Data Privacy Lawyer

Herbert Smith Freehills Kramer is a world-leading global law firm, where our ambition is to help you achieve your goals.

Exceptional client service and the pursuit of excellence are at our core. We invest in and care about our client relationships, which is why so many are longstanding. We enjoy breaking new ground, as we have for over 170 years.

As a fully integrated transatlantic and transpacific firm, we are where you need us to be. Our footprint is extensive and committed across the world’s largest markets, key financial centres and major growth hubs.

At our best tackling complexity and navigating change, we work alongside you on demanding litigation, exacting regulatory work and complex public and private market transactions. We are recognised as leading in these areas.

We are immersed in the sectors and challenges that impact you. We are recognised as standing apart in energy, infrastructure and resources. And we’re focused on areas of growth that affect every business across the world.

All of this is achieved by supporting the growth of our people, who help us deliver on our ambition – which is to help you achieve yours.

Herbert Smith Freehills Kramer: Your goals. Our ambition

The Opportunity

Role / Primary Responsibilities:

The role is positioned within the General Counsel & Risk team as part of our global risk and compliance function.

The role has a global remit and the primary areas of work will include:

• Managing the DPIA process including risk assessing new systems, processing activities and suppliers, working with project owners and IT Security.

• Working with Procurement and contract owners to manage the DP risks in the firm’s supply chains and (with legal SME) ensuring appropriate contractual protections are in place.

• As part of the firm’s AI Risk Assessment Committee, assisting with managing the onboarding of new AI tools by the firm, including conducting data protection risk assessments of proposed new AI tools. Where possible advising on and implementing appropriate protections to manage any data protection risks associated with proposed new AI tools.

The individual will be primarily responsible for those areas of work, but will report to, and be supervised by, the Senior Data Privacy Manager, who is responsible for leading the firm’s global privacy programme.

While the role will focus on those primary areas of work, the role will also include work in other areas within the responsibility of the data privacy team, including:

• Developing, managing and implementing global DP policies, standards, guidelines and procedures including updating intra-group transfer agreements.

• Assisting with day-to-day operational issues and incidents.

Mapping and controls; privacy by design

• Understanding the firm's activities in the collection, processing, access, ownership, location, cross border transfers and destruction of personal data and controlling the data map.

• Monitoring compliance with policies (in particular on retention periods and deletion of documents).

• Maintaining an incident register.

• Assisting with day-to-day operational issues and incidents.

• Working with Information Security and the business to respond to client requests for information and audit

• Advising on the privacy terms in client retainer documentation

Clients

• Working with Information Security and the business to respond to client requests for information and audit

• Advising on the privacy terms in client retainer documentation

Data Subject requests 

• Advising on the response in relation to data subject requests for correction, erasure, access, portability (with a legal SME or HR where necessary)

• Maintaining relevant documentation and register

Awareness, education, training

• Assisting with developing new content and methods for data protection education and awareness

• Working with others to keep data protection issues high on the firm agenda

• Assisting to advise senior business services managers on key privacy risks the business faces both now and in relation to new services and products

• Assisting with running privacy programmes in offices/regions, and engaging with senior business services managers as needed

Audit and assurance

• Supporting managing privacy concerns in client audits

• Assisting with privacy compliance reviews of specific offices and business services functions

• Supporting internal audit on data protection processing and activities and responding to internal and external audit findings

• Helping maintain the firm's data privacy risk assessment

• Helping maintain privacy impact assessments for each jurisdiction

General

• Providing key privacy inputs into Committees comprising CXOs and senior Business Services managers alongside legal SMEs, monitoring laws in the jurisdictions where the firm has an office

• Preparation of quarterly plans and annual input into the firm's Information Security report

• Building lasting and valuable relationships with internal stakeholders, especially IT and lawyers.

Qualifications / Skills / Experience

• Degree educated (technical degree or law degree preferred)

• We would expect the successful candidate to have a minimum three years' experience in data privacy, data governance, and information security but may consider those with less experience providing they can demonstrate they meet the required competencies.

• Strong knowledge of the GDPR.

• Good awareness of data protection in other jurisdictions.

• Able to liaise effectively with both lawyers and IT staff. 

• Ability to identify and analyse data protection risks and controls.

• Experience of drafting and monitoring adherence to policies, processes and general advice.

• Working knowledge of a broad range of IT issues, technologies, standards (especially ISO 27001), control frameworks and good practice.

• Working knowledge of AI, including data protection risks associated with AI implementation and use.

• Adaptable, diligent and works with initiative.

Team

Working Pattern

Location

Contract type

Diversity & Inclusion

We are committed to attracting people from all backgrounds and creating a respectful and inclusive culture where everyone thrives. We see this as essential to our success, including our ability to innovate and achieve sustained high performance. This is a key part of our Values—Human, Bold, and Outstanding.