Data Privacy Lawyer
- Full Time
A broad Data Privacy Lawyer role requiring previous experience in a large, international business. The company recruiting for the role has a complex structure, meaning effective stakeholder management will be key for success.
This Data Privacy Lawyer role sits with a leading, international consumer goods business. The role supports on privacy work for the UK & Ireland operations, as part of the Legal team.
Ideally, the successful candidate will be able to spend two days a week working in Slough, Berkshire (once offices reopen).
This Data Privacy Lawyer role is based in Berkshire (with flexible working), it involves:
- Draw on expert knowledge of data protection and privacy to provide high-quality and timely legal advice on compliance to Head of Privacy, Privacy Champions and other stakeholders in UK and Ireland);
- Enhance Privacy Network by building strong relationships with Heads of Privacy, Privacy Champions and the business; Cooperate with Compliance function, Group Privacy Office, Digital team and IS/Cyber Security team;
- Advise on and structure digital, e-commerce, marketing and other projects with data protection implication including mapping data flows, advising on information privacy practices, implementation of appropriate technical and organizational measures;
- Enhance privacy by design within business practices;
- Update personal data processing register on One Trust through conducting regular meetings with Privacy Champions and the business, launching and approving Privacy Impact Assessments and, if required, Legitimate Impact Assessments for new processing activities, assisting the business in completing the Privacy Impact Assessment questionnaires and other internal privacy forms (PIAs, DPIAs, PIFs, DIAs etc);
- Provide expert input into Privacy Impact Assessments, Legitimate Impact Assessments and data mapping, and identify risks and register them on One Trust;
- Ensure that the risks identified during Privacy Impact Assessments are properly and timely remediated through the coordination with Heads of Privacy, Group Privacy Office and IS/Cyber Security team on introducing required technical and organizational measures;
- Support the business on Data Subject Access Requests and ensure that DSAR Process is followed by the business. Cooperate with Group Privacy Office in responding to DSARs;
- Advise on the management and resolution of incidents involving personal data. Cooperate with Group Privacy Office on resolving data breaches, and ensure that Data Breach Process is followed by the business;
- Negotiate data protection agreements for different EU countries and update a register of vendors which process personal data;
- Ensure all personal data is collected and processed on a lawful basis and that it is properly registered;
- Prepare, update, translate and communicate policies, procedures and notices, and keep appropriate records;
- Work with Group Privacy Office to execute Intra Group Data Protection agreements;
- Foster a culture of data protection by providing GDPR related trainings to the business (e., training on supporting GDPR related projects, training on Data Breach and DSAR processes, trainings on key roles and responsibilities of Privacy Champions, data privacy impact assessments);
- Support Group Privacy Office, Head of Privacy and Privacy Champions on the enforcement of the data retention policy and regularly conduct clean up days;
- Timely follow up with the Privacy Champions and business on GDPR ongoing activities;
- Keep abreast of local legal developments, including any GDPR derogations, interpretation and implementation of new requirements, if any;
- Conduct GDPR gap risk assessments, create and implement mitigation plan.
This Data Privacy Lawyer role is based in Berkshire (with flexible working), it requires:
- Qualification in UK law, or equivalent EU academic qualification in law;
- Minimum of 4+ years of relevant experience (candidates with more or less experience with relevant technical experience will be considered;
- Good working knowledge of EU General Data Protection Regulation, European Data Protection Board Guidance and GDPR-like laws applicable in UK;
- Strong data protection knowledge and expertise allowing to advise on data protection matters with an international scope in large institutions;
- Previous experience working for a large, international business
- Strong project management skills;
Experience in a similar type of role in a multinational business and of working on a multidisciplinary role;
- Experience of promoting a data privacy culture of awareness and understanding.
- Experience of cross functional cooperation;
- Experience in dealing with DPAs, governments and industry bodies;
- Experience in managing data incidents and breaches;
- Knowledge of cybersecurity risks, cybersecurity law, and information security standards;
- Knowledge of the consumer goods sector; and Privacy, data protection and information security certifications.
This is a 12 month role open to those wishing to join on a fixed term contract or in a temporary role (daily rate, PAYE), please submit your application for full detail.