Data Protection Officer

About AstraZeneca

AstraZeneca is a global, science-led, patient-focused biopharmaceutical company that focuses on the discovery, development and commercialization of prescription medicines for some of the world’s most serious diseases. But we’re more than one of the world’s leading pharmaceutical companies.

The Data Protection Officer in India should meet global privacy expectations while addressing India’s specific regulatory landscape, notably the Digital Personal Data Protection Act, 2023 (DPDP Act) and DPDP Rules, sectoral regulations, and cross-border operations, including working knowledge of GDPR. The Data Protection Officer combines legal, technical, and governance expertise to design, implement, and oversee privacy programs.

The role reports to the Area Compliance Director Asia Area.

Typical Accountabilities

• Function as the company’s Data Protection Officer
• Practical understanding of the DPDP Act, 2023 and applicable DPDP Rules
• Ability to interpret and apply obligations of Data Fiduciaries and Significant Data Fiduciaries
• Hands-on experience with DPDP-aligned operational artefacts (DFDs, processing inventories, consent records, purpose mapping)
• Strong understanding of the personal data lifecycle under DPDP (collection, use, storage, sharing, retention, erasure)
• Experience handling cross-border transfer of personal data in line with DPDP requirements
• Ability to translate DPDP compliance requirements into clear, business-focused guidance
• Working understanding of “reasonable security safeguards” and organisational controls under DPDP
• Experience managing data processors and vendors in line with DPDP obligations
• Capability to assess, document, and manage personal data breaches and notifications under DPDP
• Independent judgment to advise management and identify DPDP compliance risks
• Ability to design, implement, and scale DPDP governance frameworks across the organisation
• Work closely with the Compliance Manager and ensure that robust governance, processes and systems are in place
• Maintain professional & effective collaboration with Assurance Partners to ensure a high level of assurance
• Share privacy activities with management and assure adequate improvement and follow up on identified gaps, corrective and disciplinary actions
• Work with Compliance Manager to ensure robust Local Compliance Committee (LCC) functioning
• Ensure MC Privacy policies, procedures and standards are up to date, aligned with global standards, accessible and fully implemented, with appropriate and trained policy, process and/or SOP owners
• Ensure local privacy risks are effectively assessed, managed, and coordinated with defined local risk owners
• Provide advice to and consulting on effective implementation and maintenance of 1st line monitoring activities
• Cascade, adopt and deliver regular privacy training and awareness campaigns through periodic communications and ensure the company tracks completeness of training (incl third parties and new starters).

Education, Qualifications, Skills and Experience

Essential

• Degree: Bachelor’s in law, information systems, computer science, Engineering, data science, cybersecurity
• Certifications: IAPP CIPP (Asia), CIPM, CIPT; security/governance certs like ISO/IEC DCPP (Data Protection Practitioner) would be advantageous
• Regulatory familiarity (India-specific): Deep knowledge of the DPDP Act 2023 and subordinate rules/notifications, CERT-In incident reporting directions, IT Act & SPDI Rules (legacy) where relevant during transition, and sectoral norms (e.g., RBI, IRDAI, SEBI, TRAI, MeitY guidelines).
• Experience: 3 to 5 years of experience focusing on data privacy, legal, or IT risk management.
• Technical Familiarity: Understanding of encryption, data masking, and anonymization techniques.

Desirable

• Experience from working in compliance
• Good persuasion skills and the ability to persuade stakeholders to adopt privacy-first approaches
• Demonstrable management skills and experience
• Good communication skills to enforce data minimisation strategies and other core privacy requirements
• Experience in different business cultures due to cross country interactions in the role

Key Relationships to reach solutions (Internal to AZ Teams)

• Global Privacy Specialist functions
• Global Compliance teams
• Area Leadership Team
• IT, Legal, Market Access
• Finance
• Medical
• HR
• Risk and Audit

External to AZ

• Third party vendors
• Pharma associations – Privacy Committees
• Regulatory bodies and the Privacy Board
• External Privacy networks in similarly regulated sectors
• Privacy counterparts at Strategic Alliance partners or during BD projects
• Data Protection/Privacy officers

Why AstraZeneca?

At AstraZeneca we’re dedicated to being a Great Place to Work. Where you are empowered to push the boundaries of science and unleash your entrepreneurial spirit. There’s no better place to make a difference to medicine, patients and society. An inclusive culture that champions diversity and collaboration, and always committed to lifelong learning, growth and development. We’re on an exciting journey to pioneer the future of healthcare.

Key skills/competency

• Data Protection Act (DPDP Act)
• GDPR knowledge
• Privacy Program Management
• Risk Assessment
• Compliance Auditing
• Information Security
• Data Governance
• Regulatory Reporting
• Stakeholder Management
• Incident Response