Privacy Officer

Our client, a multinational law firm, is looking to recruit a Privacy Officer to manage all privacy matters of the firm. This is a global position, covering all the jurisdictions in which the firm operates. The Privacy Officer will facilitate compliance with applicable laws and regulations, including the European Union's GDPR. Key responsibilities for the Privacy Officer position will be broad-ranging, encompassing:

• Develop, implement and maintain the firm's privacy management program and the resulting policies, procedures, guidelines and other documentation for the processing of personal data in coordination with appropriate internal stakeholders
• Develop and update data breach incident responses, ensuring alignment with the implementation of personal data handling activities.
• Work to ensure the firm maintains the appropriate privacy and confidentiality consent procedures, authorization forms and information notices.
• Work with a multidisciplinary team, including risk management, compliance, HR, legal, business process owners and other internal stakeholders to ensure firm-wide coverage of the privacy discipline.
• Lead the firm's response to privacy-related emergencies and other potentially damaging events.
• Work on the firm's continued compliance with GDPR and other applicable data protection laws.
• Determine the firm's specific privacy-related requirements and potential vulnerabilities.
• Manage the privacy impact assessment process, in close collaboration with business stakeholders.
• Conduct regular privacy policy compliance assessments to ensure that the firm's privacy policies are up to date and being adhered to.
• Ensure that business units, technology teams and third parties (including service providers) follow the firm's privacy management program, meet privacy policy requirements and address privacy concerns.
• Continuously monitor the status and effectiveness of privacy controls across the firm, ensuring that applicable privacy laws and regulations (including GDPR), and privacy-related key risk indicators are effectively monitored to prevent an unacceptable impact on business objectives and reputation.
• Ensure that data security practices - in particular logging, monitoring and auditing practices - do not conflict with privacy requirements.
• Liaise with the firm's information security team in matters relating to data breaches (including preparedness, prevention, impact mitigation and integral management of breaches).
• Conduct or oversee privacy awareness campaigns, training and orientation for all employees - in particular application developers, HR and marketing.
• Identify trends in privacy and regulatory requirements and compliance enforcement, and account for the necessary changes in the privacy management program, updating information only to the stakeholder audiences affected in their respective activities.
• Manage and respond to requests of data subjects to exercise the rights provided for by the applicable data protection laws (for example, requests for access, rectification and deletion of personal data).