In order to meet obligations arising out of the EU General Data Protection Regulation (GDPR), we have created a new position for a Data Protection Officer, EMEA, based in our London, England, office.
The position will report on substantive data protection matters to the Dow Jones Chief Privacy Officer/Privacy Leader, and will also report to Company Executives as needed.
Expertise and Professional Qualities
- Experience with the details and practical application of current European data protection legislation, and posses an in depth understanding of the GDPR;
- Previous experience in a compliance, data protection and/or privacy role preferred;
- Possess integrity, professional ethics, and sound judgement in managing risks and enforcing company-wide standards;
- Ability to handle information and business confidentially, as appropriate;
- Demonstrated leadership and problem-solving skills, and ability to work under pressure;
- Ability to communicate effectively with the highest levels of management and decision-making individuals within the organization;
- Familiarity with privacy and security risk assessment, best practices and gap analysis, privacy certifications/seals, and information security certifications;
- Familiarty or experience with implementing data protection policies, procedures, and training materials, and promoting a culture of data protection compliance across business functions;
- Experience advising internal / external stakeholders around data protection questions, risks and issues;
- Ability to communicate effectively with data subjects, data protection authorities, works councils, and other controllers and processors across national boundaries and cultures;
- Excellent verbal and written communication skills with strong presentation / negotiation skills;
- Adequate self-awareness and confidence to acknowledge gaps in certain areas and seek to fill them from reliable sources;
- Familiarity with information technology programming and infrastructure, and information security practices and audits, preferred; and
- Experience in the media and/or compliance industry, and with marketing operations, preferred.
- Inform, advise and issue recommendations to the Company regarding compliance with data protection laws including GDPR, and Company policies and guidelines with respect to data protection;
- Foster a data protection culture within the organization and help to implement essential elements of the GDPR, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, security of processing, awareness training, and notification and communication of data breaches;
- Provide advice concerning data protection impact assessments (DPIAs) and monitor their performance pursuant the provisions of the law, including whether and how to carry out a DPIA, what safeguards (including technical and organizational measures) to apply to mitigate any risks to the rights and interests of the data subjects, and whether or not the DPIA has been correctly carried out in compliance with the GDPR;
- Maintain the record of processing operations and key repositories or personal data under the responsibility of the controller, and manage related data protection inventories;
- Cooperate with and be the contact person for the designated supervisory and other data protection authorities, and consult, where appropriate, on issues relating to processing;
- Act as the point person for inquiries from EU data subjects on issues relating to data protection practices, withdrawal of consent, the right to erasure, and related data subject rights;
- Assist with the implementation, management and monitoring of the EMEA data protection strategy and the creation and roll-out of policies, guidelines, and data protection awareness training;
- Identify and manage risks related to data protection, and escalate data protection risks and issues to executives, as needed;
- Offer consultation in relation to any information security events; and
- Attend regular/ongoing privacy training.
- CIPP(E) (Certified Information Privacy Professional (Europe)) preferred.
- A second language (ideally French, German, Italian, or Spanish) is advantageous, but not required.
This position is based in London, with some potential regional/EU and US travel required.