For US-based job applicants - If you require assistance or accommodation in completing any aspect of the application process, please contact the Cathay Pacific Americas Talent Acquisition team at: jobs@cathaypacific.com

Going, going, gone...

Looks like this career opportunity is no longer available. We may have filled the position or it was taken down for other reasons. We know this isn’t what you were hoping for but we have great new opportunities opening all the time.

Start a new search now!

Data Protection Officer

  • Corporate Services
  • Hong Kong Special Administrative Region of China
  • Cathay Pacific
  • Application Deadline

Reports to: Senior Compliance Counsel, Group Compliance

Department: Group Legal and Compliance

Group Compliance is responsible for developing, implementing and managing the compliance programmes for the Cathay Pacific Group in all the countries in which it operates, with a particular focus on anti-trust, anti-bribery and data privacy.

As DPO for the Cathay Pacific Group, you will be responsible for facilitating compliance with the Hong Kong Personal Data (Privacy) Ordinance (PDPO), the EU General Data Protection Regulation (GDPR), other relevant data protection laws as well as implementing and managing compliance with the Cathay Pacific Group’s data privacy policies. The DPO will have responsibility for compliance across all the countries in which the Cathay Pacific Group operates.

This is a great opportunity for a driven, motivated and hard-working individual who wishes to take the next step in their career and to take responsibility for a global data privacy compliance programme. The DPO role will give the successful candidate the opportunity to work in a fast-moving and cutting-edge field, within an exciting and multifaceted business. The successful candidate will work out of Cathay Pacific’s offices in Hong Kong as part of a young and energetic team, and will work closely with a wide range of Cathay Pacific Group business units, including IT, Digital, and People.

Key Responsibilities

  • to monitor compliance with GDPR, PDPO and other relevant data protection laws, including assignment of responsibilities, awareness-raising and assisting with the training of relevant staff, including those involved in processing operations;
  • to inform and advise the Cathay Pacific Group and its senior management of its obligations and any risks under relevant data protection laws;
  • to develop, implement, manage and monitor internal policies and compliant processes for data protection, including with regards to collection, accuracy, retention, use, security, transparency, access and correction of personal data;
  • to assist and advise on data protection compliance audits and impact assessments, including advising on when they are required, what methodology to follow, outsourcing, safeguards, whether or not the data protection impact assessment has been correctly carried out, and whether its conclusions are in compliance with relevant data protection laws;
  • working closely with IT, to maintain and update Cathay Pacific Group’s register of processing operations which provides an overview of all personal data processing operations being carried out;
  • to coordinate, in relation to the above responsibilities and data protection generally, with other key teams within Cathay Pacific Group, including IT, People and Digital;
  • to act as liaison and contact point between the Cathay Pacific Group and relevant data protection authorities;
  • to act as contact point for data subjects with regard to all issues related to processing of their personal data and to the exercise of their rights;
  • to act as intermediary between relevant stakeholders (e.g. supervisory authorities, data subjects, and Cathay Pacific Group BUs);
  • with Group Compliance, to report and to work closely with Senior Management on important data protection compliance issues and risks to identify solutions and to express an opinion as to the best path forward to address such issues and problems that best meets the needs of the Cathay Pacific Group;
  • with Group Compliance, to reporting at various Steering Committee meetings to keep Senior Management abreast of changes to data protection laws; and
  • to assist Group Compliance with non-data protection compliance enquiries such as anti-bribery and anti-trust.


  • A good knowledge of Hong Kong and European data protection laws and practices and an in-depth understanding of the GDPR.
  • 6+ years of experience specializing in data protection and privacy, e.g. a 6+ year PQE data protection lawyer, a compliance professional with 6+ years of data privacy experience or an IT specialist with 6+ years’ experience of dealing with IT security and data privacy issues.  In-house experience in an organization that has substantial personal data operations is preferred.
  • Experience of promoting a data protection culture in a large organization is an advantage.
  • Fluent spoken and written English.  Good spoken and written Cantonese and Mandarin is an advantage.
  • Excellent communication and presentation skills and able to interact with Senior Management with polished interpersonal skills.
  • Able to work and solve problems independently with minimum supervision. High attention to detail, and able to see and understand the bigger picture.
  • Extremely well organized and good at planning and managing his/her time as well as others.
  • High proficiency in office applications (including Word, PowerPoint, Excel and Sharepoint).
  • Ability to work flexibly and on multiple tasks.
  • Mature and has a high sense of responsibility and accountability for their work.
  • Able to work with minimal supervision and guidance.
  • Excellent team player and able to work with people at all levels across the organization.

Application deadline: 12 April 2018

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.

Apply now