About the Role:
We are seeking a proactive and highly knowledgeable Data Privacy Officer (DPO) to lead our privacy compliance initiatives across both online and offline operations. As a cosmetics company with a growing digital and retail presence, we collect, store, and process personal data from our customers through our website, surveys, and in-store interactions. The DPO will be responsible for developing and implementing privacy frameworks, policies, and manuals, ensuring compliance with the Philippine Data Privacy Act (DPA) of 2012 and the National Privacy Commission (NPC).
Key Responsibilities:
Compliance Leadership:
- Ensure full organizational compliance with the Data Privacy Act and NPC regulations.
- Serve as the main point of contact between the company and the NPC.
Policy & Documentation Development:
- Develop, maintain, and implement the company’s Data Privacy Manual, Privacy Notice, Consent Forms, and Privacy Impact Assessments (PIAs).
- Draft and roll out internal privacy policies and employee guidelines.
Privacy Program Implementation:
- Lead the establishment of data privacy frameworks for both online (e.g. website, CRM, surveys) and offline (e.g. retail store surveys, manual forms) data collection points.
- Work with IT, Marketing, HR, and Operations to ensure data handling practices are privacy-compliant.
Training & Awareness:
- Conduct regular privacy training for employees and store personnel.
- Promote a privacy-first culture within the organization.
- Attend professional development seminars and recommend training opportunities for team growth, in collaboration with HR.
Risk Management & Incident Handling:
- Monitor data processing activities and conduct privacy risk assessments.
- Manage data breach incidents and prepare notification protocols to the NPC and affected individuals if necessary.
Customer Engagement:
- Handle data subject requests, including access, correction, and deletion.
- Ensure clear, accessible communication of privacy rights to customers. Additional Duties
- Perform other job-related duties as required or as needs arise.
Qualifications:
- Bachelor’s Degree in Law, IT, Business Administration, or a related field (JD or legal background preferred but not required).
- At least 2–4 years of experience in data privacy, legal compliance, or IT security; preferably with exposure to e-commerce, retail, or FMCG sectors.
- Strong working knowledge of the Data Privacy Act of 2012, NPC Circulars, and global best practices (e.g., GDPR is a plus).
- Demonstrated ability to draft legal or policy documentation (e.g. manuals, notices, data sharing agreements).
- Strong analytical, communication, and training skills.
Preferred Skills:
- Experience in handling customer data (surveys, CRM, loyalty programs, website analytics).
- Familiarity with data security frameworks or certifications (e.g., ISO 27001, CIS Controls).
- Previous experience working with website developers or IT teams on privacy-by-design.
Job Type: Full-time
Pay: Php30,000.00 - Php35,000.00 per month
Benefits:
- Additional leave
- Company events
- Free parking
- Health insurance
- On-site parking
- Opportunities for promotion
- Paid training
- Promotion to permanent employee
Work Location: In person