About BNP Paribas India Solutions:

Established in 2005, BNP Paribas India Solutions is a wholly owned subsidiary of BNP Paribas SA, European Union’s leading bank with an international reach. With delivery centers located in Bengaluru, Chennai and Mumbai, we are a 24x7 global delivery center. India Solutions services three business lines: Corporate and Institutional Banking, Investment Solutions and Retail Banking for BNP Paribas across the Group. Driving innovation and growth, we are harnessing the potential of over 10000 employees, to provide support and develop best-in-class solutions.

About BNP Paribas Group:

 BNP Paribas is the European Union’s leading bank and key player in international banking. It operates in 65 countries and has nearly 185,000 employees, including more than 145,000 in Europe. The Group has key positions in its three main fields of activity: Commercial, Personal Banking & Services for the Group’s commercial & personal banking and several specialized businesses including BNP Paribas Personal Finance and Arval; Investment & Protection Services for savings, investment, and protection solutions; and Corporate & Institutional Banking, focused on corporate and institutional clients. Based on its strong diversified and integrated model, the Group helps all its clients (individuals, community associations, entrepreneurs, SMEs, corporate and institutional clients) to realize their projects through solutions spanning financing, investment, savings and insurance. In Europe, BNP Paribas has four domestic markets: Belgium, France, Italy, and Luxembourg. The Group is rolling out its integrated commercial & personal banking model across several Mediterranean countries, Turkey, and Eastern Europe. As a key player in international banking, the Group has leading platforms and business lines in Europe, a strong presence in the Americas as well as a solid and fast-growing business in Asia-Pacific. BNP Paribas has implemented a Corporate Social Responsibility approach in all its activities, enabling it to contribute to the construction of a sustainable future, while ensuring the Group's performance and stability

Commitment to Diversity and Inclusion

At BNP Paribas, we passionately embrace diversity and are committed to fostering an inclusive workplace where all employees are valued, respected and can bring their authentic selves to work. We prohibit Discrimination and Harassment of any kind, and our policies promote equal employment opportunity for all employees and applicants, irrespective of, but not limited to their gender, gender identity, sex, sexual orientation, ethnicity, race, color, national origin, age, religion, social status, mental or physical disabilities, veteran status etc. As a global Bank, we truly believe that inclusion and diversity of our teams is key to our success in serving our clients and the communities we operate in.

Job Title:

India Data Protection Correspondent

Date:

30^th April 2025

Department:

RISK

Location:

India

Business Line / Function:

ISPL RISK ORM

Reports to:

(Direct)

India Territory Data Protection Officer

Grade: 

(if applicable)

Assistant Vice President

(Functional)

Number of Direct Reports:

None

Directorship / Registration:

NA

Position Purpose

Located within the RISK Function of BNP Paribas (“BNPP”), the role of the Data Protection Correspondent (“DPC”) is to ensure that the components of the operational risk management framework are implemented and operating effectively within ISPL, and to provide RISK ORM management and Business senior management with relevant, synthetic, transparent, exhaustive and consistent information and a front-to-back view of operational risk across ISPL activities. To achieve this objective, this 2^nd line of defense (“LOD2”) role works closely with RISK ORM Regional and Central teams and with ISPL management and stakeholders. The DPC provides expertise on personal data protection related topics in accordance with the relevant RACI. India DPC must assist India Data Protection Officer (DPO) in supervising the compliance of projects and with legal and regulatory personal data protection requirements throughout the APAC region as well as the Group’s and APAC personal data protection policies. 

RISK ORM ISPL mandate is to independently challenge and supervise the operational risk management framework of ISPL activities as described in level 2 procedure – Organizational framework and governance for Operational Risk Management & Permanent Control Framework. This includes control framework adequacy checks, independent challenge, proximity with the business and contribution to the sign-off process on key decisions. The DPC is to ensure second level controls by providing the required supervision and assistance to the 1st Line of Defense

Due to the global and regional models applied by the BNP Paribas (“BNPP”) activities outsourced to ISPL, the role covers the contribution as well to reviews, control testing, analysis and reports carried out under the supervision of the APAC DPO Regional teams.

