.

 

When it comes to putting people first, we're number 1. 

The number 1 Top Employer in South Africa. 
Certified by the Top Employer Institute 2025.

Role Purpose/Business Unit:

 

(Note: the role will be part of a team of 5 senior specialist fulfilling one or more of the following on a rotational basis)

 

To identify, document and assess Vodacom SA’s existing  processing of personal information activities(and changes in such activities) in order to identify privacy risks and issues and assist business operations to mitigate same and implement appropriate privacy control measures. To conduct privacy impact assessments (Privacy by Design & Assurance) of new processes, products and systems to be launched by Vodacom SA in order to to identify privacy risks and issues and assist business operations to mitigate same and implement appropriate privacy control measures before launch.To assist in the development, implementation and rollout of the privacy program elements and controls across Vodacom SA and its subsidaries in order minimize compliance risks and  ensuring adherence to Vodacom/Vodafone privacy frameworks, policies, standards and methodologies. Support the Privacy Governance, Risk and Control (GRC) function to execute on their privacy control monitoring, risk management, assurance and reporting activities.To assist in Vodacom SA privacy counsel and governance activities, which includes setting out data processing agreements; monitoring regulatory/legislative developments; updating company policies, processes and procedures in line with new privacy requirements; supporting data subjects in exercising their privacy rights; and supporting regulatory engagement activities (such as compliance reviews and addressing privacy complaints).To assist in the development and fulfilment of privacy training and awareness initiatives across the Vodacom SA privacy capabilities.To support the customisation and adoption of the above for purposes of Vodacom group-wide adoption and application. Your responsibilities will include:

 

Personal Data Processing Register(PDPR)

Ensure the PDPR is maintained and up-to-date in line with Vodacom standards and methodologies, including but not limited to the linking of business processes and data flow maps. Moreover, identify and conduct privacy assessments on existing processes, products & assets processing personal information in line with Vodacom SA requirements and quality assurance standards.

Conduct Privacy Impact Assessments (PIAs): 

Assess privacy risks for new projects, systems, or processes, and recommend risk mitigation strategies. Collaborate with cross-functional teams to design and integrate privacy considerations into new processing activities. Collaborate with technical teams to implement privacy-by-design principles and perform technical assessments of systems, applications, and infrastructure to ensure compliance with privacy requirements.

Conduct Privacy Training and Awareness: 

Deliver privacy training and awareness initiatives, educating employees on policies, regulations, and best practices. Foster a privacy-conscious culture

Compliance, Monitoring, Reporting

Conduct privacy assurance reviews and assessments, including self assessments (evidence based testing) of privacy activities and controls and communicate critical risks and issues to management. Perform oversight of remedial actions to address privacy risks and issues identified. Prepare privacy reports for various stakeholders and committees (including the Vodacom Group Privacy Steering Committee, Privacy KPI quarterly reporting). Monitor the implementation of the privacy program by Vodacom SA subsidiaries.

Privacy compliance/legal advisory and support

Provide privacy compliance/legal advisory and support to Vodacom SA’s business operations, which includes adherence to the Protection of Personal Information Act, No 4 of 2013 (POPIA).

Supplier Compliance/Data Processing Agreements (DPA)

Assess suppliers involved in the processing of personal information to ensure that same is compliant and risk rated and supplier inventories are created accordingly.  Moreover, ensure an up to date register of all data processing agreements for these suppliers  is available and up-to-date.

Engagement with regulators and external parties on privacy matters

Assist in actioning/resolving regulator requests and queries, including the reporting of privacy incidents and responding to privacy complaints raised through the regulator. Moreover, assist in actioning/resolving customer privacy complaints. The ideal candidate for this role will have:

 

Strong educational background in a relevant field such as Legal/Compliance/Information technology/Engineering/Commercial/Business degree or privacy-related disciplines ( NQF 7 equivalent).Additional professional relevant certification will be an advantage such as CIPP/E, CIPT, or CIPM from the International Association of Privacy Professionals (IAPP).A minimum of 5 years relevant experience essential, with exposure to the following:Legal, Risk and complianceBusiness process related workAbility to build relationships and influence at all levels of an organisationExceptional organisational and communication skillsExcellent reporting skillsExperience in conducting privacy impact assessments and fulfiling the role of the Data Privacy/Protection Officer will be advantageous. 

 

Core competencies, knowledge and experience:

 

Process knowledge, including business analysis and data flow mapping

Ability to map or willing to learn to map business processes and data flows. Knowledge of telecoms processes and functions will be an advantage.Ability to understand data flows and business processes and assist in creating visual representations of same processing personal information.

Privacy Impact Assessments
Experience in conducting privacy impact assessments and/or the implementation of privacy-by-design principles using clearly defined methodologies or tools.

Risk & Compliance

Ability and knowledge to assess business activities and advise on the processing of personal information in compliance with privacy laws and regulations such as POPIA.

Self-starter

Ability to work independently with high standard of accountability  problem-solving ability and owning responsibility around decisions, timelines and quality.

Business Skills & Stakeholder Management

Excellent stakeholder management skills across all levels of the organisation. Experience within the technology & Telecoms industry & extensive exposure to working in a team environment.We make an impact by offering:

 

Enticing incentive programs and competitive benefit packagesRetirement funds, risk benefits, and medical aid benefitsCell phone and data benefits, advantages fibre connection discounts, and exclusive staff discounts offered in collaboration with partner companies

 

Closing date for Applications: 27 February 2025. 

The base location for this role is Midrand, Vodacom Campus. 

The company's approved Employment Equity Plan and Targets will be considered as part of the recruitment process. As an Equal Opportunities employer, we actively encourage and welcome people with various disabilities to apply.
Vodacom is committed to an organisational culture that recognises, appreciates, and values diversity & inclusion.