Senior Data Privacy/Protection Officer, DPO (based in Bangkok)

Apply Now

Bangkok (Central World Office)

About Agoda 

Agoda is an online travel booking platform for accommodations, flights, and more. We build and deploy cutting-edge technology that connects travelers with more than 2.5 million accommodations globally. Based in Asia and part of Booking Holdings, our 4,000+ employees representing 90+ nationalities foster a work environment rich in diversity, creativity, and collaboration. We innovate through a culture of experimentation and ownership, enhancing the ability for our customers to experience the world.

Get to Know our Agoda Legal Team: 

In the age of technology, things are constantly changing. The travel market is much the same, being more dynamic and complex than ever. Agoda’s Legal team is well suited to take on the challenges presented, adopting a proactive mindset to tackle challenges and solve problems. We are quick on our feet, decisive, and collaborate with multiple departments. We hire out-of-the-box thinkers that are well grounded with ethics and legal knowledge to ensure that Agoda achieves the right results, the right way. 

The Opportunity:

The Data Protection Officer (DPO) will ensure organizational compliance with the EU GDPR, Thailand’s PDPA, California’s CCPA and any other data protection legal requirements by overseeing data protection practices.

In this Role, you’ll get to: 

  • Act as Data Protection Officer (DPO) for Agoda.
  • Serve as the point of contact between Agoda and the relevant supervisory authority
  • Lead Agoda Data Privacy Program, Privacy Counsel and compliance activities
  • Adhere to Booking Holdings Global Privacy Program Standards expectations, reporting and oversight
  • Oversee Booking Holdings Global Privacy Shared Services Team and provide them local guidance and support
  • Oversee Agoda’s data protection strategy and implementation and ensure Agoda is complying with global data protection regulations
  • Create a culture of Data Protection Awareness
  • Ensure Privacy by Design and By Default being implemented on the new projects and enhancement
  • Develop, communicate and ensure compliance with organizational data privacy/protection and the related security policies and standards.
  • Create and manage data privacy and risk management awareness training programs for all employees, contractors and relevant parties
  • Responsibility for participation in risk management and data governance meetings, and data privacy exec committee meetings, especially related to sensitive/personal data
  • Provide information and guidance on the processing of all personal data
  • Process, co-ordinate and respond to all requests for information
  • Maintain and establish a register of data owners for sets of information and educate the data owners on their responsibilities (what is data, how is it used, who has access to it)
  • Maintain data inventories and data flow maps as necessary
  • Actively lead and participate in data incidents, including possible claims
  • Assist with investigations into complaints about breaches of the act and undertake reporting/remedial action as required. Maintain a log of any incidents and remedial recommendations and actions
  • Interpret and provide guidance to the organization on forthcoming and actual changes to relevant legislation or other global privacy mandates
  • Promote data protection awareness throughout the organization by providing training and written procedures that are widely disseminated and made available to all staff and branch officials

What you’ll Need to Succeed:

  • An ability to cultivate and build collaborative working relationships with a broad range of enterprise stakeholders
  • A well-developed understanding of and appreciation for business needs
  • A well-developed understanding of and appreciation for organizational mission, values, and goals and consistent application of this knowledge
  • Strong decision-making capabilities, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one
  • An ability to effectively influence others to modify their opinions, plans, or behaviors
  • An ability to communicate complex and technical issues to diverse audiences, orally and in writing, in an easily-understood, authoritative, and actionable manner
  • A working knowledge of the following areas of technical expertise: privacy, European data protection laws, security practices, IT systems and processes 



It’s Great if you have:

  • 10+ years of relevant working experience and experience working for multinational organizations
  • 8+ years of relevant working experience in privacy and/or IT
  • English fluency required
  • Experience in DPO role and legal background on global and local data privacy regulatory is desirable
  • CIPP Certification required
  • Knowledge of Information Security is considered an asset
  • Ability to display a proven track record of leadership in creating and implementing new program directions and initiatives and build and establish excellent business relationships within IT and related departments to maximize efficiency and opportunities to improve an organization
  • Ability to communicate a clear vision to continually advance the organizational security posture, with key milestones and measurements for success
  • Ability to handle difficult or sensitive situations, think strategically, synthesize business data, and develop innovative and holistic business solutions that are forward thinking and growth-oriented
  • Expert knowledge of data protection law and privacy practices
  • Expert knowledge of European data protection laws and practices, particularly GDPR
  • Advanced knowledge of IT systems, processes, and information security practices
  • Ability to communicate with internal stakeholders, data protection authorities, and customers


#DPO #legal #DataPrivacy #seattle #sanfrancisco #beijing #newyork #london #bangkok #singapore #chicago #hongkong #taipei #amsterdam #tokyo #seoul #moscow #paris #telaviv #dublin #warsaw #shanghai #berlin #brussels #paris #Luxembourg  #LI-SE1

Equal Opportunity Employer 

At Agoda, we pride ourselves on being a company represented by people of all different backgrounds and orientations. We prioritize attracting diverse talent and cultivating an inclusive environment that encourages collaboration and innovation. Employment at Agoda is based solely on a person’s merit and qualifications. We are committed to providing equal employment opportunity regardless of sex, age, race, color, national origin, religion, marital status, pregnancy, sexual orientation, gender identity, disability, citizenship, veteran or military status, and other legally protected characteristics.

We will keep your application on file so that we can consider you for future vacancies and you can always ask to have your details removed from the file. For more details please read our privacy policy.

To all recruitment agencies: Agoda does not accept third party resumes. Please do not send resumes to our jobs alias, Agoda employees or any other organization location. Agoda is not responsible for any fees related to unsolicited resumes.

Apply for this Job

AutoFill your information
* Required

I have read and agree to the Agoda applicants privacy statement.