The primary purpose of this role is to co-lead and assist on various work streams for our GDPR-readiness program. This individual will support the GDPR-readiness program in developing and implementing a range of policies, processes and training materials in order to ensure compliance with the GDPR regulation by May 2018. The policies, processes and training will have a focus on privacy, data governance, information security, and product and software development.
- Supports the smooth transition of the program as external consultancy resource hand over to internal Client’s resource.
- Team player who can work independently and as part of a collaborative global team and thrives in a fast-paced environment.
- Utilizes privacy subject matter expertise and considers practical business implications to help formulate practical and compliant approach to various policies and processes.
- Shapes, documents and executes projects of high risk, complexity and visibility, actively participating in all phases of the project.
- Drives execution and implementation of policies and processes from start to end, including hands on drafting of policies, processes, guidance, templates, playbooks, and training, and assisting various stakeholders and functions in understanding and implementing them into day-to-day business.
- Processes, etc., may relate to the collection and use of personal information, data subject complaints, data subject access requests, personal data transfers, data breach response, customer and supplier contracts, personal data inventory, privacy by design, etc.
- Performs Privacy Impact Assessments for our Client's products and internal systems processing personal data.
- Effectively communicates highly complex ideas at multiple organizational levels and modifies personal approach and style to reflect changing circumstance.
- Ensures appropriate sponsorship and works closely with partners in the business units to deliver projects in a matrix environment.
- May develop or assist in developing business cases for large projects with significant impact to company goals.
- Maintains a solid understanding of Privacy regulation and the industry response to GDPR and incorporates best practices as they emerge.
- Law Degree required. Minimum of 5 years’ experience as Solicitor or equivalent in dealing with data privacy compliance issues in a commercial environment, including experience defining and implementing policies and processes as part of a privacy compliance program.
- Relevant qualifications such as CIPP/US, CIPP/EU, CIPM certifications preferred.
- Must be familiar with and have worked on matters involving European privacy laws, including the EU General Data Protection Regulation; wider knowledge of global data privacy laws (including privacy laws in the Americas) is also highly desirable.
- Excellent verbal and written communication skills including drafting of contracts, policies, processes, templates, and training.
- Excellent organizational skills and ability to work in fast-paced environment.
- Proactive approach, with the ability to think strategically and creatively in identifying and resolving legal issues.
- Ability to successfully balance the company’s commercial interests and objectives with identified legal and business risks.
- Ability to work well as a cross-functional team member and build rapport and trust with peers and stakeholders.
- Demonstrable experience of delivering face-to-face and webinar-based training preferred.