Data Protection Officer – Middle

Overview:

SOFTSWISS is looking for an experienced Data Protection Officer (DPO) to oversee and ensure compliance with data protection laws, including the General Data Protection Regulation (GDPR).

The DPO will play a key role in maintaining the company’s privacy governance framework, supporting our teams in implementing privacy-by-design principles, and serving as the main point of contact for data protection authorities and individuals.

About Product:

Payment Gateway (FinteqHub):

The Payment Gateway is part of our growing fintech software and payment management system. The team works on providing clients with a payment platform designed to help online businesses manage and process monetary transactions worldwide.

Key responsibilities:

• Ensure the company’s processing of personal data complies with applicable data protection laws, including GDPR.
• Develop, implement, and maintain data protection policies, procedures, and frameworks aligned with regulatory requirements, including maintaining a comprehensive Record of Processing Activities (ROPA).
• Inform and advise the company and its employees of their obligations under data protection law.
• Provide expert guidance during product design and implementation to ensure privacy-by-design and privacy-by-default principles.
• Monitor compliance with data protection legislation, conduct audits, raise awareness.
• Review existing draft contracts for data protection implications and ensure appropriate privacy and security clauses are included. Develop Data Processing Agreement draft.
• Identify and assess privacy risks related to processing, storage, and data transfers.
• Advise on and monitor Data Protection Impact Assessments (DPIAs) and Transfer Impact Assessments (TIAs).
• Establish and manage procedures for detecting, reporting, and investigating data breaches, including breach notifications to supervisory authorities and affected individuals when required.
• Maintain a data breach register and oversee post-incident reviews.
• Proactively recommend improvements to ensure ongoing compliance and risk reduction, including measures related to security, data storage, and data retention.
• Act as a contact point for data subjects exercising their rights (access, rectification, erasure, portability, restriction, objection).
• Serve as the company’s main contact point with the State Data Protection Inspectorate (VDAI).
• Provide regular reports and briefings to senior management on privacy risks, incidents, and compliance status.
• Undertake additional compliance-related duties as assigned by management, in alignment with data protection principles and legal requirements.

Required Experience:

• Education: Minimum Bachelor’s degree in Law.
• Experience: Proven track record as a Data Protection Officer or Privacy Law Compliance Officer, ideally in a technology or fintech company.
• Knowledge: Deep and practical understanding of GDPR, Lithuanian data protection laws, and privacy compliance frameworks.
• Languages: Fluency in Lithuanian and English (written and spoken) is mandatory.
• Residence: The candidate must reside in Lithuania. 
• Excellent communication and analytical skills.
• Strong attention to detail and ability to balance regulatory compliance with business needs.

The DPO will work closely with:

• Product/Data Privacy Responsible – ensuring GDPR is implemented across product development, architecture, and data flows.
• CISO/Security Team – supporting technical controls such as encryption, access management, incident response, and retention enforcement.