1. Home
  2. Careers
  3. Jobs at bp
  4. Data Protection Officer

Data Protection Officer

Data Protection Officer

  • Location China - Central - Shanghai
  • Travel required Yes - up to 25%
  • Job category IT&S Group
  • Relocation available No
  • Job type Professionals
  • Job code 132472BR
  • Experience level Senior
Apply Search all jobs at bp

Job summary

Responsible for managing a large team to deliver information security and risk activities for the specialism, using highly advanced technical capabilities to contribute to strategic development by defining and implementing processes and procedures, resolving complex, high-risk security issues, evaluating and amending solutions and developing trusted relationships that improve the knowledge and capability within the specialism. Specialisms: Information Security Engineering; Information Security and Risk Management; Operational Security Management; Governance, Risk and Compliance; Forensics and Incident Response Management; Application Information Security.

Role synopsis

The Data Protection Officer will be responsible for advising on our compliance with the Cybersecurity Law of the People's Republic of China and Personal Information Protection Law and local data protection laws, monitoring our adherence to the Cybersecurity Law standards and acting as a point of contact with supervisory authorities and data subjects. You will also create policies that enforce compliance with legislation and deliver the Cybersecurity Law and Personal Information Protection Law trainings to our staff to increase awareness of data protection measures.

To be successful in this role, you should have in-depth knowledge of the Cybersecurity Law and Personal Information Protection Law and be familiar with our industry and the nature of its data processing activities. You should also know how to perform audits to our current procedures.

Ultimately, you will facilitate the Cybersecurity Law and Personal Information Protection Law compliance through transparent data protection policies, systems and procedures.


  • Coordinating and bearing direct responsibility for personal information security within the organization;
  • Supervising the implementation of a personal information protection work plan;
  • Developing, issuing, implementing, and regularly updating privacy policies and related procedures;
  • Maintaining records of processing activities by the organization (including the type of personal information, quantity, source, recipient, etc.);
  • Carrying out personal information security impact assessments and proposing countermeasures for personal information protection;
  • Organizing personal information security training; and
  • Act as a contact point, liaise and consult with the supervisory and management departments, and reporting on personal information protection and event handling;
  • Identifying and evaluate the company’s data processing activities, providing advice and instructions on how to conduct Data Protection Impact Assessments (DPIAs)
  • Monitoring data management procedures and compliance within the company, ensuring we address all queries from data subjects within legal timeframes (e.g. delete their information from our databases);
  • Participating in meetings with managers to ensure privacy by design at all levels, updating detailed guides on data protection policies;
  • Performing audits and determine whether we need to alter our procedures to comply with regulations, offering consultation on how to deal with privacy breaches
  • Arranging for training on compliance for employees;
  • Following up with changes in law and issue recommendations to ensure compliance.
  • Promoting bp’s Values & Behaviours and Code of Conduct in supporting of Ethic & Compliance’s Strategy for bp to be respected as an ethical company.


  • Experience and track-record in data protection and legal compliance
  • Solid knowledge of the Cybersecurity Law of the People's Republic of China and Personal Information Protection Law
  • Work experience in data protection and legal compliance is a plus
  • Knowledge of data processing operations in the oil & gas/energy industry is preferable
  • Familiarity with computer security systems
  • Ability to handle confidential information
  • Ethical, with the ability to remain impartial and report noncompliance
  • Organizational skills with attention to detail
  • Ability to manage in a matrix reporting structure with multiple stakeholders and effectively coordinate activities across organizational boundaries
  • Strong work ethic, initiative, and creativity to achieve identified goals.
  • Excellent communication and interpersonal skills – capable of advising on E&C matters and adopting a variety of styles to achieve the desired results and build consensus with diverse partners
  • Ability to develop and deliver training materials
  • Fluent in both written and spoken English/Mandarin

Apply Search all jobs at bp