Evinova - Data Protection Officer

Join to apply for the

Evinova - Data Protection Officer

role at

Evinova

Location :

Barcelona, Spain (On-site) / 3 days working from the office

or Baar, Switzerland (On-site) / 3 days working from the office.

Evinova is a health-tech business, accelerating the delivery of better health outcomes by propelling the life sciences sector forward in digital health. Through our application of science-based expertise, evidence-led rigor, and human experience-driven insight, our digital solutions are designed to improve health outcomes for all. Evinova is part of the AstraZeneca Group.

The Evinova Data Protection Officer (“DPO”) provides strategic oversight to ensure compliance with privacy regulations and offers practical daily privacy support to support Evinova’s expanding global healthtech business and customer base.

This is a unique opportunity for an ambitious, intellectually curious privacy expert to play a pivotal role in supporting Evinova’s growth.

As part of a small legal and compliance team, the role reports directly to the Evinova Chief Legal and Compliance Officer (“CLCO”) and works closely with the COO, Head of Cyber Security, and Leadership Team.

The DPO will serve as the primary contact for data subjects and supervisory authorities in relevant markets, including the EU and Switzerland. The role involves horizon scanning, providing advice, and oversight based on strong subject matter expertise.

The DPO will collaborate with the CLCO to enhance privacy capabilities across Evinova, establishing policies, frameworks, and governance to strengthen privacy defenses. The role also includes supporting privacy aspects of customer audits and assisting in contract negotiations related to data processing.

• Act as the point of contact for supervisory authorities and data subjects regarding Evinova’s data processing activities.
• Maintain licenses, registrations, and regulatory compliance for data processing within the Evinova Group and with partners/vendors.
• Oversee responses to data subject access requests.
• Support data protection impact assessments and liaise with authorities as needed.
• Report significant data breaches, advise on remediation, and analyze trends.
• Partner with leadership to monitor compliance and develop privacy training programs.
• Conduct horizon scanning for key jurisdictions globally.
• Collaborate with product, quality, compliance, IT, and business stakeholders to foster a global privacy mindset.
• Support privacy in customer contract negotiations, including drafting data processing agreements and transfer mechanisms.

• Legal degree or qualifications with 10+ years in privacy law or data privacy programs.
• Deep knowledge of GDPR, EU/EEA laws, UK Privacy Act, UK GDPR, and familiarity with US, China, and other local regulations.
• Experience with privacy program elements, tools, and best practices.
• Experience supporting digital health or technology sectors.
• Excellent analytical, written, and oral communication skills.
• Strong collaboration and interpersonal skills, with the ability to influence at all levels, including Board level.
• High ethical standards, discretion, and independence.
• Ability to operate effectively in ambiguity and fast-paced environments.

Date Posted: 25-Jul-2025

Closing Date: 14-Aug-2025

AstraZeneca promotes diversity and inclusion. We welcome applications from all qualified candidates and comply with applicable non-discrimination laws.

Seniority level: Mid-Senior level

Employment type: Full-time

Job function: Information Technology

Industries: Pharmaceutical Manufacturing