Privacy Counsel

Bright Horizons Family Solutions

Full-time

Remote

United Kingdom

Job Title: Privacy Counsel

Type: Full Time / 37.50 hours per week / Monday to Friday

Location: Remote with some travel to our HO in Northampton and London

Salary: £DOE

The Role:

The vision of the Global Privacy Office: Deepen digital trust with clients, customers, prospects, suppliers, third parties and staff; creating a culture of data confidence across the company that enhances its global reputation. The mission: Empower colleagues to deliver outstanding care, education and family solutions by protecting business continuity, managing data privacy risks and using technology solutions to achieve our objectives and goals.

Role Requirements:

Records of processing activities (using OneTrust Portal).
Guidance/advice on interpretation and compliance with data privacy laws and regulations on a global basis.
Production of legal documentation, such as privacy notices and contracts with vendors.
Vendor risk management (using the OneTrust Portal).
Risk and compliance assessments, such as Data Protection Impact Assessments (using OneTrust Portal)
Privacy awareness and training for operational areas of the company on a global basis
Oversight, monitoring and assisting with internal audits of data privacy activities.

Key Responsibilities

Supports the Global Privacy Officer in implementing the Privacy Program Framework.
Advising on the legal basis for processing personal information, including special category personal data, as defined by the GDPR, data minimization principles including retention periods permitted by law and vendor risk management in the context of data privacy.
Analyzing and advising on the implication for the business of global privacy laws including U.S. state and federal privacy laws (CCPA, Canadian state and federal privacy laws), European privacy laws (GDPR) and relevant Member State privacy laws (PECR).
Keeping up-to-date of legal developments in the context of privacy laws that will impact the business, its clients and the sector, ensuring to share the information with the Global Privacy Office and in-house Legal Teams.
Advising the in-house US and UK Legal Teams on the privacy requirements of client, partner, vendor and intra-group agreements.
Drafting, reviewing and negotiating appropriate terms with those parties in respect of global privacy matters.
Creating and maintaining contract templates and onboarding procedures to mitigate legal and business risk, and to improve the efficiency and effectiveness of legal contract support.
Working with internal teams to advise on the privacy implications and compliance requirements of new projects and systems, with emphasis on privacy by default and design requirements.
Ensuring the completion of Data Protection Impact Assessments (DPIAs) and Legitimate Interest Assessments (LIAs) as required.
Assessing the risks in marketing proposals and approaches and working with internal marketing teams on a global basis to ensure the business can achieve its marketing and growth objectives in accordance with all applicable privacy laws.
Where required, providing legal advice and guidance on Data Subject Access Requests (DSARs) and Data Subject Requests (DSRs) on responses to data subjects and their representatives.
Supporting the business response to privacy incidents by advising on the legal implications of such incidents, including completing assessments to determine notification requirements under applicable law.
Supporting the Global Privacy Officer with the development and delivery of data privacy training for the business.
Supporting the Global Privacy Officer and the business’ policy team on development of policies affecting or implicating the business’ privacy obligations.
Providing counsel, advising and consulting the Global Privacy Officer and business stakeholders on the data privacy implications of acquisitions during due diligence and drafting / reviewing language to support such transactions in respect of such implications.
Providing counsel, advising and consulting company stakeholders based on accurate interpretation of the law and the needs of the business on to support the development of risk mitigation strategies.
Supporting the development of internal guidelines, toolkits, and packaged knowledge on data privacy issues.
Supporting, promoting and implementing initiatives in partnership with various departments such as operations, acquisitions, client services, client relations, health and safety, facilities and marketing.

Education/Experience/Skills Needed:

Fully qualified lawyer within at least one Member State of the EU, with minimum 7 years’ post qualification experience.
Attorney in at least one US state with active bar membership desirable.
Extensive Data Protection and Privacy experience including hands-on operational experience of any of the following: DPA 2018, GDPR, CCPA, PECR.
International Association of Privacy Professionals (IAPP) Certified, CIPP/E & CIPM preferred or willing to become certified.
Post-qualification experience of working in-house preferable.
Prepared to work towards American Bar Association (ABA) Privacy Law Specialist desirable.
Excellent verbal and written communication skills.
Ability to translate complex legal concepts for a non-legal audience.
Ability to give commercially practical legal advice that balances and protects the actual risks to the business.
Experience negotiating complex commercial contracts, in respect of privacy requirements, that protect the agreed financial/other business terms.
An in-depth understanding of privacy laws, as well as an understanding of relevant legal issues such as commercial law including contract, corporate structures, IPR and contested matters.
Ability to plan large workloads and execute implementation to plan.
Demonstrated ability to perform consistently under pressure and meet demanding deadlines.
Ability to present alternative and proposed solutions.
Credibility and influence as an ambassador for the Global Privacy Officer and the business externally and internally.
Outstanding people and relationship building skills.
Good performance management and resource management skills.
Ability to foster and maintain a strong team ethic and culture of continuous improvement.
Diversity/cultural awareness.
Hardworking, flexible and willing to be available when required to support the business' global offices and deadlines.

