LOG IN
SIGN UP
Canary Wharfian - Online Investment Banking & Finance Community.
Sign In
or continue with e-mail and password
Forgot password?
Don't have an account?
Create an account
or continue with e-mail and password
By signing up, you agree to our Terms & Conditions and Privacy Policy.

Data Privacy Lawyer

ExperiencedNo visa sponsorship

Posted 13 days ago

No clicks

**Data Privacy Lawyer** Manage global data privacy programs at Herbert Smith Freehills Kramer. Key responsibilities include coordinating Data Protection Impact Assessments (DPIA), managing supply chain DP risks, and onboarding AI tools. Lead DPIA processes, update policies, and ensure compliance. Apply GDPR knowledge and cross-border data protection understanding. Collaborate effectively with lawyers and IT staff. Requires 3+ years' experience, technical or law degree, and adaptability.

Compensation
Not specified

Currency: Not specified

City
London
Country
United Kingdom

Full Job Description

Herbert Smith Freehills Kramer is a world-leading global law firm, where our ambition is to help you achieve your goals.

Exceptional client service and the pursuit of excellence are at our core. We invest in and care about our client relationships, which is why so many are longstanding. We enjoy breaking new ground, as we have for over 170 years.

As a fully integrated transatlantic and transpacific firm, we are where you need us to be. Our footprint is extensive and committed across the worlds largest markets, key financial centres and major growth hubs.

At our best tackling complexity and navigating change, we work alongside you on demanding litigation, exacting regulatory work and complex public and private market transactions. We are recognised as leading in these areas.

We are immersed in the sectors and challenges that impact you. We are recognised as standing apart in energy, infrastructure and resources. And were focused on areas of growth that affect every business across the world.

All of this is achieved by supporting the growth of our people, who help us deliver on our ambition which is to help you achieve yours.

Herbert Smith Freehills Kramer: Your goals. Our ambition

The Opportunity

Role / Primary Responsibilities:

The role is positioned within the General Counsel & Risk team as part of our global risk and compliance function.

The role has a global remit and the primary areas of work will include:

  • Managing the DPIA process including risk assessing new systems, processing activities and suppliers, working with project owners and IT Security.

  • Working with Procurement and contract owners to manage the DP risks in the firms supply chains and (with legal SME) ensuring appropriate contractual protections are in place.

  • As part of the firms AI Risk Assessment Committee, assisting with managing the onboarding of new AI tools by the firm, including conducting data protection risk assessments of proposed new AI tools. Where possible advising on and implementing appropriate protections to manage any data protection risks associated with proposed new AI tools.

The individual will be primarily responsible for those areas of work, but will report to, and be supervised by, the Senior Data Privacy Manager, who is responsible for leading the firms global privacy programme.

While the role will focus on those primary areas of work, the role will also include work in other areas within the responsibility of the data privacy team, including:

  • Developing, managing and implementing global DP policies, standards, guidelines and procedures including updating intra-group transfer agreements.

  • Assisting with day-to-day operational issues and incidents.

Mapping and controls; privacy by design

  • Understanding the firm's activities in the collection, processing, access, ownership, location, cross border transfers and destruction of personal data and controlling the data map.

  • Monitoring compliance with policies (in particular on retention periods and deletion of documents).

  • Maintaining an incident register.

  • Assisting with day-to-day operational issues and incidents.

  • Working with Information Security and the business to respond to client requests for information and audit

  • Advising on the privacy terms in client retainer documentation

Clients

  • Working with Information Security and the business to respond to client requests for information and audit

  • Advising on the privacy terms in client retainer documentation

Data Subject requests

  • Advising on the response in relation to data subject requests for correction, erasure, access, portability (with a legal SME or HR where necessary)

  • Maintaining relevant documentation and register

Awareness, education, training

  • Assisting with developing new content and methods for data protection education and awareness

  • Working with others to keep data protection issues high on the firm agenda

  • Assisting to advise senior business services managers on key privacy risks the business faces both now and in relation to new services and products

  • Assisting with running privacy programmes in offices/regions, and engaging with senior business services managers as needed

Audit and assurance

  • Supporting managing privacy concerns in client audits

  • Assisting with privacy compliance reviews of specific offices and business services functions

  • Supporting internal audit on data protection processing and activities and responding to internal and external audit findings

  • Helping maintain the firm's data privacy risk assessment

  • Helping maintain privacy impact assessments for each jurisdiction

General

  • Providing key privacy inputs into Committees comprising CXOs and senior Business Services managers alongside legal SMEs, monitoring laws in the jurisdictions where the firm has an office

  • Preparation of quarterly plans and annual input into the firm's Information Security report

  • Building lasting and valuable relationships with internal stakeholders, especially IT and lawyers.

Qualifications / Skills / Experience

  • Degree educated (technical degree or law degree preferred)

  • We would expect the successful candidate to have a minimum three years' experience in data privacy, data governance, and information security but may consider those with less experience providing they can demonstrate they meet the required competencies.

  • Strong knowledge of the GDPR.

  • Good awareness of data protection in other jurisdictions.

  • Able to liaise effectively with both lawyers and IT staff.

  • Ability to identify and analyse data protection risks and controls.

  • Experience of drafting and monitoring adherence to policies, processes and general advice.

  • Working knowledge of a broad range of IT issues, technologies, standards (especially ISO 27001), control frameworks and good practice.

  • Working knowledge of AI, including data protection risks associated with AI implementation and use.

  • Adaptable, diligent and works with initiative.

Team

General Counsel and Risk

Working Pattern

Full time

Location

London

Contract type

Permanent Contract

Diversity & Inclusion

We are committed to attracting people from all backgrounds and creating a respectful and inclusive culture where everyone thrives. We see this as essential to our success, including our ability to innovate and achieve sustained high performance. This is a key part of our ValuesHuman, Bold, and Outstanding.

