· Conduct annual audit filings to NITDA to ensure compliance with data protection laws.
· Oversee the implementation of security controls and data protection measures in line with ISO standards.
· Track the company’s compliance status using the compliance legal, regulatory & statutory tracker and report on the company’s performance.
· Coordinate internal and external audits to assess compliance with (ISO 27001:2022, ISO 27701:2019, ISO 9001:2015) requirements.
· Develop and update compliance policies and procedures in alignment with applicable laws and standards.
· Monitor and report on policy compliance metrics and make recommendations for improvement.
· Conduct risk assessments to identify compliance risks and vulnerabilities across the organization.
· Develop and implement risk mitigation strategies and action plans in collaboration with relevant departments.
· Prepare and maintain compliance reports for senior management and regulatory authorities.
· Organize compliance training programs for employees to raise awareness of information security, privacy & quality and ensure understanding of compliance requirements.
· Ensure corrective actions are undertaken to address non-conformities found in audits.
· Identify opportunities for process improvement and efficiency gains in compliance activities and maintain a log.
· Conduct periodic data protection impact assessments and maintain a record of all data processing activities.
PII CONTROLLER RESPONSIBILITIES
· Collection of personal information from customers, site visitors, and other targets
· Must determine the process and methods by which the PII data are collected from customers
· Must determine the specific type of PII data to be collected
· Must ensure all changes and modifications of PII data are effectively done
· Must determine where and how to use the PII data and for a specified purpose
· Must ensure effective storage of all PII data in-house and when to share with third parties
· Must determine the retention period for all PII data collected