Chief Privacy Officer EMEA
This Chief Privacy Officer EMEA role is based in London, it reports to the Global CPO and offers fantastic opportunities for the successful candidate to learn and progress. The role can offer flexible working, as well as offering the opportunity to travel within EMEA occasionally, a visit to each region is usually scheduled once per year.
A large, international retailer focused on travel, this market leading business operates online and through physical shops. This organisation has a friendly, laid back culture and will suit someone interested in working as part of a team.
The successful candidate will join a team of four Regional Chief Privacy Officers, all of which report to the Global Privacy Officer. Each region has an additional 1-2 Privacy Officers reporting to the Regional CPOs.
This Chief Privacy Officer EMEA is based in London and involves:
The EMEA Chief Privacy Officer (CPO) role is a senior member of the global Privacy function, reporting into the Group Chief Privacy Officer. The successful candidate will have a strong privacy background, will develop and manage the Group's privacy management program across EMEA, and will be accountable for compliance within the region for all matters related to data protection.
The EMEA CPO will coordinate with their counterpart CPOs in other regions and senior stakeholders within EMEA. They will also work with local complementary functions (e., Information Security, Legal, Enterprise Risk) to ensure compliance with applicable local and trans-national legislation, provide expert advice to the regional business in data privacy matters, respond to incidents, and drive change as required.
The successful candidate with know how to persuade and enable the business, while at the same time maintaining independence. In their role, they will be representing the Group towards internal and external stakeholders, including employees, customers, and regulators.
- Work with the Group CPO and other regional CPOs to develop, implement and maintain continuous data privacy program, privacy policies, procedures and documentation for the processing of personal data.
- Co-ordinate activities with appropriate members of the organisation (e., business leads, process owners, development teams, technology, legal, information security, enterprise risk, ethics and compliance, HR, etc.)
- Conduct regular compliance assessments to ensure that the Group's legal privacy requirements under applicable local laws are being met.
- Conduct vendor assessment and undertake due diligence processes as required to identify, quantify and address privacy concerns.
- Work with legal to review data privacy requirements within client contracts and ensure third-party suppliers' contracts meet privacy requirements.
- Support bid-writing teams in RFP responses in relation to data protection matters.
- Present to existing and potential corporate clients to address their privacy concerns.
- Lead the enterprise's response to privacy incidents, and notify regulatory authorities of data breaches where required.
- Conduct or oversee privacy awareness campaigns, training and orientation for all employees, helping drive culture change where required.
- Report findings in a structural, transparent and business-relevant manner to regional SWOTs.
- Serve as the internal advisor to interpret privacy-policy-related questions. Work closely with the technology and development teams to anticipate/address privacy issues in new and existing systems and applications
This Chief Privacy Officer EMEA is based in London and requires:
- Five+* years of experience in privacy, data protection, privacy law, or compliance.
- Detailed knowledge of GDPR and POPIA.
- Experience of working in an international privacy/ data protection role
- Knowledge of international data transfer mechanisms (e., EU model clauses and/or Binding Corporate Rules).
- Bachelor's degree or higher in business administration, law, finance, accounting, engineering, science and technology studies, IT or a related discipline or equivalent experience.
- Certified Information Privacy Professional/Europe (CIPP/E).
- Knowledge of the privacy aspects of product development including privacy/security by design and default and data minimisation.
- Experience or familiarity with governance, risk and compliance (GRC) methodologies.
- Strong analytical and problem resolution skills. Sound business judgement, with the ability to think strategically and give practical advice by balancing business needs with legal risks.
- Strong written and verbal communication skills, and the ability to work well with a diverse client base to articulate the importance of customer privacy.
- Has the accessibility and ability to interface with, and gain the respect of, stakeholders at all levels and roles in the company.
- Is comfortable promoting privacy up and down the management chain, including audiences who have varying levels of familiarity with the topic.
- Familiarity with cloud computing, online services, web and enterprise applications, and data analytics.
- Experience in ISO 27001, ISO 27701, NIST and/or PCI DSS.
- Prior experience with privacy in Retail or Corporate Travel Management Services and/or experience with privacy in internet or high-tech companies.
*candidates with more or less experience who meet the role's technical requirements will be considered
Salary offered is dependent on experience, discretionary bonus and benefits in addition to base salary.