Global Data Protection Guardian

ØCoordinate with GRC Privacy Office, to ensure that Arab Bank Bahrain Privacy and Data Protection Program is in compliance with applicable local regulatory requirements by:

§Assisting the Data Controller in exercising its rights and adhering to its duties as prescribed under the provisions of the Personal Data Protection Law (“PDPL”).

§Monitoring compliance and data privacy practices internally to ensure all functions comply with the requirements under PDPL and related local Executive Decisions/Orders.

§Advising internal stakeholders on data privacy related matters, including but not limited to compliance, governance, policies and procedures.

§Report any privacy related violation immediately to the Data Controller to eliminate the causes of violation or undertake the necessary rectification as soon as possible. Further, to notify the Authority about violations which the Data Controller has not rectified nor eliminated its causes, after a period exceeding ten days from his notification thereof.

§Updating and reviewing data registers/Data Processing Activities (DPAs) periodically, and performing required validations.

§Maintaining a register of the wholly or partially automated decision making processes proposed/launched during the month and notify the Data Protection Authority as per the regulatory deadlines.

§Communicating changes to data registers to the Data Protection Authority (if required).

§Ensuring the completion of Privacy Impact Assessments (PIAs) through consultation with internal stakeholders.

§Coordinating data privacy audits ensuring timely resolution of issues identified.

§Developing and reviewing standard operating procedures, to ensure compliance with PDPL, including as it relates to appropriately obtaining consents from data subjects, sending notices to data subjects and responding to data subject requests as these are received.

§Managing PDPL complaints in coordination with GRC Complaints Management Unit and GRC Privacy Office.

§Identifying and documenting data privacy risks (KPIs & KRIs) by internal stakeholders and assisting to properly manage the identified risks.

§Assist business with understanding the data privacy basics and reviewing contractual data privacy clauses in compliance with internal engagement processes, service level agreements and agreements.

§Identifying of data privacy breaches and the co-ordination of required regulatory reporting whether emanating from third parties or internally (when applicable).

§Notifying the Authority where required.

§Submitting requests for prior authorizations and prior notifications from/to the Authority where required under the PDPL

§Liaising with the Data Protection Authority with respect to Arab Bank Bahrain’s implementation of specific provisions related to the processing of personal data, including inspections/examinations.

§Review new and enhanced products, services and initiatives from a Compliance and PDPL perspectives.

§Monitoring developments in local data privacy laws and regulations and recommend enhancements to applicable policies and procedures.

§Coordinating periodical PDPL training to relevant local stakeholders.

ØMaintaining current understanding of Country Risks including Central Bank of Bahrain relevant regulatory requirements, Bank products, services, systems, processes controls and customer types.

ØCompliance performance in line with Arab Bank Code of Conducts as well as Arab Bank P&P and local Laws and Regulations.

ØSupport GRC Privacy and Data Protection Office – Head Office with implementing Arab Bank Privacy and Data Protection Program that is aligned with Best Practice including in Arab Bank plc UAE and Arab Bank plc Qatar – actions include:

§Keeping pace with Privacy and Data Protection regulatory developments and best practice; and assisting in enhancing existing policies, procedures, and manuals accordingly as well as developing new procedures where needed

§Updating and reviewing data registers/Data Processing Activities (DPAs) periodically, and performing required validations.

§Preparing necessary authorizations to local data protection authority / Central Bank where required under local personal data protection legislation

§Partake in Privacy and Data Protection Office efforts towards harnessing a culture of privacy and data protection including via face to face and virtual awareness sessions to concerned Bank staff such as Privacy and Data Protection Champions

§Harness a Privacy by Design Approach and ensure the completion of Privacy Impact Assessments (PIAs) through consultation with internal stakeholders. Review of revised terms and conditions and customer Notices as part of new /revised initiatives impacting personal data processing

§Developing and reviewing standard operating procedures, to ensure compliance with local personal data protection legislation, including as it relates to appropriately obtaining consents from data subjects and responding to data subject requests as these are received.

§Assist business with understanding the data privacy basics and reviewing contractual data privacy clauses in compliance with internal engagement processes, service level agreements and agreements.