data Privacy supervisory authorities (regulators) on behalf of AXA XL.
- Monitor local Data Privacy related laws and regulations that may impact the relevant legal entity.
- Monitor and report on any local new or discontinued local IT applications, business initiatives or process changes impacting Personal Data.
- Adopt and implement (within legal entity responsibilities) data privacy policies, procedures, guidelines and training as per the Division Data Privacy Accountability Framework.
- Ensure implementation of compliant data management practices, for example:
- Correct collection and use of personal data for marketing activities.
- Correct collection and use of special category (sensitive personal) data.
- Assist with implementation of ongoing tailored training and awareness programs.
- Coordinate and manage responses to incidents involving Personal Data (including breaches) occurring in the Region.
- Maintain a Records of Processing Activity (Data Processing Inventory) for local legal entities processing personal Data in line with requirements set out in Art 30 of the GDPR.
- Coordinate implementation of data privacy controls applicable to the local entities.
- Identify and carry out Privacy Impact Assessments where necessary to address new or updated local projects and/or initiatives that impact personal data.
- Inform regional senior management/board members of their responsibilities regarding data privacy.
- Coordinate with local key stakeholders, including the Chief Data Officer, Risk, Information Security, Compliance, Legal, HR, Physical Security, Operations, Finance and Internal Audit as appropriate on data privacy matters.
- Ensure legal entity compliance standards are implemented and maintained in line with AXA Group BCR obligations.
- Ensure with the support of key business stakeholders that applications that host personal data, and personal data processes, are compliant with local data privacy legislation in line with the Division Data Privacy Accountability Framework Data and AXA Guidance requirements (privacy control plan).
- Complete in a timely manner all data privacy related reports as required including annual legal entity maturity reports.
- Ensure HIPPA compliance for US legal entities, including tracking HIPAA developments; organizing any mandatory HIPAA training for necessary staff members; ensuring a HIPAA Policy and/or Program is in place and fit for purpose; and assisting with HIPAA reporting.
SHARE your talent
We're looking for someone who has these abilities and skills:
- Minimum of 3 years related to Data and/or Privacy and minimum 7 years overall work experience in Insurance or Private practice.
- Undergraduate degree required. Law degree preferred. Other relevant education can be in IT, systems, data analytics and/or project management.
- Leadership and Collaboration skills are critical as this position will collaborate with other Data specialists in AXA XL and contribute to building out the AXA XL Division data strategy in the US.