Bright Horizons are committed to creating inclusive environments where everyone has a sense of belonging and has the opportunity to contribute and thrive in meaningful and impactful ways. We are an inclusive employer and welcome people from all ages and backgrounds to apply. We will consider reasonable adjustments required by applicants. Please note, due to our sector all roles are subject to an Enhanced DBS

We look forward to receiving your application!

If you experience any problems, please email europe.recruitment@brighthorizons.com and we will be happy to help.

Privacy Counsel

Job Title: Privacy Counsel

Type: Full Time / 37.50 hours per week / Monday to Friday

Location: Remote with some travel to our HO in Northampton and London

Salary: £DOE

The Role:

Records of processing activities (using OneTrust Portal).

Guidance/advice on interpretation and compliance with data privacy laws and regulations on a global basis.

Production of legal documentation, such as privacy notices and contracts with vendors.

Vendor risk management (using the OneTrust Portal).

Risk and compliance assessments, such as Data Protection Impact Assessments (using OneTrust Portal)

Privacy awareness and training for operational areas of the company on a global basis

Oversight, monitoring and assisting with internal audits of data privacy activities.

Key Responsibilities

Supports the Global Privacy Officer in implementing the Privacy Program Framework.

Advising on the legal basis for processing personal information, including special category personal data, as defined by the GDPR, data minimization principles including retention periods permitted by law and vendor risk management in the context of data privacy.

Analyzing and advising on the implication for the business of global privacy laws including U.S. state and federal privacy laws (CCPA, Canadian state and federal privacy laws), European privacy laws (GDPR) and relevant Member State privacy laws (PECR).

Keeping up-to-date of legal developments in the context of privacy laws that will impact the business, its clients and the sector, ensuring to share the information with the Global Privacy Office and in-house Legal Teams.

Advising the in-house US and UK Legal Teams on the privacy requirements of client, partner, vendor and intra-group agreements.

Drafting, reviewing and negotiating appropriate terms with those parties in respect of global privacy matters.

Creating and maintaining contract templates and onboarding procedures to mitigate legal and business risk, and to improve the efficiency and effectiveness of legal contract support.

Working with internal teams to advise on the privacy implications and compliance requirements of new projects and systems, with emphasis on privacy by default and design requirements.

Ensuring the completion of Data Protection Impact Assessments (DPIAs) and Legitimate Interest Assessments (LIAs) as required.

Assessing the risks in marketing proposals and approaches and working with internal marketing teams on a global basis to ensure the business can achieve its marketing and growth objectives in accordance with all applicable privacy laws.

Where required, providing legal advice and guidance on Data Subject Access Requests (DSARs) and Data Subject Requests (DSRs) on responses to data subjects and their representatives.

Supporting the business response to privacy incidents by advising on the legal implications of such incidents, including completing assessments to determine notification requirements under applicable law.

Supporting the Global Privacy Officer with the development and delivery of data privacy training for the business.

Supporting the Global Privacy Officer and the business’ policy team on development of policies affecting or implicating the business’ privacy obligations.

Providing counsel, advising and consulting the Global Privacy Officer and business stakeholders on the data privacy implications of acquisitions during due diligence and drafting / reviewing language to support such transactions in respect of such implications.

Providing counsel, advising and consulting company stakeholders based on accurate interpretation of the law and the needs of the business on to support the development of risk mitigation strategies.

Supporting the development of internal guidelines, toolkits, and packaged knowledge on data privacy issues.

Supporting, promoting and implementing initiatives in partnership with various departments such as operations, acquisitions, client services, client relations, health and safety, facilities and marketing.

Education/Experience/Skills Needed:

Fully qualified lawyer within at least one Member State of the EU, with minimum 7 years’ post qualification experience.

Attorney in at least one US state with active bar membership desirable.

Extensive Data Protection and Privacy experience including hands-on operational experience of any of the following: DPA 2018, GDPR, CCPA, PECR.

International Association of Privacy Professionals (IAPP) Certified, CIPP/E & CIPM preferred or willing to become certified.

Post-qualification experience of working in-house preferable.

Prepared to work towards American Bar Association (ABA) Privacy Law Specialist desirable.

Excellent verbal and written communication skills.

Ability to translate complex legal concepts for a non-legal audience.

Ability to give commercially practical legal advice that balances and protects the actual risks to the business.

Experience negotiating complex commercial contracts, in respect of privacy requirements, that protect the agreed financial/other business terms.

An in-depth understanding of privacy laws, as well as an understanding of relevant legal issues such as commercial law including contract, corporate structures, IPR and contested matters.

Ability to plan large workloads and execute implementation to plan.

Demonstrated ability to perform consistently under pressure and meet demanding deadlines.

Ability to present alternative and proposed solutions.

Credibility and influence as an ambassador for the Global Privacy Officer and the business externally and internally.

Outstanding people and relationship building skills.

Good performance management and resource management skills.

Ability to foster and maintain a strong team ethic and culture of continuous improvement.

Diversity/cultural awareness.

Hardworking, flexible and willing to be available when required to support the business' global offices and deadlines.

More jobs

Legal Counsel | Nordics

Deel

Sr. Counsel - Regulatory (m/f/x)

Avantor