With a fleet of 258 modern container ships and a total transport capacity of 1.9 million TEU, Hapag-Lloyd is one of the world’s leading liner shipping companies. The Company has around 14,000 employees and 400 offices in 135 countries. Hapag-Lloyd has a container capacity of 2,9 million TEU – including one of the largest and most modern fleets of reefer containers. A total of 115 liner services worldwide ensure fast and reliable connections between more than 600 ports on all the continents. Hapag-Lloyd is one of the leading operators in the Transatlantic, Middle East, Latin America and Intra-America trades.

Main Objective

  • To ensure compliance with Data Protection for all entities in the Area China in accordance with local legal requirements/legislations as well as EU General Data Protection Regulation (GDPR).
  • To ensure compliance with Information Security and Data Privacy for all entities in China in accordance to China Cybersecurity, Data Security and Privacy requirements/legislations.
  • Establish policies, guidelines and procedures to ensure consistency and proper management of security & privacy risks across all entities in China.
  • Provide data protection training and mentoring to key stakeholders of the various data protection functions across the entire China organization.
  • Lead and develop capabilities and solutions to enable a cyber-secured working environment.
  • Contribute with knowledge and support to ensure that information and information systems are managed in a secure and compliant manner across all entities in China.
  • To engage with vendors and customers in order to ensure full compliance along the entire supply chain of Hapag-Lloyd in China.
  • Work closely with central DPO team to implement organization-wide initiatives to conform to internal best practice and group policy.

Tasks

  • Fulfil the tasks of the designated role of DPO for China
  • Ensure compliance with China Cyber Security Law (CSL), Multi-level Protection Scheme (MLPS),
  • Personal Information Protection Law (PIPL) and other related laws and regulations in China
  • Consistently inform and advise the management team and central DPO team on governance, accountability and risk in China
  • Regularly lead and deliver the necessary assessments for the applicable laws and regulations in China, e.g., Privacy Impact Assessment and Cross-Border-Data-Transfer
  • Establish and maintain the data protection management system for China in line with the group policy.
  • Work closely with the Corporate Data Protection team to implement organization-wide initiatives to conform to internal best practice and group policy.
  • Actively contribute to building the overall knowledge base of the DPO teams globally
  • Lead and drive change management for data protection governance throughout the organization in China.
  • Ensure proper management, monitoring and reporting of data protection & security risks across the Hapag-Lloyd organization and supply chain in China.
  • Create,  implement, review and keep up-to-date strategies, policies and processes to ensure consistency and proper management of data protection compliance with cybersecurity, data security and personal security regulations and laws in China
  • Identify new and modified China Cybersecurity data compliance requirements covering data protection including personal information and important data protection (as defined by the government), and facilitate development of new solutions
  • Operatively manage and deliver data protection: training, consultation, and mentoring to key stakeholders manage data protection incidents and data subject requests
  • Negotiate data protection and Cybersecurity safeguards with group entities and vendors, ensure that group entity and vendor contracts are compliant with Chinese legislation, e.g., update to the required Standard Contractual Clauses
  • Ensure the documentation of personal data processing (data mapping incl. processes, assets, vendors and risks) as well as for incidents and data subject requests is kept up-to-date by the internal stakeholders in line with the corporate data protection strategy.

Qualifications and Technical Job Requirements

  • 6-8 years’ experience as a Data Protection Officer
  • Law Graduate or Bachelor of Engineering, majoring in Computer Sciences or engineering, or information security preferred.
  • A good understanding of applicable and accepted security and audit frameworks (such as COBIT and ISO), laws and regulations (China Cybersecurity Law, PIPL etc) & IT general controls
  • Certifications: Information Security, risk management and data privacy related certification (e.g. CISA, CISM, CISP, CISSP and etc.) will be a plus.
  • Fluent English skills and one or more languages spoken in the region to engage stakeholders.
  • Possess the ability to think strategically, assess risks and explain the potential consequences
  • Positive can-do mentality, creativity and high motivation level.
  • Demonstrate interest in business matters and events outside specialty and continually improve knowledge and skills.
  • Present ideas in a systematic and logical sequence of writing.
  • Develop systematic and detailed action steps and timeliness for accomplishing new projects when plans for previous projects do not apply.

Contact person

Jing Jean Li HR - Talent Acquisition & Development