Legal and Compliance acts as a technical resource to Flo Health, providing advice and assistance with the practical consequences of complying with relevant compliance obligations, including interpretation of relevant laws, and guidance on the implementation of internal policies and procedures. The Group DPO reports to Chief Legal and Compliance Officer and is part of Flo’s Compliance and Legal function. Flo Health’s DPO is responsible for the maintenance, execution and enforcement of Flo’s Privacy Programme including group-wide policy, framework, guidance and standards for all teams and colleagues.
We are looking for a hardworking, motivated and friendly Privacy Counsel to join our privacy team to work closely with the Data Protection Officer and the wider Privacy Team to support the privacy program and provide the business with advice and guidance in relation to data protection and privacy matters.
- Assist in developing and maintaining EU privacy policies and procedures
- Providing privacy and data protection advice to the business, with a special focus on worldwide data driven initiatives.
- Guide on how best to ensure data protection by design and default is baked into the design, build, test and deployment stages of all activities.
- Support the Data Protection Officer (DPO) to carry out Data Protection Impact Assessments and provide solutions to mitigate privacy risks.
- Undertake data protection audits and reviews working with the DPO and Privacy Counsel.
- Assist with international data transfer and data processing agreements with vendors and other third parties. Providing privacy input to contract negotiations where relevant.
- Assist with the creation and delivery of privacy staff training to all entities and affiliates, with a particular focus on digital data uses.
- Drafting and reviewing privacy and data protection policies.
- Undertake legal research and report to the DPO on emerging privacy and data protection laws and guidance.
- Work to ensure that data protection and best practices are fully integrated into the compliance framework of the business;
- Apply EU GDPR principles to business practices which span a number of jurisdictions;
- Support technology and information security teams on cyber security, data privacy and data ownership;
- Build and maintain relationships with colleagues and external stakeholders across multiple jurisdictions;
- Drive and improve solutions to current company processes and protocols.
The ideal candidate will have the following skills and attributes:
- Qualified solicitor from the UK, the Netherlands (or other relevant jurisdiction) with at least 2 years’ PQE;
- Experience of data protection and GDPR gained at a law firm or in-house, including advising on due diligence, documentation and policies, and the use of data;
- Knowledge of data privacy, data handling and data classification;
- Experience of dealing with data privacy issues in a sophisticated organisation;
- Knowledge of global and European data protection laws and practices.
- The ability to provide clear and effective legal advice in a succinct and commercially-orientated manner;
- Excellent written and communication skills with keen attention to detail; and
- An ability to build relationships with a variety of stakeholders across the business.