Assistant Vice President, Data Protection & Corporate Operations, Frasers Hospitality

Job Summary

Frasers Hospitality (FH) is a Business Unit (BU) under Frasers Property Limited (the Group) that oversees the businesses of selected legal entities under the Group and operate serviced apartments and hotels in more than 21 countries.  

The Assistant Vice President for Data Protection & Corporate Operations is the de facto Data Protection Officer for Frasers Hospitality (FH DPO) who is accountable and responsible for the development, implementation, and oversight of the data protection management program within FH. This role ensures that the processing of personal data by legal entities owned and/or operated by FH comply with local data protection laws that are applicable to the operations of these legal entities and properties and aligns with the Group's data protection policies and standards.

The FH DPO acts as the primary local contact for data protection authorities and data subjects and is responsible for managing data-related risks and incidents at the BU level across FH. In regions such as EMEA, FH DPO may do so part-time resource appointed at the Region office or outsourced local service provider.

As a member of the FH Corporate Operations team, FH DPO is expected to support the work of the team, which includes driving operational excellence and innovation as well as management of enterprise risks and sustainability matters. 

Job Description

This roles’ key roles and responsibilities are:

1. Policy and Process Implementation:

• Implement Group-wide data protection policies, standards, and procedures by integrating them into the FH's local business practices.
• Create, review, and update internal policies, guidelines, and procedures for the collection, use, storage, and disposal of personal data within the BU.
• Work with FH Subject Matter Representatives (FH SMRs) to create and update processes that ensure the operationalization of Group policies.

2. Accountability and Compliance Monitoring:

• Develop and implement a comprehensive data protection management program for FH.
• Conduct Data Protection Impact Assessments (DPIAs) to systematically analyse, identify, and minimize data protection risks for new projects and processes.
• Maintain the FH's Records of Processing Activities (ROPA) by mapping processes and inventorying data.
• Monitor the FH’s compliance with applicable data protection laws and internal Group policies.
• Conduct regular compliance assessments to identify and mitigate gaps.
• Ensure data protection considerations are integrated into all processes from the initial design phase ("Data Protection by Design & Default").

3. Training and Awareness:

• Lead data protection training and awareness initiatives for FH management, employees and associates.
• Promote a culture of data protection through campaigns, infographics, and regular communications.

4. Liaison and Stakeholder Management:

• Act as the primary local point of contact for data protection authorities and data subjects on FH-level matters.
• Serve as the key interface between the Group DPO and FH SMRs.
• Collaborate with FH senior management to identify and appoint relevant FH SMRs.
• Respond to data subject requests (DSRs) and other inquiries from individuals.

5. Incident Management:

• Serve as the First Responder and Incident Manager for local or minor data breaches.
• Manage and coordinate the initial response and subsequent activities for data incidents at the BU level.
• Handle the notification process to supervisory authorities and affected data subjects when required.

The reporting restructure for this role is:

• This role reports to SVP, Head of Global Operations in FH for day-to-day operational management.
• This role has a dotted-line reporting relationship to the Group DPO to ensure alignment with the Group's overall data protection strategy and standards.

Key Qualification

• Education: Bachelor’s degree in Law, Information Technology, Business Administration, or a related field.
• Certifications: Professional certification in data protection and privacy (e.g., CIPP, CIPM, CIPT) is highly desirable.
• Experience: Proven experience in a data protection or privacy-related role, with a strong understanding of data protection principles and practices.
• Knowledge: In-depth knowledge of global and regional data protection laws and regulations, such as GDPR.
• Communication: Excellent written and verbal communication skills, with the ability to effectively communicate complex legal and technical concepts to a non-technical audience.
• Interpersonal Skills: Strong interpersonal skills with the ability to build and maintain relationships with stakeholders at all levels of the organization.
• Project Management: Demonstrated ability to manage projects, prioritize tasks, and meet deadlines.
• Analytical Skills: Strong analytical and problem-solving skills with a keen attention to detail.