Privacy Officer

Gibson Dunn is a leading global law firm, advising clients on significant transactions and disputes. Our exceptional teams craft and deploy creative legal strategies that are meticulously tailored to every matter, however complex or high-stakes. The firm’s work is distinguished by a unique combination of precision and vision.

Based in our London, Brussels, or Paris office, the Privacy Officer will be responsible for all ongoing activities related to the development, implementation, maintenance of, and adherence to the organization’s policies and procedures covering the protection of personal data in compliance with US federal and state, E.U., U.K., and other applicable laws.

The Privacy Officer will be responsible for staff training, data protection / privacy risk assessments (PRAs) and impact assessments (DPIAs), and compliance monitoring (as necessary, as determined by the PO) to verify the business and its functions comply with relevant requirements under applicable data protection / privacy laws. The Privacy Officer will also serve as the primary contact for the relevant data protection authorities and inquiries (i.e., data subject requests) from individuals whose data are processed by the organization.

This role reports to the Firm’s Office of General Counsel.

Responsibilities include:

Providing development guidance and assists in the identification, implementation, and maintenance of organizational privacy/data protection policies, procedures, and the Firm’s data protection governance framework, in coordination with the Firm’s global Compliance Officer, organization management, and legal counsel. Working with Firm management and the Firm’s global Compliance Officer to lead the Firm’s Privacy Oversight Committee, and participates in other Firm committees and fora, including, without limitation, the Firm’s Cyber and Data Governance Committee and Artificial Intelligence (AI) and Technology Strategy Discussion group. Performing initial and periodic PRAs and DPIAs and conducts related ongoing compliance monitoring activities in coordination with the Firm’s other compliance and operational assessment functions. Working with legal counsel and management, key departments, and committees to ensure the Firm maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements. Overseeing, directing, delivering, or ensuring delivery of initial and ongoing privacy training to all attorneys and professional staff, contractors, interns, visiting foreign attorneys, and other appropriate third parties. Participating in the ongoing compliance monitoring of personal data policies and processes with respect to Firm subcontractors, vendors, and other third parties who process personal data at the direction of or on behalf of the Firm. Administering a process for receiving, documenting, tracking, investigating and acting on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other functions and, when necessary, legal counsel. Initiating, facilitating and promoting activities to foster information privacy awareness within the organization and related entities. Promoting privacy by design within the Firm. Staying abreast of applicable data protection / privacy laws and accreditation standards, and monitors advancements in data protection technologies to ensure organizational adaptation and compliance. Working with Firm management, legal counsel, and other related parties to represent the organization’s data protection interests with external parties, as needed. Serving as the primary point of contact and liaison for the relevant data protection authorities. Assisting with reviewing, and/or trains others to perform reviews of, data protection clauses, data processing agreements, and related issues presented in client agreements on behalf of the Firm, and Firm vendor contracts, including, without limitation, the Firm’s potential onboarding of AI-powered or AI-enhanced technologies, tools, and platforms. Collaborating with other of the Firm’s professional services function(s) to maintain a personal data processing catalog (including an Article 30 register). Assisting with data incidents involving the unauthorized release of, or access to, personal data, including internal investigations, privacy impact assessments, incident response and remediation, complaints, claims or notifications, and responding to data subject access requests (DSARs).

Qualifications

Detail-oriented approach needed to recommend and implement strategic improvements on a range of data privacy and data protection issues. Ability to handle confidential and sensitive information with the appropriate discretion. Exceptional verbal and written communication and people skills, with the ability to collaborate effectively with diverse stakeholders. Collaboration and facilitation skills to work with various departments and facilitate their ability to work with each other. Ability to work independently and with a team, and to delegate and manage resources effectively. Self-starter with demonstrated instances of taking initiative.

Experience

Law degree from an accredited law school preferred. Ten (10) years’ minimum of work experience. Five (5) years’ experience within a compliance, legal, audit, and/or risk function, with recent experience in privacy compliance. At least one Data Protection and/or Privacy certification, such as CIPP, CIPT, ISEB preferred. Strong knowledge of UK and EU data privacy and data protection regulation, and a good understanding of other major privacy frameworks and evolving legislation worldwide. Experience in developing policy and compliance training. Sufficient knowledge of information technology and data management systems required.