- Provide privacy guidance and practical solutions within the company to ensure that regulatory and contractual obligations are met with respect to data protection, security and privacy.
- Maintain and implement corporate privacy-related notices, policies, guidelines and other process documentation, ensuring content is up to date and relevant.
- Support other attorneys negotiating, and directly negotiate as necessary, privacy-related terms in commercial agreements with customers and vendors; advise on other privacy concerns in connection with onboarding and managing vendors and other third parties.
- Drive deliverables needed for data inventory/data mapping initiatives, with the support of the privacy team and business process owners.
- Manage the Company’s response to data subject rights requests.
- Support the Incident Response Team in the review, coordination and management of potential privacy or data security incidents.
- Use understanding of broader legal, regulatory, and market risks and trends to influence development of legal strategy and proactively re-evaluate and re-prioritize tasks, projects and strategic objectives based on such information.
- Serve as the main contact for and manage external data privacy attorneys and Data Privacy Officer (DPO), if any.
- Partner with the legal team on privacy-related diligence for potential investments or acquisitions.
Qualifications and Skills
- J.D. from an accredited law school; admitted to practice and in good standing in Massachusetts or your applicable state [equivalent law degree and admission in Europe]
- At least 7 years of working experience as a lawyer with minimum 3 years in a data privacy role, preferably in a global technology company or law firm with an international practice.
- Candidates should have good knowledge of and familiarity with applicable privacy and data protection laws including GDPR and similar regulations, CCPA/CPRA, e-privacy a plus.
- Demonstrated experience in operationalizing data privacy (including identifying how and where personal data is processed, appropriate privacy requirements and any associated privacy risks) with a focus on simple, scalable and effective processes.
- Ability to think strategically, provide sound business advice as well as reliable legal counsel. Excellent judgment and proven experience making risk determinations.
- A thoughtful, articulate and effective communicator who can distill the important aspects of any legal or regulatory issue to a wide audience; seasoned presentation skills.
- Fluent written and verbal English language skills required; fluency or knowledge of other EU languages a plus, especially German and French.
- CIPP/CIPM or equivalent privacy certifications, experience with a leading privacy platform (OneTrust preferred) considered a plus (not required).