Global Privacy Manager

Key Responsibilities:

• Implementation of new data protection legislation and changes to existing data protection legislations, including PDPA, GDPR, LGDP and CCPA;
• Drafting, maintaining and assisting in the roll out of global data protection statements or policies and privacy centres across the Group;
• Ensuring privacy considerations are taken into account in the vendor management and third party pre-contractual due diligence;
• Assessing privacy implications before the creation of new projects or changes to existing ones and work with the Heads of Function to identify existing and new projects that require data protection assessments, such as DPIAs, TIAs, etc;
• Assisting in managing a data protection control framework, including measuring and monitoring the data protection program to move towards continuous improvement;
• Assist in audits (including risk assessments) regarding data protection requirements;
• Embedding continue to embed privacy within the Group functions and to conduct Group and specific functional data protection trainings;
• Working continue to work closely with security, data governance and information functions;
• Work with the established legal team on merchant and supplier DPA negotiations;
• Enhancing and improving privacy questions for processing registers and DPIAs (using a platform known as Responsum);
• Monitoring new legislation on a global level;
• Providing local advice on data protections compliance, including on operational issues, and reporting to the Group Data Protection Officer;
• Identifying legal issues and risks that may affect Unlimit’s business (and ensuring that is properly advised concerning those issues);
• Creating various awareness-raising tools (e.g., training, etc.) and training local business functions and local staff functions on privacy policies and initiatives as required;
• Advising on privacy and data protection incident notification and remediation as required;
• Providing responses to requests from data subjects and monitoring employee and customer privacy complaints;
• Managing relationships with DPOs and Group Data Protection Officer with local privacy and data protection authorities, including audits;

Education, Skills, & Experience:

• Have a minimum 4 years’ experience of legal practice in a top law firm and/ or an international company:
• Strong fintech experience;
• Have a legal qualification and project experience;
• Be fluent in English, other languages are a plus;
• Have expertise in data protection laws with a willingness and ability to understand privacy laws of other relevant countries in which the Group operates;
• Very strong knowledge of EU’s General Data Protection Regulation;
• CIPP/E; CIPP/M; CIPP/T certified or equivalent;
• AIGP or equivalent (e.g., ISACA AI fundamentals)
• Expertise or exposure of EU and/or international laws and regulations concerning payments products such as credit cards, debit cards, direct debit, and alternative payment methods;
• Expertise in payment regulations (MC/Visa/AmEx) and general knowledge on PCI - DSS, ISO standards;
• Have excellent legal skills and commercial acumen;
• Show solid judgment and integrity;
• Be able to deal with ambiguity and making decisions and taking leadership in such situations
• Have strong written and verbal communication skills
• Be able to implement data protection compliance systems without compromising business efficiency
• Have strong organizational and priority setting skills, being able to work on various projects at the same time
• Have the ability to build strong working relations with stakeholders an in international level
• Ideally always work with a positive and proactive approach, including driving processes in a complex environment
• Be a team player; able to “build to bridges” and be “principled” at the same time
• Enjoy a fast pace and constantly changing priorities