179 Data Protection jobs in the Philippines

Compliance Leadership

• Ensure full organizational compliance with the Data Privacy Act and NPC regulations
• Serve as the main point of contact between the company and the NPC

Policy & Documentation Development

• Develop, maintain, and implement the company's Data Privacy Manual, Privacy Notice, Consent Forms, and Privacy Impact Assessments (PIAs)
• Draft and roll out internal privacy policies and employee guidelines

Privacy Program Implementation

• Lead the establishment of data privacy frameworks for both online (e.g. website, CRM, surveys) and offline (e.g. retail store surveys, manual forms) data collection points
• Work with IT, Marketing, HR, and Operations to ensure data handling practices are privacy-compliant

Training & Awareness

• Conduct regular privacy training for employees and store personnel
• Promote a privacy-first culture within the organization
• Attend professional development seminars and recommend training opportunities for team growth, in collaboration with HR

Risk Management & Incident Handling

• Monitor data processing activities and conduct privacy risk assessments
• Manage data breach incidents and prepare notification protocols to the NPC and affected individuals if necessary

Customer Engagement

• Handle data subject requests, including access, correction, and deletion
• Ensure clear, accessible communication of privacy rights to customers
• Perform other job-related duties as required or as needs arise.

Job Description

We are looking for a proactive Data Protection Officer (DPO) to oversee and coordinate the company's privacy compliance program. As a cosmetics company with a growing digital and retail presence, we handle customer data from our website, surveys, and in-store interactions. The DPO will be officially registered with the National Privacy Commission (NPC) and will ensure that our policies, processes, and employee practices comply with the Philippine Data Privacy Act (DPA) of 2012. This is a hands-on role, ideal for candidates who want to grow their career in data privacy and compliance.

Key Responsibilities

• Serve as the company's registered Data Protection Officer with the NPC.
• Monitor compliance with the Data Privacy Act and NPC guidelines.
• Maintain and update the Data Privacy Manual, Privacy Notices, Consent Forms, and related documentation.
• Coordinate with IT, Marketing, HR, and Operations to ensure proper data handling.
• Conduct or facilitate employee training on data privacy practices.
• Document and assist in reporting privacy-related incidents.
• Respond to customer data requests (access, correction, deletion).
• Perform other related compliance duties.

Qualifications

• Bachelor's Degree in Law, IT, Business Administration, or related field.
• 1-2 years of experience in data privacy, compliance, or related role (open to fresh graduates with relevant training).
• Knowledge of the Data Privacy Act of 2012 and NPC guidelines; familiarity with GDPR is a plus.
• Strong organizational, documentation, and communication skills.
• Detail-oriented and able to work across departments.

What can we offer?

• Competitive Salary
• Gov't mandated benefits
• Annual appraisal and performance-based bonus
• Professional development and trainings
• Dynamic and growth-seeking working enviroment
• Working for a top-tier company in cosmetics/beauty industries
• Some other perks: free parking, meal, products/kits and others.

Primary Role:

This role will be responsible for ensuring that SJ Group Entities in Philippines comply with the data protection legislation and guidelines provided by the regulator. The primary responsibility will be to maintain and update the data inventory sheet for SJ Groups Philippines entity and conduct assessments as required as per the instructions provided by the SJ Data Protection Office (SJ DPO). He/she will support the SJ DPO with data protection initiatives within SJ Group as assigned by the SJ DPO.

(Under the supervision of the Manager, the DPO is the following are expected from this role:)

• Maintaining the Personal Data and Application Inventory Sheet for the SJ Group entities in Philippines and assist in inventory mapping for other entities as assigned;

• Assisting SJ DPO in audits, data protection assessments and investigations where necessary;

• Escalating data protection issues and concerns to the SJ DPO for guidance;

• Support SJ DPO with Global Data Protection Program rollout;

• Responding to data subject requests and frequently asked questions on personal data on behalf of SJ Group entities in Philippines with guidance of SJ DPO;

• Assist SJ DPO in conducting training for the entities in the Philippines;

• Keep track of technology and process changes which impact personal data processed by the organization;

• Assist in rolling out policies, initiatives, procedures and systems which have been approved;

• Keeping track of notices from the regulator, regulatory submission timelines, DPO certificate renewal and responding to the regulators under the guidance of SJ DPO & Group Legal;

• Assist in drafting policies and procedure for SJ DPO.

