What you will do:

  • Build a record of processing activities (ROPA) to capture the end-to-end inventory of data processing.
  • Build, review and enhance the data protection related policies, standards, and procedures according to applicable internal and external requirements.
  • Provide consultation and advice related to data privacy practices for internal stakeholders.
  • Responsible for data processing request review and obtaining the necessary approval to ensure alignment with business needs pursuant to existing policies and procedures.
  • Responsible for handling Data Subject Access Requests (DSAR) from the Group’s member company.
  • Report and coordinate on the data breach incident and investigation, including responding to Authorities Queries.
  • Conduct Quarterly audit on data protection compliances and practices, provide recommendations and action plan.

What this role needs:

  • Bachelor’s Degree in Law (Digital Law, Technology Law) or related study
  • Have an experience of working in data privacy, data protection or related field
  • Strong fundamentals in concept of privacy and data protection is a must
  • CIPM (Certified Information Privacy Manager) certification, CIPT (Certified Information Privacy Technologies), Certified Information Privacy Professional (CIPP) and/or other Data Protection Officer related Certification will be an advantage
  • Strong understanding of the Indonesian PDP Bill is a must and other countries’ data protection law will be an advantage
  • Ability to work well and manage sensitive and confidential information
  • Excellent verbal and written communication skills, with strong attention to detail
  • Great interpersonal skills and ability to work well both independently and as part of a team


Tokopedia is affiliated with the GoTo Group companies, and all authentic jobs/open positions listed by Tokopedia can ONLY be accessed via our official channels which are Tokopedia on LinkedIn, Glassdoor, Indeed, and tokopedia.com/careers. In case you are contacted by our Recruitment team, please ensure that the communication and information are coming from a valid and verified Tokopedia domain – *@tokopedia.com. If you are contacted by any third party outside of the authenticated channels highlighted above, please write to us at recruitment@tokopedia.com to validate the job/open position. This is to avoid any potential instances of fraud and to ensure your safety and security during the job application process.