Careers

Privacy Counsel (Office of the General Counsel)

Brussels, Paris, London

Apply Directly

Job Summary

Gibson Dunn is a leading global law firm, advising clients on significant transactions and disputes. Our exceptional teams craft and deploy creative legal strategies that are meticulously tailored to every matter, however complex or high-stakes. The firm’s work is distinguished by a unique combination of precision and vision.

Based in our London, Brussels, or Paris office, the Privacy Counsel will play a key role in all ongoing activities related to the development, implementation, maintenance of, and adherence to the Firm’s privacy programme covering the protection of personal data in compliance with US federal and state, E.U., U.K., and other applicable privacy laws.

The Privacy Counsel will be a member of the Firm’s Office of General Counsel (“OGC”) and will report to the Firm’s Compliance Officer & Assistant General Counsel (“CO”). The Privacy Counsel will assist (and where requested or as required, deputize for) the CO in relation to all aspects of the continued operation and evolution of the Firm’s privacy programme.

Responsibilities include:

  •  Assist and collaborate with the CO in the identification, implementation, and maintenance of organizational privacy/data protection policies, procedures, and all other aspects of the Firm’s privacy programme, in coordination with the Firm’s management and OGC.
  • Support the activities of relevant committees, including, without limitation, the Firm’s Cyber and Data Governance Committee and Artificial Intelligence (AI) and Technology Strategy Discussion group.
  • Perform PRAs, DPIAs and other related compliance monitoring and risk assessment activities, in coordination as needed or appropriate with the Firm’s other compliance and operational assessment functions.
  • Work with relevant internal stakeholders to maintain appropriate privacy statements reflecting current organization and legal practices and requirements.
  • Assist the CO in developing, overseeing, directing, delivering, or ensuring delivery of privacy training to all attorneys and professional staff, and others as needed or desired, on a cadence to be determined by the CO and/or other stakeholders.
  • Participate in compliance monitoring and/or audits of, and/or attestation/verification activities with respect to, personal data processing practices of. and contractual compliance by, higher-risk Firm subcontractors, vendors, and other third parties who process personal data at the direction of or on behalf of the Firm.
  • Assist with receiving, documenting, tracking, investigating and acting on all requests, queries, and complaints concerning the Firm’s handling of personal data and/or the Firm’s privacy-related policies, procedures, and practices (including data subject requests), in coordination and collaboration with other functions, any locally appointed data protection officers, and, when necessary, the OGC.
  • Initiate, facilitate and promote activities to foster information privacy awareness and privacy by design/default within the Firm.
  • Stay abreast of developments in applicable data protection / privacy laws, accreditation standards, and privacy enhancing technologies, and recommend any actions the Firm should take in response.
  • Serve as the Firm’s statutory privacy officer, data protection officer, or equivalent as required, and act as the Firm’s primary point of contact and liaison for the relevant data protection authorities (excluding cases where another individual is appointed as a local statutory data protection officer, in which case, the Privacy Counsel will be available to advise, assist, and coordinate as needed).
  • Assist with reviewing, and/or train others to perform reviews of, data protection clauses, data processing agreements, and related issues presented in client agreements on behalf of the Firm, and Firm vendor contracts.
  • Collaborate with other of the Firm’s professional services function(s) to maintain a personal data processing catalog (including an Article 30 register).
  • Assisting with the investigation, containment, remediation, regulatory notification, and all other related activities pertaining to any data incident involving the unauthorized release of, or access to, personal data, including internal investigations and privacy impact assessments.
  • Assist and collaborate with the Firm’s information security, information services, data governance, and other functions in identifying and pursuing opportunities to improve the resilience and sustainability of the Firm’s data-handling practices in general.

Qualifications

Technical Skills

A successful candidate will have the following technical skills and experience:

  • Strong understanding of how EU/UK GDPR is interpreted / applied / enforced in practice in the context of a global business, coupled with an understanding (or aptitude to develop such an understanding) of privacy laws of the USA, Middle East, and Asia.
  • Experience working with or advising on privacy laws of one or more of the following jurisdictions preferred: USA, Hong Kong, Singapore, ADGM, DIFC, Saudi Arabia, PRC.
  • Experience drafting and negotiating privacy-specific agreements such as data processing/transfer agreements, as well as privacy-related provisions in a broad range of contracts.
  • Experience conducting and responding to privacy due diligence inquiries or audit.
  • Experience with end-to-end handling of data subject access requests, disclosure requests made by law enforcement/regulators, etc.
  • Experience with end-to-end handling of data breach and other incidents involving personal data, with experience of liaising with regulators in relation to such incidents preferred.
  • Experience with resolving privacy-related issues/queries that arise during day-to-day operation of a global business, e.g., entry into a new market, workplace surveillance, M&A, redundancy, adoption of generative AI tools, IT transformation, etc.
  • Experience with monitoring, ascertaining the relevance of, and advising on the actions required to respond to privacy-related legal/regulatory developments.
  • Experience with designing, developing, and delivering privacy-related training and/or awareness-raising activities.
  • Experience with drafting and/or maintaining privacy-related notices, policies, procedures, forms, templates, etc.
  • Understands the interplay between privacy and other allied disciplines, such as information security, data governance, and records management.

Non-Technical Skills

A successful candidate will have the following non-technical skills and experience:

  • Understands how internal functions such as HR, Learning & Development, IT, Marketing, Finance/Accounts, Risk/Compliance/OGC, Procurement, Information Security, etc. of a global business typically operate.
  • Understands how modern technology is typically deployed and used by a global organisation.
  • Ability to project manage or simultaneously manage competing priorities.
  • Ability to exercise sound professional judgment in balancing the need to ensure compliance against the priority of the business, by taking a holistic yet pragmatic approach to risk management.
  • Ability to translate/interpret complex legal concepts, requirements, etc. plainly and concisely for non-legal audience.
  • Ability to handle highly confidential and sensitive information with the utmost care and discretion.
  • Exceptional verbal and written communication, people, collaboration, and facilitation skills, with the ability to collaborate effectively with diverse stakeholders of varying seniority and cultural backgrounds.
  • Ability to work effectively as an expert independent contributor, as well as a team member, and to delegate and manage resources effectively.
  • Self-starter with intellectual curiosity and resilience to proactively identify and pursue opportunities for improving privacy practices.

Experience

  • Law degree from an accredited law school and valid license to practice law required.
  • Six (6) years’ minimum of relevant work experience.
  • Experience within a compliance, legal, audit, and/or risk function, with recent experience in privacy compliance, ideally gained at a global law firm (or alternatively, a global accountancy, consultancy, or other professional services business, or a regulated global financial services business) strongly preferred.
  • Data Protection and/or Privacy certification, such as CIPP, CIPT, ISEB preferred.

Gibson Dunn will consider for employment qualified Applicants with Criminal Histories in a manner consistent with the requirements of local law.

Locations:

Brussels, Paris, London

Apply Directly

EEO Statement

Gibson Dunn & Crutcher LLP is committed to the principles of equal employment opportunity for all partners, employees and applicants and, in accordance with the applicable federal and state laws, does not discriminate on the basis of sex, race, creed, color, religion, matriculation or political affiliation, national origin, alienage or citizenship status, ancestry, age, marital status or partnership status, family responsibilities, disability, medical condition, personal appearance, genetic information, predisposing genetic characteristics, sexual orientation, military status, status as a victim of domestic violence, stalking and sex offenses, arrest or conviction record, or on any other basis prohibited by law.