Associate Counsel (Privacy)

Job content

Associate Counsel (Privacy)

Salary Banding: Competitive, Dependant on Experience

Hours: Full time working 37.5 hours Monday- Friday

Location: Remote, home-working

Purpose of Role:

• To support the vision and mission of the Global Privacy Department with responsibilities as described below. Our vision is to deepen digital trust with clients, customers, prospects, suppliers, third parties and staff and to create a culture of data confidence across the company that enhances its global reputation. Our mission is to empower colleagues to deliver outstanding care, education and family solutions by protecting business continuity, managing data privacy risks and using technology solutions to achieve our objectives and goals.

Responsible for:

• Advising the in-house US and UK Legal Teams on the privacy requirements of client, partner, vendor and intra-group agreements including as applicable completion of data transfer agreements such as Standard Contractual Clauses.
• Drafting, reviewing and negotiating appropriate terms with those parties in respect of global privacy matters.
• Creating and maintaining contract templates and on-boarding procedures to mitigate legal and business risk, and to improve the efficiency and effectiveness of legal contract support.
• Keeping up-to-date of legal developments in the context of privacy laws that will impact the business, its clients and the sector, ensuring to share the information with the Global Privacy Department and in-house Legal Teams.
• Supporting Privacy Counsel with:
• Working with internal teams to advise on the privacy implications and compliance requirements of new projects and systems, with emphasis on privacy by default and design requirements.
• Advising on the legal basis for processing personal information, including special category personal data, as defined by the GDPR, data minimization principles including retention periods permitted by law and vendor risk management in the context of data privacy.
• Analysing and advising on the implication for the business of global privacy laws including U.S. state and federal privacy laws (CCPA, Canadian state and federal privacy laws), European privacy laws (GDPR) and relevant Member State privacy laws (PECR).
• Assessing the risks in marketing proposals and approaches and working with internal marketing teams on a global basis to ensure the business can achieve its marketing and growth objectives in accordance with all applicable privacy laws.
• Ensuring the completion of Data Protection Impact Assessments (DPIAs) and Legitimate Interest Assessments (LIAs) as required.
• Managing the legal oversight of Data Subject Access Requests (DSARs) and ensuring Bright Horizons’ compliance with all responses.
• Providing legal advice on the business response to privacy incidents, including completing assessments to determine notification requirements under applicable law.
• Dealing with ad hoc activities as assigned by members of the Privacy Department and any other duties commensurate with the role.

Essential Experience:

• Experience negotiating commercial agreements.
• Manage large workloads and execute plans from implementation to completion.
• Delivering high quality and efficient service.

Experience Desirable:

• Data Protection / Privacy experience in the context of commercial arrangement, responding to privacy rights requests and / or managing privacy incidents.
• Experience using OneTrust platform for management of privacy program or willingness to become proficient.

Qualifications

• Fully qualified lawyer within at least one Member State of the EU.
• Willing to become certified International Association of Privacy Professionals (IAPP) Certified, CIPP/E & CIPP/US.
• Must have completed PQ training.

Personal attributes

• Outstanding people and relationship building skills enabling collaborative work with colleagues from across the business and all levels of seniority.
• Excellent verbal and written communication skills.
• Ability to translate complex legal concepts for a non-legal audience.
• Ability to give commercially practical legal advice that balances and protects the actual risks to the business.
• Ability to plan large workloads and execute implementation to plan.
• Helping to create an inclusive and professional work environment.
• Credibility and influence as an ambassador for the Global Privacy Department, and the business externally and internally.
• Works to agreed business goals and objectives and deals with challenges in a constructive and responsive way.
• Takes personal responsibility for quality of outputs.
• Hardworking, flexible and willing to be available when required to support the business’ global offices and deadlines.
• Open to change and comfortable suggesting ideas for improvements to the way things are done.

Because of the nature of this job, it will be necessary for the appropriate level of criminal record disclosure to be undertaken. Therefore, it is essential in making your application that you disclose any information requested in respect of applicable convictions and cautions (including, as applicable any reprimands or final warnings). This post may be exempt from the provisions of Section 4 (2) of the Rehabilitation of Offenders Act 1974, in which case applicants are not entitled to withhold information about convictions which for other purposes are ‘spent’ under the provision of the Act unless the conviction or caution is “protected” as defined by the Rehabilitation of Offenders Act 1974 (Exceptions) Order 1975 (as amended in 2013). Any such ‘protected’ conviction or caution is not subject to disclosure to employers, and cannot be taken into account. All guidance and criteria on the filtering of these cautions and convictions can be found in the DBS filtering collection, available here: https://www.gov.uk/government/collections/dbs-filtering-guidance. The fact that a pending charge, conviction, caution, reprimand or final warning has been recorded against you will not necessarily debar you from consideration for this role but any failure to disclose any such information will result in dismissal or disciplinary action.