Data Privacy Officer

Function: Legal

Location:

London, LND, GB

Work Arrangement: Hybrid

About Wella:

Wella is one of the world’s leading professional and retail hair companies. It is a beauty collective with a mission to enable consumers to look & feel like their true self. Its love brands, which include beauty icons such as Wella, Clairol, OPI, and ghd (all together “Wella”), are co-created by & designed for the beauty junkies of today & tomorrow. Wella has a presence in over 100 countries and an estimated annual net revenue of $2.3Bn. The Wella Company and its brands, are and will remain committed to a range of social causes as well as seeking to minimize its impact on the environment. For additional information about Wella please visit www.wella.com.

THE ROLE

As part of the Legal Department for The Wella Company, we are looking for the future Wella Data Privacy Officer, based in the UK.

This is an outstanding opportunity for a mid to senior level data privacy professional who combines flawless functional expertise with demonstrable enterprise-wide strategic capabilities to support a global hair and beauty business on a positive journey of evolution and development.

The successful candidate will work closely with the Chief Compliance Officer (CCO) to shape and lead our global approach to data privacy compliance with the aim of developing a ‘best in class’ structure aligned to the global strategy, business and values of the organization; drawing on strong privacy and data protection experience combined with a strong business-minded approach. The successful candidate will be instrumental in the advancement of protecting Wella Company’s data and driving a culture of data by design throughout the company.

The Data Privacy Officer is responsible for:

Setting the company-wide Data Privacy strategy in conjunction with the CCO and the Legal Leadership Team.
Developing, implementing and maintaining the necessary Data Privacy policies, standards and procedures,
Managing and enhancing as necessary from time to time the global privacy compliance program ensuring compliance with global data protection and regulations, and
Providing day to day support and advice to the internal business lines and functions on all matters related to data privacy and digital initiatives. The successful candidate will be expected to take the lead on all privacy initiatives, and they will keep pace with all businesses and functions, identifying and mitigating potential risks.

This role will report into the CCO, will have one direct report and will include direct interactions with the other members of the legal team worldwide.

The responsibilities of the role will include:

Driving a privacy by design culture across The Wella Company in order to facilitate the growth and expansion of the company.
Managing the Data Privacy Manager role to ensure that all data privacy matters are adequately managed and responded to.
Driving Wella’s Data Privacy programme to ensure compliance with applicable laws globally.
Maintaining Wella’s Data Privacy web resources
Engaging with senior executive stakeholders to ensure the right accountability and ownership of privacy at the highest levels in the company.
Developing, implementing and communicating policies and processes related to The Wella Company’s privacy practices.
Conduct data privacy risk assessments and audits, and implement strategies to mitigate identified risks.
Advise and guide the organization on data protection impact assessments and how to deal with data breaches.
Embedding privacy into our marketing, digital, strategy, and the product development lifecycle as well as giving guidance on ways to minimize operational privacy risks.
Interacting with privacy regulators, law enforcement and customers globally as appropriate.
Monitoring, reviewing and assessing new privacy laws and regulations, and providing timely advice regarding their implications to Wella Company and its operations.
Advising teams across The Wella Company including the Information Security and Cyber teams and senior management, on the management of a global privacy program, governance structure and privacy implications of using personal data relating to customers and employees.
Conducting training on and raising awareness of privacy matters
Providing pragmatic legal advice to clearly articulate risks and confidently navigate the business through ever changing data privacy rules and regulations, e-commerce and digital projects.
Managing external legal counsel advice on privacy globally.
Assisting with The Wella Company’s strategy on complying with data subject rights under GDPR (and other regulations as appropriate) including co-ordination of technical and non-technical teams and review of responses to data subjects
Working closely with The Wella Company’s procurement and business teams to negotiate required data privacy clauses in third party agreements which process personal data on behalf of The Wella Company.

QUALIFICATIONS

At least 10-15+ years post qualification experience as a lawyer in the commercial/privacy department at a leading law firm or in-house function (secondment or other in-house experience is a plus).
Extensive experience in US, national and European data protection laws and practices and an in-depth understanding of the GDPR and US regulations (including the CCPA).
Professional certification in data privacy (e.g., CIPP, CIPM, CIPT) is preferred.
Experience of managing others is preferable.
Experience with data privacy tools and technologies
Familiarity with data protection impact assessments (DPIAs)
Knowledge of cybersecurity principles and practices
Excellent academics and training.
A proven track record in privacy programme management.
Experience advising on e-commerce, digital, emerging technologies, automated decision-making, profiling and personalisation is preferable.
Excellent soft skills - the ability to develop strong relationships with other members of the legal team and our business partners is essential.