Key Performance Indicator

• Ensuring that all necessary regulatory for SJ Group PH entities requirements are met annually.

• Maintain and keep up to date the data inventory sheet for SJ Groups PH entities and support inventory management for other SJ Group entities as assigned by SJ DPO & Chief Legal Counsel or Head of Compliance as directed.

• Respond to any data subject access request for the Philippines entities.

• Escalation of potential risks and identified violations in a timely manner to relevant stakeholders.

• Support the SJ DPO in conducting Data Protection Impact Assessment (DPIA) and other relevant data protection assessments.

• Provide business advice on data protection implications on processing which is undertaken.

Key Qualifications, Knowledge, Skills and Experience

Qualifications and/or Certification and Skills and Experience

• Candidate must possess at least a Bachelor's/College Degree in Legal Management or equivalent

• Proficient in using MS office applications

• Excellent verbal, presentation and written communication skills

• Detail-oriented and has good problem-solving skills

• Ability to cope with ambiguity and change and maintains a high level of professionalism when dealing with multiple priorities and working under pressure

• Knowledge or experience in data protection and data privacy regulation is preferred

• Data Protection certification from IAPP or equivalent professional body would be beneficial

Job Type: Full-time

Benefits:

• Additional leave
• Company Christmas gift
• Company events
• Health insurance
• Opportunities for promotion
• Pay raise
• Promotion to permanent employee

Work Location: In person

WHAT IS THE JOB LIKE?

a) Ensure that the organizations being managed and handled collect, process, store, share, & discard/return the personal data of all data subjects in compliance with the applicable data privacy & protection laws and regulations .

b) Serve as a the primary liaison officer of the organization and represent them before the the National Privacy Commission (NPC) and any other relevant government agencies.

c) Implement a privacy by design approache in the organizations aligned with laws, regulations and their actual operations.

d) Monitor and implement data privacy policies, controls and measures, document issues, file and register with the NPC and relevant government units, and coordinate/collaborate with other groups as necessary within the organization.

e) Monitor and stay updated with current privacy trends, legislation and activities.

f) Ensure proper data breach and security incident management by the organizations, PIC or PIP, including the latter's preparation and submission to the NPC of reports and other documentation concerning security incidents or data breaches within the prescribed periods.

g) Inform and cultivate awareness on privacy and data protection within the organizations, including all relevant laws, rules and regulations and issuances of the NPC;

h) Perform other duties and tasks that may be assigned by the organizations that will further the interest of data privacy, security within the company, and uphold the rights of the data subjects.

40F Robinsons Equitable Tower, Pasig, National Capital Region, Philippines

Department

Corporate Legal 1

Job posted on

Aug 28, 2025

Employee Type

Probationary

Experience range (Years)

5 years - 10 years

Job description details:

Global Data Protection Professional (AVP) Overview:

The ING Think Forward Strategy aims to create a differentiating customer experience, enabled by simplifying and streamlining our organization, further striving for operational excellence, enhancing the performance culture within our company and expanding our banking capabilities. The Tribe Wholesale Data Management is a central component in the ING Think Forward Strategy. It has been established in the COO Domain to ensure that ING Wholesale Banking has trustable data which is fully fit for the purpose (timely, complete, accurate, adoptable, comprehensive, consistent and appropriate), facilitated by a state-of-the-art data architecture and IT infrastructure. Data is one of the five building blocks of ING's "Accelerated Think Forward" strategy and COO vision to become the Next Generation Digital Bank on the road of transformation. The HR vision is building the capability and the engagement of our people, for the bank to deliver on its purpose and strategy. The Data Management team within HR Global People Services is critical to ensure that ING's Global Data Management Strategy is rolled out across HR globally in a way that both supports the HR objectives whilst also ensuring that the standardization approach globally is aligned and adopted.

