Data Privacy Specialist: Responder

About the role

Make an impact with NTT DATA Join a company that is pushing the boundaries of what is possible. We are renowned for our technical excellence and leading innovations, and for making a difference to our clients and society. Our workplace embraces diversity and inclusion - it's a place where you can grow, belong and thrive. Your day at NTT DATA The Data Privacy Specialist reporting into the NTT DATA, Inc. Group Global Data Privacy Center of Excellence, will be responsible for supporting the effective operation of NTT DATA Inc. Group's global Data Privacy program by managing personal data breach response activities, data subject requests and central data privacy enquiries. The role is responsible for ensuring timely, accurate, and regulator defensible handling of privacy matters, working closely with Legal, Office of Information Security (OIS), IT, People and Culture (P&C), Data Protection Officers (DPO) and business stakeholders to ensure compliance with applicable data protection laws and internal standards. Key Roles and Responsibilities Personal Data Breach & Incident Response Management Coordinate the global intake, triage, and coordinated management of actual or suspected Data Privacy Incidents, including Personal Data Breaches, unauthorized processing, and other privacy non ‑ compliance. Perform an initial assessment and classification of incidents (Minor, Major, Critical) by collecting, validating, and documenting incident information provided by Incident Management Teams and business stakeholders. Perform and document Minor risk assessments, including assessment of potential harm to Data Subjects and identification of applicable notification obligations under relevant Data Protection Legislation and support Major and Critical ones with the Incident Management Teams. Coordinate with Legal, DPOs, Incident Management Teams, and business stakeholders to support the preparation, review, execution, and evidence retention of required notifications to Clients, Data Subjects, Data Protection Authorities, and other stakeholders, where required. Maintain comprehensive breach registers, investigation records, and decision rationales on OneTrust to support audit, regulatory review, and accountability obligations. Contribute to the ongoing improvement of Incident Management Process, including development of templates, and standard operating procedures. Support the preparation of Incident metrics, trend analysis, and reporting to demonstrate compliance and inform continuous improvement. Data Subject Requests (DSR) Management Manage and coordinate the end‑to‑end intake, triage, investigation, and response to Data Subject Requests (DSRs), including access, correction, deletion, restriction, objection, portability, and consent withdrawal requests in line with applicable data protection laws and internal policies and procedures Work closely with IT, Legal, P&C, Marketing, OIS, DPO's and business stakeholders to identify relevant systems, data sources, and records required to fulfil DSRs accurately and within statutory timelines. Assess the validity, scope, and complexity of requests, applying exemptions and limitations where appropriate, escalating complex or high‑risk matters to DPO's or legal stakeholders and ensuring requests are handled in a fair, lawful, transparent, and secure manner. Ensure that all DSR activities, decisions, consultations, and outcomes are documented, logged, and retained in accordance with record keeping and confidentiality requirements. Contribute to the ongoing improvement of DSR, including development of playbooks, templates, and standard operating procedures. Support the preparation of DSR metrics, trend analysis, and reporting to demonstrate compliance and inform continuous improvement. Global Data Privacy Inbox Management Monitor and manage the central Global Data Privacy group inbox, acting as a first point of contact DSR and Incidents requests and assign the other privacy requests to the other privacy areas. Ensure timely, consistent, and well documented responses, aligned to global Data Privacy policies, standards, and approved guidance. Identify recurring themes, pain points, and knowledge gaps in queries to inform updates to guidance materials, training, and process enhancements. Knowledge, Skills and Attributes Demonstrates a high level of accuracy, thoroughness, and attention to detail, particularly when handling sensitive personal data and regulatory‑driven activities Strong analytical and critical thinking skills, with the ability to assess privacy risk, impact to individuals, and regulatory obligations Demonstrates a pragmatic, risk‑based approach to data privacy, balancing compliance requirements with operational realities Strong written and verbal communication skills, with the ability to produce clear, structured, and defensible correspondence and documentation Ability to manage high‑volume, time‑critical casework (e.g., Data Subject Requests, incidents