Job Title: Associate Data Protection Analyst

Location: India (Hybrid)

Department: Technology

Reports To: Governance Analyst

Job Summary: Sage Publishing is seeking a Data Protection Analyst to support compliance with the Digital Personal Data Protection Act (DPDP Act) of India and with compliance in the region to other global privacy laws which impact Sage. The successful candidate will assist in developing, implementing, and maintaining data protection policies and procedures, ensuring that Sage Publishing's operations adhere to the DPDP & GDPR Act requirements and other global personal data legislation.

Key Responsibilities:

• Compliance Support: Assist in ensuring Sage Publishing's compliance with global privacy laws, including supporting the development and implementation of data protection policies and procedures.
• Risk Assessment: Conduct regular risk assessments to identify potential data protection issues and recommend mitigation strategies.
• Training & Awareness: Support the development and delivery of training programs to educate employees on data protection principles and DPDP & GDPR Act requirements.
• Request and Rights Management – Assist in responding to rights requests, to facilitate access or managing access to personal data.
• Data Audits: Assist in performing regular audits of data processing activities to ensure compliance with the DPDP Act and other global data protection laws.
• Incident Management: Support the management of data breach incidents, including investigation, reporting, and remediation.
• Vendor Assurance – Collating and documenting evidence to support vendor risk management to enhance privacy and security risk controls.
• Liaison: Assist in acting as a point of contact for data protection enquiries from stakeholders in India and across regional borders.
• Documentation: Maintain comprehensive records of data processing activities and compliance efforts.
• Reporting: Prepare and present regular reports on data protection compliance to senior management.

Qualifications:

• Education: Bachelor’s degree in information technology.
• Experience: Minimum of 3 years of experience in data protection, privacy compliance, or a related field, preferably within a publishing or technology company.
• Knowledge: Understanding of the DPDP or GDPR Act and other relevant data protection laws and regulations.
• Skills: Strong analytical, organizational, and communication skills. Ability to work independently and manage multiple projects simultaneously.
• Certifications: Data Protection certifications or equivalent are preferred.

Necessary Skill Sets:

• Performing Privacy Impact Assessments (PIA+DPIA’s): Risk Identification: Ability to identify privacy risks associated with data processing activities.
• Risk Evaluation: Skills to assess the necessity and proportionality of data processing.
• Mitigation Strategies: Experience in implementing measures to mitigate identified risks.
• Documentation: Proficiency in documenting DPIA findings and recommendations.
• Incident investigation and response: Ability to quickly and effectively respond to reports of incidents which impact Sage, coordinating efforts to protect personal data according to emerging or potential risks.
• Data Subject Access Requests (DSARs): Request Handling: Experienced in responding to DSARs in compliance with data protection regulations.
• Data Retrieval: Skills to efficiently retrieve and compile personal data from various sources.
• Communication: Ability to communicate clearly and effectively with data subjects regarding their requests.
• Legal Knowledge: Understanding of the legal basis for DSARs and the rights of data subjects.
• Has some experience with matters relating to generative AI from a data privacy perspective and is aware of the European AI Act

Personal Attributes:

• Integrity: Demonstrates high ethical standards and integrity in all dealings.
• Attention to Detail: Meticulous in ensuring compliance with legal and regulatory requirements.
• Proactive: Takes initiative to identify and address potential compliance issues.
• Collaborative: Works effectively with cross-functional teams and external stakeholders

Diversity, Equity, and Inclusion

At Sage we are committed to building a diverse and inclusive team that is representative of all sections of society and to sustaining a culture that celebrates difference, encourages authenticity, and creates a deep sense of belonging. We welcome applications from all members of society irrespective of age, disability, sex or gender identity, sexual orientation, color, race, nationality, ethnic or national origin, religion or belief as creating value through diversity is what makes us strong.