If you are good at:

• Driving implementation of the Data Management Minimum Standards in Data Owners/Stewards community
• Promote organizational awareness and regular updates to governance documentation, data inventory, data policies & processes, quality, architecture, etc.
• Monitoring compliance with the GPDP- Global Personal Data Protection (via KCT) and relevant data governance policies
• Support ING business management to identify, assess, judge and address, data ethical dilemmas.
• Tracking and driving execution of GDPP related activities within the BU, taking care of regular scheduled activities and meetings.
• Functional alignment with ownership of the local data DPE-Office employees and helping BU's to close iRisk issues
• Providing support for all responsible in 1st line data protection in the business lines and support functions, maintaining relationships with relevant 2nd line stakeholders.
• Complete/maintain information asset register, data privacy impact assessments and data classification reporting.
• Manage data breach notification and the resolution and remedial action of all data protection incidents and report these where appropriate to the (local) NFRC and Bank Data Protection Officer.
• Monitor Data Retention and Deletion working instructions and compliance within Global HR

If you are:

• You are pragmatic and a problem solver yet have an eye for regulatory context and boundaries.
• You can conduct quick GAP analysis; define priorities and drive implementation of correction actions.
• You have an affinity for data protection and are comfortable working on in an international context.
• You have outstanding social skills and can communicate effectively.
• Collaboration and facilitation skills are key in this role.
• You are transparent and flexible and able to act at operational and executive level.
• Proven program management experience preferably in an international context.
• Excellent English language skills both spoken and written are required.
• Understanding and experience in the area of data management and/or IT.
• Knowledge of Policy formation;
• Knowledge of data protection and data ethics.
• Knowledge of data management and affinity with Information Technologies.
• Results Orientation as evidenced by a track record of delivering solutions which routinely exceed the business process expectations.
• Strategic Orientation: ability to understand the business context in which the data solutions are being developed and designed to ensure alignment with relevant overall strategic, data management and IT strategies.
• Collaboration and Influencing: demonstrate ability to build meaningful relationships in a large and complex enterprise across functions, levels and geographic borders. He/she must be skilled in communicating complex ideas and solutions, at all levels of the organization and must be open to ideas from others

If you can:

• Monitor delivery and identify gaps on data governance/protection related activities within data management, defining priorities and ensuring proper documentation is in place to facilitate adoption of policies and regulations.
• Engage with and support those responsible for data consumption and protection in the business unit and support functions.
• Coordinate actions and providing guidance, templates and documents in areas where a centralized approach is necessary or useful.
• Collect and develop best practices and share them with the DPE community.
• Identify opportunities to improve the way is organised to manage data and protect personal data and support execution thereof.

Job Types: Full-time, Permanent

Benefits:

• Company events
• Flexible schedule
• Flextime
• Health insurance
• Life insurance
• Opportunities for promotion
• Pay raise
• Work from home

Work Location: In person

I. Reporting Line

· Reports directly to the Group Head Data Protection Officer and the President/Head of Offline and Online.

· Coordinates closely with Legal and Compliance and Risk Management to ensure aligned governance and compliance implementation across all operations.

II. Role Purpose

The Data Protection Officer (DPO) is responsible for ensuring full organizational compliance with the Data Privacy Act of 2012, its Implementing Rules and Regulations, and all National Privacy Commission (NPC) issuances across multiple offline (physical) and online sites. The role ensures that data protection principles are embedded in business processes, contracts, incident handling, and system implementation while providing leadership in governance, training, and continuous improvement.

III. Job Responsibilities

1. Strategic Reporting and Coordination

· Report to the Group Head Data Protection Officer and the President/Head of Offline and Online to align privacy programs with organizational strategies and leadership direction.

· Coordinate with Legal and Compliance and Risk Management to support integrated governance and regulatory compliance.

1. Oversight of Offline and Online Sites

· Oversee data privacy compliance across multiple offline (physical) and online sites.

