This is a global role and additional team members will be added based on need and proper budgeting.
The Data Protection Officer (DPO) will support the Company (and its affiliates) in meeting the obligations under the various data protection laws applicable to its global business (Applicable Laws). Reporting to the Chief Executive Officer, the DPO will monitor compliance and data practices internally to ensure the business and its functions comply with the applicable requirements under Applicable Laws. The DPO will be responsible for staff training, data protection impact assessments, and overseeing internal audits. The DPO will also serve as the primary contact for supervisory authorities and individuals whose data is processed by the organization.
Description of Job Responsibilities:
In this role, you will work closely with the various business functions to develop and monitor policies and standards applicable to the business and in compliance with Applicable Laws. Duties will include:
■ Implementing measures and a privacy governance framework to manage data use in compliance with Applicable Laws, including developing templates for data collection, assisting with data mapping, and vendor management reviews.
■ Negotiating, reviewing, and drafting of data protection agreements.
■ Working with key internal stakeholders in the review of projects and related data to ensure compliance with Applicable Laws, and where necessary, complete and advise on privacy impact assessments.
■ Serving as the primary point of contact and liaison for the applicable regulatory authorities on all data protection related matters under Applicable Laws.
■ Serving as the primary point of contact for queries within the business.
■ Reviewing vendor contracts (including model clauses) and consents needed to implement projects in partnership with the Company’s Information Security functions, and ensuring filing requirements with local regulators are achieved.
■ Managing and conducting ongoing reviews of the Company’s privacy governance framework.
■ Monitoring changes to local privacy laws and making recommendations to applicable stakeholders when appropriate.
■ Setting standards and creating/reviewing policies and procedures globally that meet the requirements under Applicable Laws and any localization requirements in countries of operation.
■ Developing and delivering privacy training to various business functions.
■ Developing strategies and initiatives to ensure engagement with key internal and external stakeholders.
■ Overseeing and conducting, as applicable, data privacy audits.
■ Collaborating with the Information Security function(s) to raise employee awareness of data privacy and security issues, and providing training on the subject matter.
■ Collaborating with the Information Security function(s) to ensure the maintenance of records for all data assets and exports, and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests (SARs).
■Ensuring that the Company’s IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data).
■ Working with designated outside counsel to help advise on local data privacy law issues.
■ Promoting effective work practices, working as a team member, and showing respect for co-workers.
- Law degree from an accredited institution and a member of a bar in good standing
- At least one Data Protection and/or Privacy Certification (e.g. CIPP, CIPT, ISEB)
- Experience with U.S.A. and/or EU data privacy laws
- Minimum 3+ years’ experience within a compliance, legal, audit, tech, and/or risk function, with recent experience in privacy compliance
- Experience in developing policy and compliance training
- Experience working in a regulated industry
- Strong knowledge of U.S.A. and EU data privacy and data protection regulation, and a good understanding of other major privacy frameworks and evolving legislation worldwide
- Sufficient knowledge of information technology and data management systems required
- Well-developed and professional interpersonal skills; ability to interact effectively with people at all organizational levels
- Ability to work unsupervised, exercise leadership, and influence change
- Excellent writing and presentation skills
- Strong change and project management skills, including the ability to manage time well, prioritize effectively, and handle multiple deadlines
- Ability to undertake large, long-term projects, develop alternative methods to complete them, and implement solutions
- Ability to use independent judgment and discretion when making majority of decisions
- Detail-oriented approach needed to recommend and implement strategic improvements on a range of data privacy and data protection issues
- Ability to handle confidential and sensitive information with the appropriate discretion
- The statements contained in this position description are not necessarily all-inclusive; additional duties may be assigned and requirements may vary from time-to-time.
Travel may be required.
GAN is committed building a diverse workforce. As an equal opportunity employer, we believe merit is everything and we consider qualified candidates without regard to race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, political views or activity, or other applicable legally protected characteristics. If you’re a qualified candidate with a disability or long term condition, and need a reasonable accommodation to apply for this position, please contact email@example.com.
GAN operates in a highly regulated environment, and candidates may be required to obtain a gaming license in one or more U.S. states or jurisdictions where GAN conducts business, which includes (but may not be limited to) an application requesting personal data, a criminal and credit check, and fingerprints. GAN will cover all costs and provide access to an Identity Protection program.