Location: London

Time Type: Full time

Data Privacy Lawyer

Compensation

Not specified

City: London

Country: United Kingdom

Herbert Smith Freehills logo
Law

13 days ago

No clicks

at Herbert Smith Freehills

ExperiencedNo visa sponsorship

**Data Privacy Lawyer** Manage global data privacy programs at Herbert Smith Freehills Kramer. Key responsibilities include coordinating Data Protection Impact Assessments (DPIA), managing supply chain DP risks, and onboarding AI tools. Lead DPIA processes, update policies, and ensure compliance. Apply GDPR knowledge and cross-border data protection understanding. Collaborate effectively with lawyers and IT staff. Requires 3+ years' experience, technical or law degree, and adaptability.

Full Job Description

Herbert Smith Freehills Kramer is a world-leading global law firm, where our ambition is to help you achieve your goals.

Exceptional client service and the pursuit of excellence are at our core. We invest in and care about our client relationships, which is why so many are longstanding. We enjoy breaking new ground, as we have for over 170 years.

As a fully integrated transatlantic and transpacific firm, we are where you need us to be. Our footprint is extensive and committed across the worlds largest markets, key financial centres and major growth hubs.

At our best tackling complexity and navigating change, we work alongside you on demanding litigation, exacting regulatory work and complex public and private market transactions. We are recognised as leading in these areas.

We are immersed in the sectors and challenges that impact you. We are recognised as standing apart in energy, infrastructure and resources. And were focused on areas of growth that affect every business across the world.

All of this is achieved by supporting the growth of our people, who help us deliver on our ambition which is to help you achieve yours.

Herbert Smith Freehills Kramer: Your goals. Our ambition

The Opportunity

Role / Primary Responsibilities:

The role is positioned within the General Counsel & Risk team as part of our global risk and compliance function.

The role has a global remit and the primary areas of work will include:

  • Managing the DPIA process including risk assessing new systems, processing activities and suppliers, working with project owners and IT Security.

  • Working with Procurement and contract owners to manage the DP risks in the firms supply chains and (with legal SME) ensuring appropriate contractual protections are in place.

  • As part of the firms AI Risk Assessment Committee, assisting with managing the onboarding of new AI tools by the firm, including conducting data protection risk assessments of proposed new AI tools. Where possible advising on and implementing appropriate protections to manage any data protection risks associated with proposed new AI tools.

The individual will be primarily responsible for those areas of work, but will report to, and be supervised by, the Senior Data Privacy Manager, who is responsible for leading the firms global privacy programme.

While the role will focus on those primary areas of work, the role will also include work in other areas within the responsibility of the data privacy team, including:

  • Developing, managing and implementing global DP policies, standards, guidelines and procedures including updating intra-group transfer agreements.

  • Assisting with day-to-day operational issues and incidents.

Mapping and controls; privacy by design

  • Understanding the firm's activities in the collection, processing, access, ownership, location, cross border transfers and destruction of personal data and controlling the data map.

  • Monitoring compliance with policies (in particular on retention periods and deletion of documents).

  • Maintaining an incident register.

  • Assisting with day-to-day operational issues and incidents.

  • Working with Information Security and the business to respond to client requests for information and audit

  • Advising on the privacy terms in client retainer documentation

Clients

  • Working with Information Security and the business to respond to client requests for information and audit

  • Advising on the privacy terms in client retainer documentation

Data Subject requests

  • Advising on the response in relation to data subject requests for correction, erasure, access, portability (with a legal SME or HR where necessary)

  • Maintaining relevant documentation and register

Awareness, education, training

  • Assisting with developing new content and methods for data protection education and awareness

  • Working with others to keep data protection issues high on the firm agenda

  • Assisting to advise senior business services managers on key privacy risks the business faces both now and in relation to new services and products

  • Assisting with running privacy programmes in offices/regions, and engaging with senior business services managers as needed

Audit and assurance

  • Supporting managing privacy concerns in client audits

  • Assisting with privacy compliance reviews of specific offices and business services functions

  • Supporting internal audit on data protection processing and activities and responding to internal and external audit findings

  • Helping maintain the firm's data privacy risk assessment

  • Helping maintain privacy impact assessments for each jurisdiction

General

  • Providing key privacy inputs into Committees comprising CXOs and senior Business Services managers alongside legal SMEs, monitoring laws in the jurisdictions where the firm has an office

  • Preparation of quarterly plans and annual input into the firm's Information Security report

  • Building lasting and valuable relationships with internal stakeholders, especially IT and lawyers.

Qualifications / Skills / Experience

  • Degree educated (technical degree or law degree preferred)

  • We would expect the successful candidate to have a minimum three years' experience in data privacy, data governance, and information security but may consider those with less experience providing they can demonstrate they meet the required competencies.

  • Strong knowledge of the GDPR.

  • Good awareness of data protection in other jurisdictions.

  • Able to liaise effectively with both lawyers and IT staff.

  • Ability to identify and analyse data protection risks and controls.

  • Experience of drafting and monitoring adherence to policies, processes and general advice.

  • Working knowledge of a broad range of IT issues, technologies, standards (especially ISO 27001), control frameworks and good practice.

  • Working knowledge of AI, including data protection risks associated with AI implementation and use.

  • Adaptable, diligent and works with initiative.

Team

General Counsel and Risk

Working Pattern

Full time

Location

London

Contract type

Permanent Contract

Diversity & Inclusion

We are committed to attracting people from all backgrounds and creating a respectful and inclusive culture where everyone thrives. We see this as essential to our success, including our ability to innovate and achieve sustained high performance. This is a key part of our ValuesHuman, Bold, and Outstanding.

Location: London

Time Type: Full time