Head of Data Privacy and Data Privacy Officer (DPO)
- London, UK
ASOS is an online retailer for fashion-loving 20-somethings. Through market-leading web and app experiences and a selection of more than 850 brands, as well as own-brand clothing and accessories, ASOS serves 24.5 million customers in 200 markets and in ten languages. We are led by our purpose, driven by our mission and guided by our values. Our purpose is to give you the confidence to be whoever you want to be and our mission is to become the world's number one destination for fashion-loving 20-somethings. Our values are authentic, brave, creative and disciplined.
About the Role
The key purpose of the role is to be accountable and responsible for ASOS’s data privacy needs on a global basis. This will require the provision of data protection and privacy subject matter expertise and advice to the ASOS business across all of its territories, as well as acting as the designated DPO for the purposes of the EU and UK privacy legislation. This is a highly visible and senior role, which is critical to ensuring that the Data Privacy team effectively manages the data protection and privacy risks impacting the ASOS business across the globe.
You’ll need to be technically excellent, hands on and commercially minded, with a strong professional ethic and the energy, interest and training to pursue a huge array of matters. You will also need the ability to juggle a multitude of complex data issues and quickly distil these into language that the business understands. To win our Tech and Data Teams over, you’ll need to speak their language and move as quickly as them – ditto for our Commercial, Procurement, Supply Chain, Marketing and People Teams.
What you'll be doing...
· Responsible for ensuring ASOS is meeting data privacy requirements globally, including acting as the DPO for UK and EU markets.
· Providing expert advice on a wide range of data privacy matters on a global basis, which includes providing general advice on current data privacy legislation, but also horizon scanning for legislative or regulatory changes, and providing subsequent advice in a timely and efficient manner to enable full business readiness.
· Provide strategic and commercially focussed advice to the ASOS business in relation to its ‘Data As Fuel’ strategy.
· Assist the ASOS business in effectively managing its privacy risk profile, keeping in mind the business’s strategic current and longer-term goals.
· To design and develop a programme of work in order to demonstrate compliance with global privacy standards and ensure the optimum customer experience.
· Lead the data privacy response to data breaches / critical incidents which will involve working closely with the wider business including data security, risk & insurance, and public affairs & comms, as well as informing and providing updates to the executive management team as required.
· Drive and co-ordinate development of data privacy standards, governance, training and policies.
· To advise on specialist privacy areas, including data retention, data transfer, data exploitation and analytics, training and awareness, building knowledge and capability.
· Act as the liaison point for privacy matters to ASOS customers. ASOS employees and DPA supervisory authorities/regulators.
· Manage data subject rights and requests for information.
· Manage internal and external privacy compliance audits as required.
· Drafting and advising on technical privacy and security aspects in contracts.
· Advise and support remediation and notification of PII data incidents.
· Define policies and procedures in relation to PII handling, including data subject access requests and other requests for information.
· Formulate and maintain a data privacy impact assessment framework and facilitate an assessment to advise on privacy risks and suggested mitigations.
· Act as the escalation point for enhanced privacy complaints and enquiries.
· Advise on marketing and third-party initiatives involving consent.
· Review and update fair processing information and privacy notices.
· Provide technical advice around data minimisation techniques including anonymisation, psuedonymisation and hashing.
· Seasoned DPO with in-depth and extensive specialist knowledge of data protection laws and issues and leading in-house data privacy team.
· Experience of developing, leading and embedding a data privacy programme that ensures early and full business awareness and ownership of privacy risks.
· Comfortable in an environment with a very broad range of specialisms and responsibilities.
· Ability to translate technical and legal concepts to commercially focussed advice, which is readily digestible by the business.
· Solid risk and compliance background.
· Experience of influencing across business areas and working with advisers and key external stakeholders as appropriate.
· Expert knowledge of data protection law and practices, including:
· Technical and organisational measures and procedures;
· Mastery of technical requirements for privacy by design, by default and data security;
· Industry specific knowledge in accordance with the sensitivity of the personal data processed;
· The ability to carry out inspections, consultation, documentation and log file analysis; and
· The ability to work effectively with employees’ representatives
· Experience working in a listed company and/or exposure to e-commerce is preferable, as is experience with working in a business where the commercialisation of data had been part of the broader business strategy.
· Legal qualification/background
· Data Privacy Professional certification (ISEB/IAPP)
· Project management qualifications (Prince 2/Agile) (Desirable)
· Technical security qualification such as CISSP/CISSM (Desirable)
What's in it for you?
- Competitive salary, bonus and pension matching
- Life insurance, free private medical care, cycle to work scheme + more
- A bespoke flexible benefits scheme catered to you
- Best in class Learning & Development schemes and career development programmes
- 25 days holiday + never work on your birthday again!
- Free modern onsite gym, plus personal training and wellness rooms
- A dynamic social environment, from company-wide sports days, charity days, ‘Give A Week Away’ opportunities to visit our charity partners in India & company-wide celebrations to name just a few
- Huge staff discounts and sample sales
We want our people to be whoever they want to be. That’s why we’re committed to creating a truly inclusive culture at ASOS, but how’re we doing it?
Through our Fashion with Integrity strategy we are driving diversity, equity and inclusion across every aspect of ASOS and ensuring every ASOSer can be their authentic self at work. We want our people to be whoever they want to be, because we believe people who bring their best selves to work, do their best work.
We’re proud members of Inclusive Companies, are Disability Confident Committed and have signed the Business in the Community Race at Work Charter. We’ve also recently been placed 8th in the Inclusive Top 50 Companies Employer List too.
There are safe space employee networks and we host a monthly DEI events series to help support and celebrate all of our people. We are constantly listening to our people, evolving, changing and taking a flexible approach to how we make ASOS truly inclusive.