Data Protection Lawyer (DPL)

  • Full-time
  • Legal Entity: Robert Bosch Middle East FZE

Company Description

Do you want beneficial technologies being shaped by your ideas? Whether in the areas of mobility solutions, consumer goods, industrial technology or energy and building technology with us, you will have the chance to improve quality of life all across the globe.

Welcome to Bosch.

Job Description

As a governance and advisory function, data protection lawyer ensures that Bosch organization comply with relevant laws and regulations regarding the collection, use, storage, and protection of personal data. The primary focus is on safeguarding individuals' privacy rights and ensuring that organization via its employees handle personal data in a lawful and responsible manner. The function also defines the internal regulatory framework for data privacy and audit the implementation in Middle East Region.

The position also minimizes risk to Robert Bosch Saudi Arabia Ltd , Robert Bosch Middle East FZE, and activities associated to these companies including but not limited to assisting in ensuring compliance with relevant data protection and information security regulations in the Middle East Region. Overall, data privacy lawyers play a crucial role in ensuring that organizations handle personal data in a lawful and ethical manner, protecting individuals' privacy rights, and mitigating the risks associated with data breaches and non-compliance.


  • Provide consultancy and guidance on applicable data protection laws and regulations in the region, such as the Personal Data Protection Law (PDPL) in KSA and help Bosch and affiliated regional organizations understand their obligations and develop compliance strategies.
  • DPL prepares privacy policies and notices that inform individuals about how their personal data is being collected, used, and shared.
  • Conduct privacy impact assessments (PIAs) where necessary, to identify and mitigate privacy risks associated with projects, systems, or processes that involve the processing of personal data. 
  • Data privacy lawyer negotiate and draft data processing agreements (DPAs) between Bosch and third-party organizations that share personal data with each other during business transactions. These agreements outline the responsibilities and obligations of each party in ensuring data protection and privacy.
  • In the unlikely event of a data breach or incident, data privacy lawyer assist organizations in responding appropriately including but not limited to helping management with breach notification requirements, investigations, and liaising with regulatory authorities.
  • The position will conduct regular training sessions and awareness programs for employees to educate them about data protection laws, best practices, and their responsibilities in handling personal data.
  • If a data privacy issue leads to legal dispute or regulatory investigation, data protection lawyer represents organization in legal proceedings and help navigate the legal complexities involved in close cooperation with local Bosch organizations and Bosch corporate information security and data protection department (C/ISP). 
  • Developing and updating the National Information Security and Privacy Regulations (NISPR) and data privacy notices based on local privacy laws. 
  • Handling of data subject requests and data protection incidents as well as communication with local supervisory authorities and taking actions as deemed necessary.
  • Advice all business units on local data protection laws in the region. 
  • Auditing the implementation of such requirements where necessary together with C/DSO-AE and C/DSO-TR. 
  • DPL support the business units as an enabler regarding the implementation of the regulations.
  • Advising on privacy regulations during the product development phase (where applicable).
  • Advise on data security topic and make associates aware about the risks of not handling personal data correctly. 
  • Support GBs and RO functions in documenting the requirements for Information Security Management Systems (ISMS) including but not limited to Data Concepts, External Partner Confidentiality Agreements, Risk Assessment, Declaration of Obligation of Personal Data Agreements, Non-Disclosure Agreements, Controller to Processer and sub-Processor agreements etc.
  • Assess information security risks to personal data and develop policies, procedures, and contingency plans to minimize the effects of security breaches.
  • Rollout Regional (Middle East) Data Privacy Regulations.
  • Work closely with the Regional Office (RO) data security team for planning and conducting regulatory and compliance related information security and privacy audits based on the Central Directives and Guidelines.
  • Conduct incident investigations based on reports from BKMS tool in coordination with C/ISP-DP, C/DSO-AE, and C/DSO-TR.
  • Advice on any other matter related to Information Security and data Protection (ISP). 


  • A qualified lawyer having 1-3 years of experience on privacy law topic is needed. 
  • Self driven, motivated and a team player. 
  • Can work independently. 
  • Fluent in Arabic and English language.
Privacy PolicyImprint