Counsel, Data Privacy, Europe
At Pearson, we’re committed to a world that’s always learning and to our talented team who makes it all possible. From bringing lectures vividly to life to turning textbooks into laptop lessons, we are always re-examining the way people learn best, whether it’s one child in our own backyard or an education community across the globe. We are bold thinkers and standout innovators who motivate each other to explore new frontiers in an environment that supports and inspires us to always be better. By pushing the boundaries of technology — and each other to surpass these boundaries — we create seeds of learning that become the catalyst for the world’s innovations, personal and global, large and small.
Reporting to the Data Privacy Director for Europe, this position serves as the data privacy lawyer supporting Pearson’s business in Europe and our vendor management programme. You will also address day to day legal, contractual and regulatory matters involving data privacy in Europe, providing strategic legal advice and guidance.
Serve as legal counsel on data protection and privacy matters in Europe.
Advise the business on European legal compliance requirements applicable to the privacy and management of the personal information of customers, employees and other individuals with whom the company interacts and related confidential personal information.
Support the maintenance of a global corporate data privacy program and compliance standards to comport with legal compliance requirements for Europe, working in close collaboration with the wider Data Privacy Office team.
Provide guidance, support and leadership on privacy and data protection legislation and regulation in Europe, particularly the GDPR.
Conduct risk assessments and provide data protection advice on third party data processors and vendor transactions and new programs applicable to Pearson business inEurope.
Conduct data privacy risk assessments of Pearson products and service offerings inEurope.
Assess the impact of new and existing European regulations or laws on Pearson’s existing operations and offerings; providing advice to the Technology, Product and other relevant business teams to foster privacy by design and alignment with applicable legal requirements and corporate data protection policies and standards.
Advise on the requirements and restrictions for international transfer of personal data by Pearson and its contracting parties in the context of European data processing and information transfers, including the use of mechanisms such as BCRs and Privacy Shield.
Provide guidance and advice on appropriate data protection terms for vendors, supplier, customer and employee agreements, as well as RFP’s, bids, and strategic business partnerships. Collaborate with, and support other lawyers in Europe with respect to legal forms, agreements, policies and notices in order to protect Pearson’s commercial and legal position in relation to data privacy requirements.
Support critical incident management processes in addressing suspected or actual data privacy and security incidents in Europea. Assess whether such privacy and security incidents potentially involve personal or sensitive data, provide counsel on the appropriate containment, investigation and remediation of any breaches; and advise on notification and regulatory reporting requirements, as well as relevant communications, working in collaboration with Corporate Affairs and relevant business teams.
Provide advice concerning requests for access to personal information.
Provide training and education to legal staff, management and employees relating to data privacy and protection in Europe, including key legal issues, laws and regulations, corporate policies and other relevant matters. Support the development and delivery of relevant privacy awareness and training initiativesbuild privacy awareness into Pearson’s corporate culture.
Understand business issues, anticipate and assess legal risks, and work to develop strategies to reduce potential risks in collaboration with other legal staff, Compliance, CISO and other relevant business functions.
Remain current on legal, regulatory, industry, political and macroeconomic developments affecting data protection and privacy in Europe.
REQUIRED KNOWLEDGE AND EXPERIENCE
This position requires a law degree from a well-regarded and accredited university, with admission to practice law in at least one European jurisdiction.
The individual in this role must be an attorney with the legal background, demonstrable presence and interpersonal skills sufficient to function successfully in a highly visible and legally challenging position. It is strongly preferred that he/she brings the following to the role:
A practising lawyer with 3 years’ relevant experience, preferably with both a well-regarded law firm and in-house, ideally in the education, assessment, publishing, technology or digital media sectors.
Detailed knowledge of data protection/privacy requirements, laws and regulations in Europe.
Recognised expertise in providing legal counsel relating to contracts and business relationships; and in relation to information technology service providers and vendors.
The ability to work collaboratively and to engage and influence in a matrix organisation.
Strong interpersonal and influencing skills which can be applied to both internal and external relationships, with the ability to manage potential conflicts sensitively and reconcile compliance requirements with business needs as far as is possible.
Excellent written and oral communication skills. Adept at analysing and interpreting laws and regulations. Attention to detail.
Exemplary personal and professional integrity and business ethics.
Ability to make autonomous decisions that are strategically of a high level of risk to the organization.
Ability to assess risk to the organization; strong understanding of business needs.
Ability to make judgment calls on own; a seasoned professional.
Ability to interact with senior leaders of the business.
Strong advocacy and negotiation skills. Able to engender trust, respect and confidence.
Closing date 30th March
Primary Location: GB-GB-London
Work Locations: GB-London-80 Strand 80 Strand London WC2R 0RL
Employee Status: Regular Employee
Job Type: StandardShift: Da