· Ensure consistent implementation of privacy policies, documentation, reporting, and regulatory compliance at the site level.

1. Regulatory Compliance and Implementation

· Ensure compliance with the Data Privacy Act of 2012, its IRR, and NPC issuances.

· Embed Privacy by Design and Privacy by Default in organizational processes, contracts, and incident response.

1. Contract Reviews and Data Sharing Controls

· Lead the privacy review of contracts to ensure lawful basis, limited purpose, proportional data collection, proper retention, breach notification timelines, subcontractor and cross-border controls, and security safeguards.

· Issue DPO privacy clearance prior to contract execution and ensure alignment with internal governance frameworks.

1. Privacy Impact Assessments (PIAs)

· Review and approve PIAs for new or modified data processing activities across offline and online operations.

· Ensure privacy risks are identified, assessed, and treated in line with NPC guidance and company policy.

1. Data Subject Rights (DSR) Management

· Oversee the acknowledgment and fulfillment of DSR requests, including access, correction, deletion, restriction of processing, and portability.

· Ensure records retained for legal purposes are appropriately tagged and managed.

1. Incident Response and Investigations

· Lead investigations of privacy incidents, including triage, containment, documentation, and reporting.

· Prepare legally required notifications to the NPC and affected individuals.

· Coordinate with Business Continuity and Security teams to maintain privacy safeguards during disruptions.

1. Governance, Training, and Awareness

· Strengthen privacy governance across sites through guidance, compliance oversight, and operational control support.

· Conduct privacy training and awareness activities for site personnel, ensuring proper understanding of privacy obligations and procedures.

1. Monitoring and Continuous Improvement

· Monitor compliance and effectiveness of data protection measures.

· Recommend corrective actions and improvements to sustain compliance across all operations.

IV. Job Requirements

Educational Background and Certifications

· Bachelor's degree in Law, Information Technology, Business Administration, or a related field.

· Certified Data Protection Officer (DPO) from a National Privacy Commission (NPC)–recognized training provider (mandatory).

· Additional certifications in Privacy, Compliance, Risk Management, or Information Security (e.g., CIPP, CIPM, GRCP/GRCA, ISO/IEC are an advantage.

Professional Experience

· Minimum of four (4) years of relevant experience in data privacy, compliance, legal, or risk management functions, preferably within multi-site operations or regulated industries (e.g., gaming, financial services, healthcare, telecommunications).

· Proven experience in:

o Reviewing and approving PIAs

o Managing DSR requests in line with NPC requirements

o Conducting contract privacy reviews and issuing DPO clearances

o Investigating and reporting personal data breaches

o Coordinating with multiple business units and regulators

V. Technical and Regulatory Knowledge

· Strong knowledge of the Data Privacy Act of 2012, its IRR, and NPC circulars, advisories, and memoranda.

· Familiarity with Privacy by Design and Privacy by Default, data governance, third-party management, retention and disposal (NPC Circular No , and cross-border data transfers.

Think you're a fit? Send your updated CV/resume and a recent photo to | Subject: Application – (Job Title) – (Your Full Name)

Job Type: Full-time

Benefits:

• Paid training

Location:

• Taguig (Preferred)

Willingness to travel:

• 100% (Preferred)

Work Location: In person

Job description:

I. Reporting Line

· Reports directly to the Group Head Data Protection Officer and the President/Head of Offline and Online.

· Coordinates closely with Legal and Compliance and Risk Management to ensure aligned governance and compliance implementation across all operations.

II. Role Purpose

The Data Protection Officer (DPO) is responsible for ensuring full organizational compliance with the Data Privacy Act of 2012, its Implementing Rules and Regulations, and all National Privacy Commission (NPC) issuances across multiple offline (physical) and online sites. The role ensures that data protection principles are embedded in business processes, contracts, incident handling, and system implementation while providing leadership in governance, training, and continuous improvement.

III. Job Responsibilities

1. Strategic Reporting and Coordination

· Report to the Group Head Data Protection Officer and the President/Head of Offline and Online to align privacy programs with organizational strategies and leadership direction.

