Data Privacy Officer - AAA

Dr. Reddy’s Laboratories Ltd. is a leading multinational pharmaceutical company based across global locations. Each of our 24,000 plus employees comes to work every day for one collective purpose: to accelerate access to affordable and innovative medicines because Good Health Can’t Wait.

We started in 1984 with a modest investment, 20 employees and a bold vision. Today, we have research and development centres, manufacturing facilities or a commercial presence in 66 countries. 

For nearly four decades, we have stood for access, affordability and innovation based on the bedrock of deep science, progressive people practices and robust corporate governance. As the pharmaceutical industry evolves and undergoes disruption, we see an opportunity – to strengthen our core further (the next steps) and to build the future (the new bets).

‘The Next and the New’ is how we aim to continue to be the partner of choice – purpose-driven, future-ready and sustainable.  Our aim is to reach over 1.5 Bn+ patients across the world by 2030 by growing our core businesses and building for the future with sustainability at the core of our purpose and strategy. Sustainability for us means operating in a manner that respects people, planet and purpose – helping us conserve precious resources, serve our patients, create value for stakeholders, give back to society, fulfil our potential and maintain our integrity and transparency.

Dr Reddy’s maintains a work environment, free from discrimination and is an equal opportunity employer. We are committed to employ & nurture all qualified diverse workforce without regard to race, colour religion, nationality, sex, age, disability status, genetics, sexual orientation, gender expression, citizenship or any other characteristic or classification protected by applicable law(s) of the country we operate in. We treasure every talent, and recognize merit and diversity in our organization.

Job Summary:

Partner with DRL's business teams in the AAA (Asia, Africa and ANZ) region, on a day-to-day basis and support them in complying with both DRLs Global Data Privacy Policy, processes and standards as well as various Data Protection laws in all the countries with DRL's and its subsidiaries operations. Interpret applicable Data protection laws within the countries, interact with Regulatory authorities where applicable.

Roles and Responsibilities:

Business Partnering

• Partner closely with business and functional teams in the region and provide necessary support to ensure compliance with both DRL's internal Data Privacy processes/ requirements as well as applicable Data Protection laws.

Privacy Risk and Issue Management

• Identify and register Data Privacy risks and issues associated with various business processes/ projects and initiatives and enable their management by assigning them to the right owners and tracking them to closure against mutually agreed due dates.

Personal Data Incident and Breach Management

• Train business and functional teams on how to identify and report Data Security Incidents.
• Manage reported personal data incidents for the countries in the region to closure by identifying root causes, proposing corresponding corrective and preventive actions, and tracking actions to closure.  Adhere to any Breach Management and Notification requirements under applicable DP laws in the region.

Data Subject Requests

• Manage Data Subject Requests received for the countries in compliance with any requirements laid down under respective laws.

Local SOPs, DPAs, ICAs, Notices / Consent

• Assess the need, develop local Data Privacy procedures and provide necessary training to help business comply with specific requirements under local law.
• Where required, adapt global notices or consents to meet local requirements.
• Provide inputs to help create Data Processing Agreements, Agreements/ BCR to enable cross-border transfer of data within DRL entities etc.

Training and Awareness

• Develop content for ad hoc and function specific Data Privacy trainings and deliver them to business teams on a periodic basis. Ensuring that the effectiveness of trainings is also assessed.
• Facilitate Data privacy awareness campaigns and initiatives for the countries within the region to raise overall awareness levels around Data Privacy.

Monitoring, testing and reporting

• Perform periodic monitoring/ testing of controls to identify level of compliance to the requirements under applicable law.
• Do periodic reporting for the region as required for Steercos and other Review meetings. Present the outcomes to top leadership.

Internal / External Audits and Review

• Facilitate all internal / external DP audits and reviews for the countries in scope.
• Work closely with business and functional teams to track all findings identified during such audits and reviews, to closure.

External Interface

• Be DRL's face to the Data Protection Regulatory Authorities in the countries (where applicable) and ensure compliance with any notification/ registration requirements under such laws e.g. registration of DPO or Processing systems, notification related to data transfers, data breach etc.
• Post alignment with Functional leadership, identify and work with external law or consulting firms to fulfil obligations under the law, if any.

Internal Governance, and Meetings

• Participate in internal GLC and periodic DP related governance and all hands meetings. Maintain or provide timely and accurate regional specific inputs on governance activities initiated by Corporate/ Global Data Privacy team.

• Law/ management graduate OR a certified Privacy Professional from globally recognized institutes/bodies with ability to interpret Data Protection laws and experience in interacting with Regulatory bodies.
• Experience of 5-7 years in Data Privacy roles with large multinational organizations of which at least 2-3 years hand-on experience should be in managing compliance with laws in multiple countries (preferably within APAC region).
• Experience in conducting Data Privacy monitoring, testing, and reviews.
• Good Understanding of Risk Management and controls concepts and Information Security Management System (ISO 27001, Cloud Security etc).
• Experience in leading team of privacy professionals in addition to being accountable for their own deliverables.
• Experience and understanding of use of data and technology (including AI) and how it impacts data privacy.
• Experience in handling privacy enabling tools and solutions (One Trust, Securiti.ai etc).
• Robust stakeholder management and interaction across all levels (including senior management).
• Ability to understand business demands and how privacy requirements should be applied in a changing environment including both at a process as well as in technology related setups.
• Understanding and prior experience in Pharmaceutical and Generics business will be an added advantage.
• Legal knowledge as it relates to Data Protection laws including contracting, drafting Data Processing Agreements/ EU Model Clauses and similar cross-border transfer provisions under different DP laws in the region.
• Understanding of Data Protection laws (APAC region preferred) and emerging challenges.
• Data Privacy Training and Awareness building.

About the Department:

The Legal & Compliance function has three broad verticals which cut across global geographies. The verticals provide advice and documentation relating to Intellectual property matters, commercial contracts and business arrangements, corporate structures and registrations, Compliance with industry specific laws, rules, and regulations and Data Privacy and Protection compliance across 75+ countries.

The Legal team is comprised of the Global General Counsel, Regional/ Associate/Assistant General Counsels, Senior Legal Counsels and Legal Counsels. The Compliance team at Dr. Reddy’s is comprised of the broad work profiles such as Corporate Compliance, Compliance CoE and Business Compliance and role holders housed in these profiles. Lastly, Dr.Reddy’s Global Data Privacy team includes Global DPO and Deputy DPO, Global Data Privacy Lead, Regional DPOs and other Data Privacy Partners representing specific countries and Business units.

Your Team:

Internal: Global GC, Global DPO/Deputy DPO, DPO - Corporate, Regional Data Privacy Officers, Country/ Business Unit Data Privacy Partners and Information Security Team.

External: Regulatory Authorities, Law Firms, OEMs and Consultants (Implementation partners)