Data Protection Officer

Data Protection Officer

London

Competitive + Great Benefits

The key purpose of the Data Protection Officer role is to provide data protection and privacy subject matter expertise and advice to ASOS and ASOS Marketplace; acting as the designated Data Protection Officer for the purposes of the EU General Data Protection Regulation.

What you'll be doing...

• Provide subject matter privacy advice, including in relation to new Data Protection legislation and its application to ASOS’s global business.
• Identifies Privacy risks and issues. Advises all employees where their activities put the company at risk and provides actionable solutions to remediate risks and issues.
• To design and develop a Programme of work in order to demonstrate compliance with global privacy standards and ensure the optimum customer experience.
• Improve, drive and embed data privacy standards, governance and policies.
•  Liaise with business process owners to build understanding of Privacy risks related to their personal information processing activities and provide advice on how to mitigate risk by embedding Privacy into the design of business processes
•  Act as the liaison point for privacy matters to ASOS customers. ASOS employees and DPA supervisory authorities/regulators.
•  Oversees data subject rights and requests for information. 
•  Manage internal and external privacy compliance audits as required.
•  Drafting and advising on technical privacy and security aspects in contracts.
• Advise and support remediation and notification of PII data incidents.
• Maintain and improve a data privacy impact assessment framework and facilitate an assessment to advise on privacy risks and suggested mitigations.
• Act as the escalation point for enhanced privacy complaints and enquiries.
• Advise on marketing and third-party initiatives involving consent.
• Oversees fair processing information and privacy notices. 
• Provide technical advice around data minimisation techniques including anonymization, pseudonymising and hashing.
• Manage, coach and develop the Data Privacy advisors
• Builds and maintains knowledge about applicable country privacy laws and regulations and assesses impact of changes in laws to privacy operations
• Building relationships with internal business and operational managers from Marketing, Risk, Procurement, Legal, People and the Information Security team.
• Building external relationships with Privacy regulators, external counsel and other advisers, marketing partners and affiliates. 

We'd Like to meet...

Experience

• Strong prior experience as a Privacy / Data Protection Officer in or advising on Privacy / Data Protection issues
• Solid understanding of applicable European and local Privacy laws and regulations
• Experience of developing and embedding a data privacy programme that ensures early and full business awareness and ownership of privacy risks.
• Comfortable in an environment with a very broad range of specialisms and responsibilities.
• Ability to translate technical and legal concepts to business areas.
• Experience of influencing across business areas and working with advisers and key external stakeholders as appropriate.
• Expert knowledge of data protection law and practices, including:
• Technical and organisational measures and procedures;
• Mastery of technical requirements for privacy by design, by default and data security;
• Industry specific knowledge in accordance with the sensitivity of the personal data processed;
• The ability to carry out inspections, consultation, documentation and log file analysis; and
• The ability to work effectively with employees’ representatives

Qualifications

•  Data Privacy Professional certification

Skills and Abilities

• Proven ability to understand and provide incisive, reliable and commercially sound advice and solutions on complex business issues
• Ability to manage and lead a data protection/privacy compliance programme and resources
• Global mindset
• Ability to work autonomously

Knowledge

• Specialist experience of data protection laws and issues
• Specialist knowledge of technical data privacy matters including encryption and hashing
• Ability to communicate with and to influence a wide range of stakeholders
• Self-sufficient computer skills
• Understanding of a commercial retail environment