Global Data Protection Counsel (ROPA and IR) - Assistant Director

London based (3 days per week)

£100k-£115k + bonus

Our Professional Services Client is looking for a broad Data Protection and Privacy lawyer who will lead ROPA and IR across their internal global team.

The opportunity

As the Global Counsel, Data Protection RoPA and Incident Response, you will be responsible for overseeing the Records of Processing Activity (RoPA) process and inventory as well as the management of the Global Incident Response (IR) process. You will be working closely with business stakeholders, the other members of the global data protection team

Your key responsibilities

• Oversee global (ROPA) process and the management of Global Incident Response process.
• Manage the ROPA program which includes an intake process to meet the requirements of Article 30 GDPR to record all processing activities in a centrally managed inventory.
• Support ROPA process to work efficiently within the organization as part of an overall data protection management platform and adapt to new regulatory frameworks such as for AI technologies.
• Communicate the Global Incident Response plan to Member Firms, provide training, and support overall preparedness e.g. through planning and conducting of table top exercises.
• Lead the overall IR policy improvement and process alignments in the Global IR process.
• Manage a variety of internally and externally triggered global incidents in coordination with Member Firms, Information Security., and our business Service Lines.
• Communicate effectively and consistently with key stakeholders.
• Identify / flag legal and regulatory issues surrounding IR and related data protection issues and provide appropriate legal advice / work to implement related solutions.;
• Escalate to the Chief Privacy Officer and Global DPO any significant incidents, related issues, and plans for their resolution, including as applicable implications of local data protection regulations as aligned with local counsel.
• Provide general support to the global data protection team.

Skills and attributes for success

• Qualified Lawyer (open to jurisdiction)
• Between 6-8 years of relevant experience either in private legal practice or an in-house role (including proven experience in the field of data protection in cross border situations (including advising on complex matters, such as incident response, DPIAs, etc.,);
• Solid knowledge in EU data protection legislation (specifically the GDPR) and ideally familiarity with the legislation of one or more other jurisdictions;
• Ideally, internationally recognized privacy certification, such as CIPP/E and CIPM;
• Experience in conducting internal investigations, and in particular data breach response investigations preferred, but not required.