EU Legal Counsel and German Data Protection Officer (Datenschutzbeauftragter) (m/f/d)

Are You Ready to Make It Happen at Mondelēz International?

Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours.

This position requires recurring presence at our Bremen office.

The key purpose of the role of legal counsel and German Data Protection Officer (DPO) is to provide legal counseling and advice on data privacy, data privacy aspects of cybersecurity, and data protection laws covering Germany, and the broader European Union. The legal counsel/DPO has the position of a DPO as defined in Art. 38 et seqq. GDPR and will monitor local compliance and data practices internally to ensure the business and its functions comply with the applicable privacy requirements in Germany and work on broader EU data privacy, cybersecurity, and data protection matters. The legal counsel/DPO will also serve as the primary contact for the local German Data Privacy Supervisory Authority and individuals whose data is processed by the local entity.

Reporting to the Chief Counsel, Global Compliance and Chief Privacy Counsel, you will work closely with the Compliance, Legal, People Team, and Mondelez Digital Services (MDS) functions to develop and monitor policies and standards applicable to the business and in compliance with the local regulation. Duties will include:

• Implementing measures and a privacy governance framework to manage and protect personal information in compliance with local regulations, including developing templates for data collection, assisting with data mapping, and conducting vendor management reviews, as well as the implementation of data privacy audits.
• Working with key internal stakeholders to review projects and related data to ensure compliance with applicable data privacy and cybersecurity laws, and where necessary, complete and advise on privacy impact and cross-border data transfer assessments.
• Serving as the primary point of contact and liaison for the German Supervisory Authority on all data protection-related matters required under local data protection laws, including managing regulatory filings, data incident responses, complaints, data subject access requests, privacy compliance reviews and cooperation with the local data protection authority on processing issues.
• Serving as the primary point of contact for privacy queries in the local business unit, informing and advising the Chief Counsel and employees of their obligations under data protection law, and working with local legal counsel on the execution and drafting of required documentation.
• Reviewing contracts and consents to implement projects in partnership with Procurement, local Legal, Marketing and MDS and ensuring filing requirements with local regulators are achieved.
• Monitoring changes to EU local privacy, cybersecurity, and data protection laws and making recommendations to the Chief Counsel, Global Compliance & Chief Privacy Counsel, and the Global Data Privacy Community of Practice legal group.
• Working with the Chief Counsel, Global Compliance & Chief Privacy Counsel, and BU Counsel to understand localization requirements, set local standards, review local policies and procedures, and meet local regulatory requirements.
• Developing and delivering privacy training to various local business functions.
• Developing strategies and initiatives to ensure engagement with key internal and external stakeholders.
• Collaborating with MDS to raise employee awareness of data privacy and cybersecurity issues and providing training on the subject matter.
• Collaborating with MDS to maintain records of all data assets, maintain a data security incident management plan to ensure timely remediation of incidents, including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests.
• Comprehensively coordinate and implement personal information security within the local EU business units and take direct responsibility for personal information security.
• Establish, maintain and update the list of personal data and information held by the local organization and authorized access strategies.
• Provide advice where a DPIA has been carried out and monitor its performance.

• Law degree and registered attorney – Preferably German.
• Certifications (e.g., CIPP/E, CIPM) are a plus.
• Minimum six (6) years of data privacy experience required.
• Experience in EU and German data privacy, cybersecurity and data protection laws, and ideally practical experience dealing with local privacy authorities, local data privacy office filings, and regulatory issues.
• At least three (3) years’ experience within a compliance, legal, audit, privacy, and/or risk function, with recent experience in privacy compliance.
• Strong knowledge of EU and German data privacy, cybersecurity and data protection regulation, and familiarity with local regulatory filing requirements in market.
• Must be fluent (both written and spoken) in English and German (C2).
• Sufficient knowledge of information technology and data management systems required; affinity for understanding various IT solutions and their data protection implications in an international company structure.
• Well-developed and professional interpersonal skills; ability to interact effectively with people at all organizational levels within Mondelez.
• Excellent writing and presentation skills.
• Strong change, project management and leadership skills, including managing time well, prioritizing effectively, and handling multiple deadlines.
• A detail-oriented approach is needed to recommend and implement strategic improvements on a range of data privacy, cybersecurity and data protection issues.
• Ability to handle confidential and sensitive information with the appropriate discretion.

• Data Privacy guidance in case of data breaches and compliance with potential notification requirements.
• Data Privacy counseling and check of Data Protection Impact Assessments (DPIAs) provided by the various functions (e.g., IT, Sales, Marketing, Procurement).
• Support GDPR audits (internal/external).
• Regulatory inquiry resolutions.
• Training on data privacy laws to various stakeholders (e.g., IT, Sales, Marketing, Procurement).
• Review of data privacy policies and regular updates.
• Third-party compliance checks for GDPR compliance.

We particularly welcome applications from people with disabilities. For further support during the application process, please contact the local employee representation for people with disabilities at SBV-Bremen@mdlz.com.

Relocation Support Available? No relocation support available, however for candidates voluntarily moving internationally some minimal support is offered through our Volunteer International Transfer Policy.

Mondelēz International is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation or preference, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.

IF YOU REQUIRE SUPPORT TO COMPLETE YOUR APPLICATION OR DURING THE INTERVIEW PROCESS, PLEASE CONTACT THE RECRUITER.