CIB Data Protection Correspondent (DPC) RISKS HUB

February 5, 2024

CIB Data Protection Correspondent (DPC) RISKS HUB


  • Contractor/ Via Agency
  • ES-MD-Madrid
  • RISK
Apply for this job

CIB Data Protection Correspondent (DPC) Job description

BNP Paribas Group Overview

BNP Paribas Group has a presence in 75 countries with more than 185,000 employees, including 145,000 in Europe. It ranks highly in its two core activities: Retail Banking & Services and Corporate & Institutional Banking.

Strong risk management, combined with the stability that comes from being part of one of the largest banking groups in the world, underpin our success.

DPC Team and positioning

BNPP Group Personal Data Protection framework, defined to respond to the new General Regulation on Data Protection relies on the accountability of teams within BNPP entities and territories in their processing of Personal Data (customer, employees, UBOs, representatives of corporate, vendors, etc.)

DPC is positioned within RISK function and will report to CIB Business Line DPO. He will be responsible for the scope composed of Securities Services, Global Market and Global Banking.

·       Data protection correspondent will join a Team with more than 20 different nationalities and super good environment, located in Madrid. You’ll become a team that spans cultures and backgrounds

·       Worldwide scope working within all business lines in BNP Paribas

·       Possibility to work from home more than 50% of journey

·       Direct report to the CFO of Data protection in Paris

·       Good remuneration and Bonus Pool

·       MOBILITY inside the Group

Key direct responsibilities

A DPC will be appointed with the following key direct responsibilities within his / her scope:

  • Communication with external stakeholders, Data Protection Authorities and data subjects, supporting the DPO and Participate in exchanges with the relevant DPA and cooperate with the DPA, based on DPO’s instructions
  • Matters related to organization and framework related to personal data protection within his / her scope: Contributing to the monitoring of the regulatory landscape on data protection regulations.
  • Participate in committees on / in relation to personal data protection at local level, cooperate with the Country DPO

Assist on the following topics:

·       Review and advise on implementation of Group policies and guidelines on Personal Data Protection and monitor consistency in their implementation

·       Review and advise on implementation of Privacy by design principles from the design stage and during the life-cycle of all projects, products, services, activities, processes and systems

·       Provide advice on Privacy Impact Assessment (PIA)

·       Review and advise on implementation of Personal Data Security principles and management of personal data breaches

·       Monitor the local implementation of Group security strategy in line with Personal Data Protection regulatory requirements

·       Contribute to risk evaluation in case a personal data breach occurred

·       Support the relevant DPO to oversee the Records of processing activities (“Register”)

·       Review and advise on rules regarding record of processing activities (“Register”)

·       Monitor record of processing activities (“Register”) is kept up to date, filed under the responsibility of the controller / processor, in line with defined rules

·       Support the build and implementation of an awareness program

·       Contribute to the promotion of a data protection culture within his/her scope of responsibility

·       Check that trainings to the employees involved in processing activities are sufficient and provided on a periodic basis to maintain data protection awareness

This position will involve 2LoD controls testing against GDPR requirements, for: personal data processed across the organization; high risk activities, new products and activities which involve personal data and testing of IT systems in addition to testing of business operations, such as preparing independent reporting and inform the DPO on critical points to be escalated to Senior Management 


·         6 + years’ experience with significant knowledge and experience in Data Protection/Privacy and banking sector

·         Understanding of data processing operations, including business applications and data use

·         Experience in transversal management and working

·         Experience in interacting with regulators will be a plus

·         Experience of managing compliance programs on regulatory requirements

·         Strong knowledge and interest in Information Technology, digital and new technologies and understanding of information security controls and principles

·         Strong knowledge about banking will be a plus

Behavior and soft skills

DPC should demonstrate:

·         Independency, objectivity and integrity.

·         Excellent writing and communication skills – allowing him/her to act as a communicator across the bank, on behalf of the DPO

·         Fluent in English (mandatory), national language (language of the country where DPC exercises)

·         Demonstrating a high-level of commitment and self-motivation, combined with enthusiasm and a genuine interest in order to be a successful DPC


·         Be a role model, supporting and fostering a culture of good conduct

·         Demonstrate proactivity, transparency and accountability for identifying and managing conduct risks

·         Consider the implications of your actions on colleagues, partners and clients before making decisions

·         Take responsibility for your team’s conduct and conduct risks


Qualification on Data Privacy is highly appreciated. He/she will be required to enrich his/her competencies with additional professional qualifications relevant to Data Protection, such as:

·         IAPP Information Privacy Professional/Europe (CIPP/E) or Certified Information Privacy Professional/ IT (CIPP/IT)

·         Certified Information Privacy Manager (CIPM)

·         Practitioner Certificate in Data Protection (PC.dp)

·         Fellow of Information Privacy (FIP)

·          ISEB Data Protection or equivalent data privacy qualification

                       Our benefits

·     Diversity and Inclusion Committee that ensures an inclusive work environment. In recent years, several employee communities have been created to organize diversity and inclusion awareness actions (PRIDE, We Generations and MixCity)

·       Corporate volunteering program (1 Million Hours 2 Help) in which employees can dedicate time out of their working hours to volunteer activities

·       Flexible compensation plan

·       Hybrid telecommuting model (50%)

·       31 vacation days

Offers you may be interested in