In a fast-paced environment, this role will be responsible to assist with improving, sustaining and facilitating robust, interdisciplinary global programs to address and mitigate personal data privacy risk and execute the CBRE Group’s global data privacy and protection strategy, with focus on CBRE’s Europe, the Middle East and Africa (“EMEA”) Region and Advisory business line.
This individual will be a member of CBRE’s Global Data Privacy Office (“GDPO”), report to the GDPO’s EMEA Regional Legal Director, and serve as the first point of contact for data privacy and protection issues facing the business in CBRE's EMEA Region.
Continue to build, improve and mature CBRE’s global data privacy and protection program to align the global and regional programs with a focus on CBRE's EMEA Region and Advisory business line. Advise internal clients on compliance with legal requirements and CBRE’s privacy policies, notices, standards and procedures.
Identify and implement comprehensive processes and tools to support implementation of data privacy and protection policies, Privacy Impact Assessments, Data Subject Request responses, Privacy by Design and manage customer/employee consents and complaints.
Create, coordinate and deploy privacy training and communications programs through multiple avenues, including in-person training, specifically around operational compliance with the GDPR privacy principles, privacy by design, data subject requests, and cross-border transfers.
Develop a privacy risk mitigation strategic plan for the EMEA Region and Advisory line of business, and coordinate implementation of that plan with CBRE’s Global Data Protection and Privacy Programme.
Assist with data privacy and protection due diligence relating to mergers and acquisitions.
Monitor the various industry and/or country or region-specific privacy and data protection regulations and legislation. Understand the regulatory framework that applies to privacy risk assessment processes, analyse compliance requirements and make recommendations as needed. Support the implementation of new requirements into technology or compliance solutions.
Improve and maintain subject matter expertise of local data privacy and protection regulations impacting countries in CBRE's EMEA business.
Support CBRE’s Legal, Compliance and IT departments with investigations and responses to privacy incidents.
Improve and maintain cross-border data transfer legal frameworks, including CBRE’s Intra-Group Data Transfer Agreement and the EU model clauses
Manage, under the supervision of the EMEA Regional Director, Data Privacy, the planning, organization, and controls for a major functional area or department. May be responsible for a mix of direct and matrix reports. Monitor appropriate staffing levels and reports on utilization and deployment of human resources.
Degree level or equivalent qualification to practice law in UK or at least one EU jurisdiction required
Previous experience in data privacy required
Expertise in EMEA Data Protection Laws and understanding of the GDPR
Ability to solve advanced problems and deal with a variety of options in complex situations
Excellent communication skills, both verbally and in writing
Ability to make effective and persuasive presentations on complex topics to employees, clients, management and/or public groups
Ability to motivate and negotiate effectively with key employees, management, and client groups to take desired action
Ability to prioritise and co-ordinate tasks efficiently ensuring all deadlines are met
Accurate and exceptional attention to detail
Team-player who collaborates effectively with colleagues.