JOSEFINA PALMIERI

• Privacy support for existing business models on data collection, consent, storage, policies, procedures, data usage and sharing with third parties.
• Ensure compliance with applicable laws in upcoming IT projects: webs, Apps, software applications webs, and E-commerce, (RGDP, LOPD, & LSSI) when personal data is involved.
• Support on issue management and security incident report (SIR) involving personal data (unauthorized access or disclosure according to the internal protocols and procedures.
• Permanent monitoring: Ensuring regularly that data processing applications and processes are compliant.
• Monitor that the Record of processing (both as Data Controller and Processor) is up-to-date.
• Ensure data transfer safeguards, or if SCC are applicable according to jurisdiction.
• Work closely with the security team to monitor compliance with data security requirements.

• Advising on compliance and IT legal protection, GDPR, LOPD, and LSSI
• Setting up and reviewing data privacy policies, GDPR annex, (Data Controllers & processors), contracts reviews, implement Standart contractual Clauses (SCC), data breach procedures, according to GDPR, LOPD
• Conduct internal controls, risk evaluations and manage security and technical incidents
• Advising on the type of processing using new technologies are eligible for a DPIA.

• Ensure and monitor compliance on Digital marketing, programmatic Advertising, retargeting and branding campaigns, and new technologies applied, according to LOPD, GDPR, LSSI, EU and non-EU legal frameworks (US, UK, Latam)
• Act as the main responsible for data privacy (DPO) and report directly to the boards about any risk
• Draft and review agreements and relevant legal documents (DPAs, data transfer agreement (DTA) transactions, commercial, NDAs, etc.)
• Ensure data privacy by design and default on upcoming technologies
• Counsel in legal matters concerning data protection on upcoming projects and developments across the company
• Manage sanction files about GDPR.
• Collaborate with legal counsel on compliance-related matters.
• Monitored industry regulations and updated practices accordingly.
• Ensured data privacy standards were consistently met organization-wide.

• Responsible for ensuring compliance with regulations, i.e: MiFID II, PS2D, LSSI, LOPD, GDPR, DPAct
• Appointed responsible before supervisory authorities i.e: Agencia española de Proteccion de Datos (AEPD), Information Commissioner's Office (ICO) and SEPBLAC.
• AML : point of contact before SEPBLA:
• Reviewed loan portfolios for credit quality and risk exposure.
• Provided guidance on the implementation of new or revised AML policies, procedures and systems.
• Completed annual examination of credit union policies and procedures to check compliance with applicable laws and regulations.
• Investigated consumer complaints against financial institutions.

• Deployment of global compliance projects, i.e
• Technology, Global Mobility, and international assignments.

Compliance:

• Collaborated with the Compliance Officer and cross-functional teams to address compliance concerns.
• Reviewed contracts and agreements for legal compliance considerations.
• Ensured adherence to industry-specific rules, laws, and guidelines.
• Contact regulatory authorities for approvals and consultations
• Reviewed records in cases of potential liability and determined compliance actions.
• Conducted thorough risk assessments to identify potential compliance issues.
• Supported internal and external auditing teams conducting impartial compliance reviews.
• Evaluated third-party vendors for adherence to necessary regulations.
• Enforced regulatory policies and procedures across different teams and programs.

Data Privacy:

• Assist the DPO with full deployment of the GDPR across the company implementing data protection by design and default
• Handle all Data subject´s rights and requests
• Work closely with the IT team to ensure Data privacy by designing new tech develops (Digital identification, apps, etc
• Examine and monitor Data Protection Agreements (DPAs) and Data Privacy Standard Contractual Clauses (SCCs).

• Perform audits and financial reports and map risks analysis
• Review professional standards (ISO regulations), and statutory, and financial legislation