Data Privacy Lawyer
Posted 7 hours 35 minutes ago by Exchange House Services Ltd - London
Permanent
Full Time
Other
London, United Kingdom
Job Description
Responsibilities 
- Manage the DPIA process, including risk assessment of new systems, processing activities and suppliers.
- Work with Procurement and contract owners to manage DPI risks in supply chains and ensure appropriate contractual protections.
- Assist the AI Risk Assessment Committee with onboarding new AI tools, conducting data protection risk assessments and advising on necessary protections.
- Develop, manage and implement global data privacy policies, standards, guidelines and procedures, including intra group transfer agreements.
- Handle day to day operational issues, incidents and maintain an incident register.
- Map and control privacy by design: map the firm's data processing activities, manage the data map, monitor retention policies, and respond to client and audit information requests.
- Advise on privacy terms in client retainer documentation and data subject requests (correct, erasure, access, portability).
- Develop and deliver privacy education and awareness content, ensuring high visibility of privacy matters across the firm.
- Support privacy compliance reviews of offices and business services, and assist with internal and external audit findings.
- Maintain privacy risk assessments and impact assessments for each jurisdiction.
- Prepare quarterly plans and provide annual input to the Information Security report.
- Build and maintain relationships with internal stakeholders, particularly IT and legal teams.
- Degree educated (technical or law degree preferred).
- Minimum 3 years' experience in data privacy, data governance, or information security (less experience considered with demonstrable competency).
- Strong knowledge of GDPR and data protection law in other jurisdictions.
- Proficiency in drafting, monitoring and enforcing data privacy policies and procedures.
- Experience with ISO27001, other control frameworks, and a broad range of IT technologies.
- Working knowledge of AI and associated data protection risks.
- Excellent communication skills - able to liaise effectively with lawyers and IT staff.
- Analytical ability to identify and assess data protection risks and controls.
- Self motivated, adaptable, diligent and proactive.
Full time, Permanent - London, United Kingdom.
This role reports to the Senior Data Privacy Manager and is part of the General Counsel & Risk team under the global risk and compliance function.