· Coordinate with Legal and Compliance and Risk Management to support integrated governance and regulatory compliance.

1. Oversight of Offline and Online Sites

· Oversee data privacy compliance across multiple offline (physical) and online sites.

· Ensure consistent implementation of privacy policies, documentation, reporting, and regulatory compliance at the site level.

1. Regulatory Compliance and Implementation

· Ensure compliance with the Data Privacy Act of 2012, its IRR, and NPC issuances.

· Embed Privacy by Design and Privacy by Default in organizational processes, contracts, and incident response.

1. Contract Reviews and Data Sharing Controls

· Lead the privacy review of contracts to ensure lawful basis, limited purpose, proportional data collection, proper retention, breach notification timelines, subcontractor and cross-border controls, and security safeguards.

· Issue DPO privacy clearance prior to contract execution and ensure alignment with internal governance frameworks.

1. Privacy Impact Assessments (PIAs)

· Review and approve PIAs for new or modified data processing activities across offline and online operations.

· Ensure privacy risks are identified, assessed, and treated in line with NPC guidance and company policy.

1. Data Subject Rights (DSR) Management

· Oversee the acknowledgment and fulfillment of DSR requests, including access, correction, deletion, restriction of processing, and portability.

· Ensure records retained for legal purposes are appropriately tagged and managed.

1. Incident Response and Investigations

· Lead investigations of privacy incidents, including triage, containment, documentation, and reporting.

· Prepare legally required notifications to the NPC and affected individuals.

· Coordinate with Business Continuity and Security teams to maintain privacy safeguards during disruptions.

1. Governance, Training, and Awareness

· Strengthen privacy governance across sites through guidance, compliance oversight, and operational control support.

· Conduct privacy training and awareness activities for site personnel, ensuring proper understanding of privacy obligations and procedures.

1. Monitoring and Continuous Improvement

· Monitor compliance and effectiveness of data protection measures.

· Recommend corrective actions and improvements to sustain compliance across all operations.

IV. Job Requirements

Educational Background and Certifications

· Bachelor's degree in Law, Information Technology, Business Administration, or a related field.

· Certified Data Protection Officer (DPO) from a National Privacy Commission (NPC)–recognized training provider (mandatory).

· Additional certifications in Privacy, Compliance, Risk Management, or Information Security (e.g., CIPP, CIPM, GRCP/GRCA, ISO/IEC are an advantage.

Professional Experience

· Minimum of four (4) years of relevant experience in data privacy, compliance, legal, or risk management functions, preferably within multi-site operations or regulated industries (e.g., gaming, financial services, healthcare, telecommunications).

· Proven experience in:

o Reviewing and approving PIAs

o Managing DSR requests in line with NPC requirements

o Conducting contract privacy reviews and issuing DPO clearances

o Investigating and reporting personal data breaches

o Coordinating with multiple business units and regulators

V. Technical and Regulatory Knowledge

· Strong knowledge of the Data Privacy Act of 2012, its IRR, and NPC circulars, advisories, and memoranda.

· Familiarity with Privacy by Design and Privacy by Default, data governance, third-party management, retention and disposal (NPC Circular No , and cross-border data transfers.

Job Description: Data Management and Protection Lead

The organization's strategy aims to create a differentiated customer experience by simplifying and streamlining processes, driving operational excellence, enhancing performance culture, and strengthening data-driven decision-making.

The
Wholesale Data Management Tribe
plays a central role in ensuring that the company has reliable and fit-for-purpose data (timely, complete, accurate, consistent, and appropriate) supported by a strong data architecture and IT infrastructure.

The
HR Data Management team
within Global People Services ensures that the global data management strategy is implemented across HR in alignment with overall business objectives and standardization initiatives worldwide.