Responsibilities

Direct Responsibilities 

To contribute to relevant personal data protection activities realization 

·       To guarantee required norms and methods definition and application to a company’s good data protection risks apprehension (follow-up of projects, information systems adaptation, declarations conception and maintenance, subcontractors contracts analysis, follow-up on control plans reporting, etc.) 

·       To guarantee advice and assistance to strategical program ongoing. 

To support the implementation of the privacy strategy defined by DPO 

·       To assist the DPO in the supervision and monitoring of implementation of the Group's Data Protection policies and guidelines, bearing the local regulatory requirements in mind, to ensure consistency 

·       To define action plans and corrections related, and to ensure application of the same 

·       To alert DPO when activity is under operational risk (non-appropriateness between needs and resources, etc.), to propose correction solutions and to implement those solutions 

·       To contribute to continuous efficiency improvement and to any optimization process. 

To contribute to operational collaborative activities 

·       To support and assist APAC DPO team for control campaigns, typical DPO and RISK ORM activities in BAU (e.g. RCSA check & challenge, data breach assessments, project and third-party risk assessment support – see below), but also in case of emergencies and escalated issues 

To contribute to permanent control actions 

·       To contribute to perform LOD2 controls and challenge LOD1 

·       To contribute to perform the check and challenge of the RCSA 

·       To contribute to RISK ID exercise 

·       To contribute to OR&C report 

To ensure professional network development 

·       To participate in local Data Protection Committees when requested by the DPO 

·       To contribute to Internal Control Committee 

·       To collaborate with local CROs and RISK teams 

Contributing Responsibilities

·       To assist the DPO on exchanges with the authorities in charge of the protection of personal data under the responsibility of the DPO 

·       To assist the DPO in the supervision and implementation of Privacy by Design principles throughout the lifecycle of all projects, activities, products, services, processes and systems 

·       To contribute to role development by validating data protection requirements for new activities, new products, services or specific operations, and to carry technical assistance 

·       To receive, process and advise internal and external local solicitations about data protection 

·       To receive, process and advise requests from data subjects, subcontractors and partners etc. 

·       To itemize existing processes and identify breaches regarding data protection requirements – using your broad knowledge on APAC-wide local regulation (at minimum: India’s new DPDPA & GDPR requirements 

·       To contribute to perform risk assessment on personal data breaches 

·       To assist the DPO in monitoring documentation, e.g. the RoPA (Register of Processing Activities) 

·       To contribute to the identification and notification process for data protection violations according to defined procedures and local legal requirements 

·       To realize effectiveness for data protection controls and to ensure expected reporting 

·       To ensure regular reporting to DPO about the activity 

·       To contribute to the creation and implementation of awareness programs and to the promotion of a culture of protection of personal data within the scope of responsibility. 

* DPO may refer to India DPO or APAC DPO or Business Line DPO as the case may be – reflecting a matrix organization – while maintaining a direct reporting to the India DPO

Technical & Behavioral Competencies

Specific Qualifications 

Legal background with IAPP Certification (CIPP/E) or equivalent

Skills Referential

Behavioural Skills: (Please select up to 4 skills)

Communication skills - oral & written

Attention to detail / rigor

Creativity & Innovation / Problem solving

Client focused

Transversal Skills: (Please select up to 5 skills)

Analytical Ability

Ability to develop and leverage networks

Ability to develop and adapt a process 

Ability to understand, explain and support change

Ability to set up relevant performance indicators

Education Level: 

 Bachelor Degree or equivalent

Experience Level

At least 5 years

Other/Specific Qualifications (if required)

Business Skills – 

1. Data Protection 

2. Risk knowledge and awareness 

3. Risk anticipation 

4. Data quality & Security 

5. Regulatory 

6. Business analytics 

7. New Technologies and Digital Law [IT/IP] 

8. IT risk and cyber security