Privacy Officer

Overview:
**We are PepsiCo**

PepsiCo is proud to be one of the world’s leading food and beverage companies. Every day, we are dedicated to bringing our mission to create more smiles with every sip and every bite to life. Our products are enjoyed more than one billion times a day in more than 200 countries and territories around the world. Our portfolio — including Lay’s, Doritos, Gatorade, Pepsi and Quaker — consists of many iconic brands that generate more than US $1 billion each in estimated annual retail sales, helping to deliver more than US $70 billion in net revenue in 2020.

Guiding PepsiCo is our vision to Be the Global Leader in Beverages and Convenient Foods by Winning with PepsiCo Positive. Through PepsiCo Positive, we are charting a new course to drive positive action for the planet and people. PepsiCo Positive is an end-to-end strategic business transformation with sustainability at the centre of how we will create growth and value by operating within planetary boundaries and inspiring positive change.

In South Africa (SA), you will find our products across the region at breakfast, lunch, or dinner. At the gym or on the field. In the office or on the go. We refresh, restore, and rejuvenate our consumers all day, every day with our key brands including Simba, Lay's, Liqui Fruit and Bokomo range of cereals. PepsiCo SA employs more than 13, 000 people across our three business divisions: Bakeries, Grains, Foods, Fruit, Snacks, Juice & Beverages.

**Responsibilities**:
**What we’re looking for**:
Were looking for a Privacy Officer to join our team.

The Privacy Officer takes responsibility to drive compliance to all data privacy laws (this includes, but is not limited to; POPIA, PAIA, etc.) through developing and driving implementation of data privacy frameworks, policies, procedures and controls across South Africa inclusive of Namibia or Botswana and where PepsiCo SA operates on thr continent of Africa.

POPIA specific includes:

- Ensuring the Company to comply with relevant Privacy Laws;
- Communicating with the Information Regulator, including working with the Information Regulator in relation to data breach investigations;
- Regular and ad hoc reporting on privacy compliance (CEO / ICRM / any applicable forums);
- Monitoring changes to local privacy laws and making recommendations to the applicable privacy compliance forums when appropriate;
- Maintenance of the PepsiCo SA privacy compliance framework and ensure it is implemented, monitored; &
- The management of POPIA related projects in order to ensure compliance.

PAIA
- Developing PAIA Manual and ensuring that the Manual is aligned to legal requirements.
- Managing PAIA queries from the public and reporting to the Informaiton Regulator as and when required.

**Accountabilities**

The encumbant in the role will be required at any given time, for the below accountabilities, to make decisions and/or be informed and/or provide consultation and/or execute actions to manage impact on PepsiCo SA BU and AMESA Sector

POPIA Accountabilities, include:

- Establish and Develop standards, framework, control and polices through driving and supporting the implementation and integration of and embedding of privacy principles, policies, standards, and controls into standard business processes.
- Actively support the business on the embedding of current privacy policies, standards, and controls into “Business As Usual”, including third parties who process PEP personal data. This will involve assisting to formulate, embed and enforce protocols and ways of working with system owners across the business to ensure privacy risks are identified and addressed in system design as early as possible and prior to PepsiCo implementation and/or onboarding.
- Ensure that a Personal Information Impact Assessment (PIIA) is completed by functions and business through facilitating the execution and completion of PIIAs by business units (BUs) and functional stakeholders, documents remediation plans, monitors their execution and provides appropriate updates to Privacy Councils / relevant reporting forums. This also involves if PIIAs trigger a high-risk processing activity that may need to be escalated to Sector Privacy Director / DPO.
- Ensure continuous engagement with the Information Regulator including but not limited to keeping abreast with evolving regulatory requirements, working with the Regulator in relation to investigations around data breaches and reporting updates to the Regulator (where guided by law), Legal and/or Privacy Governance forums. And addressing data privacy and related requests from the Regulator/s.
- Ensure use and adoption of the SA Retention Policy and Schedules by the business and functions. Implement business initiatives to embed the policy into business-as-usual processes post the use of the record on business systems and monitor the end of use.
- Work directly with BUs and Functions to develop, create and maintain a log of proc