Key Responsibilities

• Drive implementation of Data Management Minimum Standards across Data Owners/Stewards community.
• Promote awareness and maintain governance documentation, data inventories, policies, and processes.
• Monitor compliance with Global Personal Data Protection and other data governance policies.
• Support business management in identifying and addressing data ethics and regulatory issues.
• Track and execute activities related to data protection and ensure timely completion of required actions.
• Align with local data officers to resolve iRisk issues and strengthen data ownership.
• Provide first-line support for data protection across business units and maintain relationships with second-line stakeholders.
• Maintain information asset registers, data privacy impact assessments, and classification reports.
• Manage data breach notifications, oversee resolutions, and report incidents to relevant stakeholders.
• Monitor and ensure compliance with Data Retention and Deletion guidelines within Global HR.

Qualifications and Skills

• Pragmatic problem solver with strong understanding of regulatory requirements.
• Skilled in GAP analysis, prioritization, and implementation of corrective actions.
• Experience in data protection, governance, and working in an international context.
• Strong communication, collaboration, and facilitation skills.
• Flexible and transparent, able to engage at both operational and executive levels.
• Proven program management experience, ideally in a global environment.
• Excellent command of English, both written and verbal.
• Background in data management and/or IT.
• Knowledge in policy formation, data protection, and data ethics.
• Strong results orientation and ability to deliver solutions exceeding expectations.
• Strategic thinker who aligns data initiatives with business and IT strategies.
• Demonstrated ability to influence and collaborate across teams, functions, and geographies.

Core Capabilities

• Monitor delivery of data governance and protection initiatives, identify gaps, and ensure full documentation.
• Engage with stakeholders responsible for data protection and compliance.
• Coordinate actions, provide guidance, and create templates for consistent data management practices.
• Develop and share best practices across teams.
• Identify and execute opportunities to enhance data management and personal data protection.

Job Description: The Data Privacy Officer (DPO) is responsible for overseeing and ensuring the organization's data processing activities comply with applicable data protection laws and regulations. The DPO plays a crucial role in safeguarding personal data and managing privacy risks.

Key Responsibilities:

• Ensure the organization's compliance with data protection laws and regulations, including with the National Privacy Commission or relevant local data protection laws;
• Develop and implement data protection policies, procedures, and guidelines;
• Monitor adherence to data protection standards within the organization and regularly review and update policies to maintain compliance;
• Conduct regular training sessions and workshops for employees to ensure awareness and understanding of data protection principles;
• Promote a culture of data privacy within the organization by leading initiatives to raise awareness;
• Conduct Data Privacy Impact Assessments for new projects, processes, or technologies to identify and mitigate potential data privacy risks;
• Serve as the primary point of contact for data breaches and incidents;
• Investigate data breaches and incidents, and implement corrective actions to prevent future occurrences;
• Coordinate the response to data breaches, including notification to the relevant authorities and affected individuals, as needed;
• Act as the point of contact between the organization and the National Privacy Commission;
• Ensure timely and accurate reporting to regulatory authorities, including data breach notifications;
• Provide advice to Senior Management and other departments on data protection and privacy issues;
• Work with our legal counsel on review of contacts, agreements, and data processing activities to ensure compliance with data protection laws;
• Maintain records of all data processing activities within the organization;
• Keep up-to-date with changes in data protection laws and best practices;
• Continuously assess and improve the organization's data protection framework to adapt to evolving legal requirements and technological advancements;
• Conduct regular audits of data processing activities to ensure compliance with data protection policies and legal requirements;
• Identify areas of improvement and implement corrective actions where necessary;
• Provide regular reports to the Management on data protection compliance, risks, and incidents.

Qualifications:

• Graduate of Information Technology, Information Security, or a related field;
• Certified Data Protection Officer
• At least with 3-5 years' experience as Data Protection Officer

The Belo Medical Group (BMG) places utmost importance to your right to privacy. BMG shall handle with utmost care all personal and sensitive information that you may provide or those that we may collect from you upon your use of the website in accordance with our Privacy Policy. By submitting your application, scrolling this page or clicking any part of it, you hereby acknowledge that you have read and understood our Privacy Policy and expressly consent to it.

AxkaXUdNUs