BNP Paribas is a leader in the Eurozone, and a prominent international banking institution with strong roots in Europe's banking history. It has a presence in 71 countries, with 200 000 Employees ? including more than 150 000 in Europe and 6 000 in Portugal alone.

BNP Paribas is present in Portugal since 1985, having been one of the first foreign banks to operate in the country. Today, the Group has several entities operating directly in this territory, offering a wide range of integrated financial solutions to support its clients and their businesses.

Thanks to its international presence and regular and close collaboration among its businesses, BNP Paribas has the resources to support all clients - individuals, entrepreneurs, SMEs, large corporates, institutional investors and community organisations - with financing, investment, savings and protection solutions that help make their projects a success. BNP Paribas holds key positions in its three core operating divisions: Domestic Markets and International Financial Services for retail banking and specialised financial services, and Corporate & Institutional Banking for corporate and institutional clients.

The Operational Permanent Control department is a key component for the management of operational risks. It is an independent control function within the business (1st line of defence). COO & GB OPC is a local function and operates and/or coordinates the Control framework relating to all operational risks, including Fraud, Third Party, Conduct, Compliance, Regulatory, Information & Communication Technology risks, and others risks types for Territory COO and Global Banking domestic activities. OPC is responsible for the deployment of internal policies and procedures issued by specialized independent control functions part of Risk teams (2nd Line of defence), and for the compliance with external regulatory and supervisory requirements. With the increased relevance of data protection topics GB & COO OPC mandate has been extended to integrate data protection management for CIB BNPP Branch. The current position is linked to this new role as GDPR SPOC for BNPP branch (for CIB activities excluding HR).

Portugal CIB BNPP GDPR SPOC is responsible to lead and coordinate GDPR BAU deliverables within the 1st LoD with all relevant business stakeholders and in close interaction with CIB Central Data Ofice, CIB DPC (2nd LoD) and Portugal DPO. The SPOC role is within Territory COO/ BCP, Controls and Conduct unit / OPC team remit. This position reports hierarchically to the Head of COO & GB OPC.

ROLE AND RESPONSIBILITIES

(1) Governance & Reporting

• Coordinate with local CIB DPC/ DPO and act as Territory 1LOD entry point for CIB Chief Data Officer and Portugal CIB Business units


• Set-up and ensure continuity of role through Knowledge Management & Transfer (eg. Through a local repository) in case of any event (eg turnover)


• Inform DPC, CIB Data Office (DO) and DPO of any organizational changes / issues within local framework defining and maintaining a proper communication plan around data protection


• Relay information / request / consultation across LOD1 related to supervisory matters provided by Data Office


• Communicate guidelines and policies to the concerned business managers upon receiving information from stakeholders


• Report PDP topics in local committees (dedicated to DP or not) with top management and communicate key issues to CIB DO, DPC and DPO according to communication plan defined


• Report KPIs to CIB DO, DPC and DPO as required (eg supplier contracts remediation, advanced training participants etc)

(2) Training and awareness:

• Ensure all Territory CIB target populations receive advanced and basic trainings as per CIB Central DO guidelines within a year of arrival;


• Assist employees at Territory CIB level to answer any PDP (personal data protection) related questions

(3) ROPA management:

• Be consulted by Processing owners when filling out the CROPA Questionnaire whenever processes managed in Portugal are impacted
  
• Review and sign-off CIB Territory ROPA every two months as part of the Health Check process (quality check and completeness of BLs)


• Ensure that cross-border transfers are properly cartographied and managed

(4) DPIA management:

• Ensure all local business processes (local ITVCs, TAC-NACs, TCs etc) embed DPIA Methodology: Pre-PIA/ PDP-Q, DPIA


• Be consulted by Project managers when filling out the Pre-PIA / PDP-Q (including nearshoring projects when applicable)


• Review and agree on Impact analysis, monitor action plans with concerned business teams

(5) DSRs & TRANSPARENCY

• Receive and monitor Data Subject Request (DSR) indicators for CIB Portugal


• Be Lisbon LoD1 SPOC for CIB GDPR Desk and / or local desks on client requests (incl. DSRs) related to the Territory


• Monitor any action plan necessary to address Lisbon CIB DSR
  
• Coordinate with Business managers to ensure the updated & translated version of the Data Protection Notice is in place


• Coordinate with Business managers to ensure cookies & consent are properly managed across digital platforms at CIB Territory level

(6) Data breach:

• Coordinate with 2LOD and 1LOD stakeholders to properly manage any CIB Territory Level Personal Data Breach Incident

(7) THIRD PARTY MANAGEMENT:

• Coordinate with GSS and other 1LOD stakeholders to properly manage Data Protection risk with third parties (internal and external)

(8) PDP CONTROL PLAN:

• Ensure PDP Control Plan transposition at CIB Territory Level is consistent with Group and Global CIB standards


• Coordinate with OPC teams to make sure execution of PDP Control Plan at CIB Territory Level is properly managed
  

As GDPR SPOC role is integrated within OPC remit it is expected that the GDPR SPOC is able to contribute to OPC team deliverables leveraging on the data protection expertise and expanding the knowledge on the different risk areas managed within OPC.

PROFILE

• Knowledge and experience in (PDP) personal data Protection


• Understanding of data processing operations (including business applications and data use)


• Experience in project management and change management is a plus


• Experience within Risk Management processes is a plus
  
• Advanced in English (very good oral and written communication)


• Independency, objectivity and integrity


• Excellent writing and communication skills


• Ability to lead, engage and work transversally


• Risk oriented profile with strong analytical and investigation skills
  
• Demonstrated collaborative leadership skills


• Good attention to details and rigorous
  
• Strong organizational skills, with a structured and logical approach
  
• Excellent team spirit

Please note that only applications submitted in English will be considered.

In case you are selected for this role, further documentation will be requested to support your hiring process.

BNP Paribas is an equal opportunity employer and proud to provide equal employment opportunity to all job seekers. We are actively committed to ensuring that no individual is discriminated against on the grounds of age, disability, gender reassignment, marriage or civil partnership status, pregnancy and maternity, race, religion or belief, sex or sexual orientation. Equity and diversity are at the core of our recruitment policy because we believe that they foster creativity and efficiency which in turn increase performance and productivity. We strive to reflect the society we live in, while keeping with the image of our clients.