Data Protection and Compliance Legal Counsel

We are seeking a Data Protection and Compliance Legal Counsel to join our global organization in Madrid. This is an exciting opportunity for someone with vast experience in data protection, who also has an interest in expanding their knowledge and skills in compliance and risk management. As part of the Group Legal, Compliance, Insurance, and Risk Management team, you will play a key role in ensuring the company’s data protection practices meet legal requirements, while supporting compliance initiatives across the organization.

You will safeguard our reputation by assuring compliance of the company in all areas. You report to the Senior Compliance Officer.

• Support and lead the development, implementation, and monitoring of data protection policies and procedures to ensure compliance with GDPR and other relevant data protection laws at global level.
• Act as the main point of contact for data subject requests and help ensure the company’s data processing activities are compliant.
• Support the preparation and execution of data protection impact assessments (DPIAs) and monitor data protection risks across the business.
• Collaborate with IT, IT security, and external advisors to manage data incidents and ensure effective response plans are in place.
• Assist in reviewing and negotiating data protection agreements in collaboration with the legal and procurement teams.
• Support the development, implementation, and monitoring of the company’s compliance framework and ensure adherence to relevant regulations (., ISO 37001, ECOVADIS etc).
• Assist in preparing compliance reports for management, the board, and relevant committees.
• Assist in the creation and updating of company-wide compliance policies, and ensure they are communicated effectively across departments.
• Support the preparation of compliance training materials and conduct training sessions to raise awareness of compliance and data protection issues among employees.
• Help with the administration and supervision of the company’s whistleblowing platform, working with internal investigators and external platform providers.
• Assist in conducting risk assessments and identifying compliance vulnerabilities across the organization.
• Help integrate compliance and data protection risks into the company’s enterprise risk management framework.
• Support internal audits by ensuring compliance and data protection practices are aligned with the company’s risk management goals.
• Work with various departments (., legal, HR, IT, procurement) to ensure data protection and compliance practices are integrated into day-to-day operations.
• Support the creation and dissemination of internal communications to keep employees informed about compliance and data protection matters.
• Support the Group General Counsel in other legal, compliance, and risk management-related tasks as required.
• Collaborate with the compliance and data protection communities across the company’s global network.

• Required years of experience +3-5 years.
• Support and lead the development, implementation, and monitoring of data protection policies and procedures to ensure compliance with GDPR and other relevant data protection laws at global level.
• Proficiency in English with the ability to read, write and speak is a must.
• Act as the main point of contact for data subject requests and help ensure the company’s data processing activities are compliant.
• Support the preparation and execution of data protection impact assessments (DPIAs) and monitor data protection risks across the business.
• Collaborate with IT, IT security, and external advisors to manage data incidents and ensure effective response plans are in place.
• Assist in reviewing and negotiating data protection agreements in collaboration with the legal and procurement teams.
• Support the development, implementation, and monitoring of the company’s compliance framework and ensure adherence to relevant regulations (., ISO 37001, ECOVADIS etc).
• Assist in preparing compliance reports for management, the board, and relevant committees.
• Assist in the creation and updating of company-wide compliance policies, and ensure they are communicated effectively across departments.
• Support the preparation of compliance training materials and conduct training sessions to raise awareness of compliance and data protection issues among employees.
• Help with the administration and supervision of the company’s whistleblowing platform, working with internal investigators and external platform providers.
• Assist in conducting risk assessments and identifying compliance vulnerabilities across the organization.
• Help integrate compliance and data protection risks into the company’s enterprise risk management framework.
• Support internal audits by ensuring compliance and data protection practices are aligned with the company’s risk management goals.
• Work with various departments (., legal, HR, IT, procurement) to ensure data protection and compliance practices are integrated into day-to-day operations.
• Support the creation and dissemination of internal communications to keep employees informed about compliance and data protection matters.
• Support the Group General Counsel in other legal, compliance, and risk management-related tasks as required.
• Collaborate with the compliance and data protection communities across the company’s global network.

This job description indicates the general nature and level of work expected of the incumbent. It is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities required of the incumbent. Incumbent may be required to perform other related duties.