facebook linkedin

Data Privacy - Director

London , United Kingdom

Ref#: 33094

Date published: 7-Jan-2020

Share with: Facebook LinkedIn Twitter Send to a friend

Role Purpose
Responsible to assist with improving, sustaining and facilitating robust, interdisciplinary global programs to address and mitigate personal data privacy risk and execute the CBRE Group’s global data privacy and protection strategy, with focus on CBRE’s Europe, the Middle East and Africa (“EMEA”) Region and Advisory business line.
This individual will be a member of CBRE’s Global Data Privacy Office and work closely with CBRE's EMEA Regional and Country Compliance Officers and Legal teams and serve as the first point of contact for data privacy and protection issues facing the business in CBRE's EMEA Region.
Key Responsibilities
  • Build, improve and mature CBRE’s global data privacy and protection program to align the global and regional programs with a focus on CBRE's EMEA Region and Advisory business line.  Advise internal clients on compliance with legal requirements and CBRE’s privacy policies, notices, standards and procedures.
  • Identify and implement comprehensive processes and tools to support implementation of data privacy and protection policies, Privacy Impact Assessments, Data Subject Request responses, Privacy by Design and manage customer/employee consents and complaints.
  • Create, coordinate and deploy privacy training and communications programs through multiple avenues, including in-person training, specifically around operational compliance with the GDPR privacy principles, privacy by design, data subject requests, and cross-border transfers.
  • Develop a privacy risk mitigation strategic plan for the EMEA Region and Advisory line of business, and coordinate implementation of that plan with CBRE’s Global Privacy Programme.
  • Assist with data privacy and protection due diligence relating to mergers and acquisitions.
  • Monitor the various industry and/or country or region-specific privacy and data protection regulations and legislation. Understand the regulatory framework that applies to privacy risk assessment processes, analyse compliance requirements and make recommendations as needed. Support the implementation of new requirements into technology or compliance solutions.
  • Improve and maintain subject matter expertise of local data privacy and protection regulations impacting countries in CBRE's EMEA business.
  • Support CBRE’s Legal, Compliance and IT departments with investigations and responses to privacy incidents.
  • Improve and maintain cross-border data transfer legal frameworks, including the EU-US and US-Switzerland Privacy Shield certifications, Intra-Group Data Transfer Agreement and the EU model clauses
  • Manage, under the supervision of the EMEA Regional Director, Data Privacy, the planning, organization, and controls for a major functional area or department. May be responsible for a mix of direct and matrix reports.  Monitor appropriate staffing levels and reports on utilization and deployment of human resources.
Person Specification/Requirements
  • A university degree with qualification to practice law in UK or at least one EU jurisdiction required
  • Previous data privacy experience preferred
  • Expertise in EMEA Data Protection Laws and understanding of the GDPR
  • Ability to solve advanced problems and deal with a variety of options in complex situations
  • Excellent communication skills, both verbally and in writing
  • Ability to make effective and persuasive presentations on complex topics to employees, clients, management and/or public groups
  • Ability to motivate and negotiate effectively with key employees, management, and client groups to take desired action
  • Ability to prioritise and co-ordinate tasks efficiently ensuring all deadlines are met
  • Accurate and exceptional attention to detail
  • Team player who deals effectively with colleagues.