GDPR Analyst (m/f/d)

Job content

The Legal team is responsible for managing the legal affairs of the company, including providing legal counsel across the organization, handling disputes, and creating and enforcing intellectual property. The Corporate Communications team manages our internal and external communications with key stakeholders including investors and financial analysts, global media, and our employees around the world.

Let’s Talk About The Team And You

The Privacy Analyst, oversees all ongoing activities related to the development, implementation, maintenance of, and adherence to the European organization’s policies and procedures covering the privacy of, and access to, electronic employee, customer and patient health information in compliance with European laws and global privacy practices. Further, the Privacy Analyst, will provide ongoing support to the Director of Privacy and the ResMed Legal Team on various European and Global privacy initiatives throughout the Company. The position will require some international travel. This will depend on situational requirements.

Let’s Talk About Responsibilities

• Maintain, evolve and contribute to, and implement ResMed’s privacy policies and procedures in Europe, and coordinate with the Director Privacy EU, regional/country Data Protection Officers, Privacy Working Group; and Legal Team in relation to Europe and Global privacy initiatives.
• Contribute to and update policies and procedures for privacy incident responses.
• Work with procurement, vendor management and the legal department to ensure that critical, high-risk or high-visibility third-party suppliers’ contracts and operating-level agreements meet privacy requirements.
• Support the privacy program as necessary to comply with changes in the law, regulations, professional ethics, and accreditation requirements and as necessary due to changes in patient/client mix, business operations, and the overall health care climate.
• Works with organisation senior management, Security team, Director Privacy EU and the Legal Department to establish an organisation-wide Privacy Risk Assessment Function.
• This group is responsible for the risk management function for the protection of personal data hosted or controlled by ResMed.
• Depending on the jurisdiction, receive notifications of personal data processing from business units, and/or notify data protection authorities of such processing.
• Assist business units and technology areas to develop corrective action plans for identified privacy compliance issues.
• Manages the privacy impact assessment process in Central Europe and other parts of Europe identified by the Director Privacy EU, which is a process to review the privacy impacts of various company initiatives.
• Participates with legal counsel in the development, implementation, and ongoing monitoring of all business associate, trading partner, and chain of trust agreements in Central Europe.
• Collaborates with legal counsel in handling any government or regulatory investigations of the Central Europe organisation regarding privacy or security.
• Collaborates with other departments, such as legal counsel, compliance functions, accounting, Quality Assurance and IT to maintain organisation compliance regarding privacy, security, electronic transactions, and protection of information resources.
• Support the creation of an inventory that documents recommendations for how ResMed collects and processes personal data.
  
  

Let’s Talk Qualifications And Experience

• Master’s degree in an appropriate business administration, law, finance, accounting, computer science or a related discipline is required.
• Deep working knowledge of European privacy laws, regulations and health industry best practices.
• The candidate has obtained one or more of the following certifications: Certified Information Privacy Professional (CIPP/E), high school graduation in data protection, certification approved by EU authorities.
• Two to Five years of experience in privacy, data protection, security, risk management or compliance, preferably in the medical device or a related industry.
• Experience working in a highly regulated and/or audited environment.
• Experience in cross-functional international organisation.
• Detailed knowledge of the EU General Data Protection Regulations and national data protection laws within Central Europe.
• Experience with EU model contractual clauses for international data transfers.
• Familiarity or experience with cloud computing, online services, Web applications and enterprise applications.
• Experience implementing privacy policies in an international business that engages in B2B and business-to-consumer (B2C) transactions.
• Analytical and problem resolution skills.
• Business judgement, with the ability to think strategically and give practical advice by balancing business needs with legal risks.
• Good written and verbal communication skills, as well as the ability to work well with a diverse client base.
• Interest in national and international privacy developments, constitutional privacy guarantees, international privacy guidelines, privacy by design, privacy accountability and minimal disclosure.
  
  

Joining us is more than saying “yes” to making the world a healthier place. It’s discovering a career that’s challenging, supportive and inspiring. Where a culture driven by excellence helps you not only meet your goals, but also create new ones. We focus on creating a diverse and inclusive culture, encouraging individual expression in the workplace and thrive on the innovative ideas this generates. If this sounds like the workplace for you, apply now!