Gibson Dunn is a leading global law firm, advising clients on significant transactions and disputes. Our exceptional teams craft and deploy creative legal strategies that are meticulously tailored to every matter, however complex or high-stakes. The firm’s work is distinguished by a unique combination of precision and vision.
Based in our London, Brussels, or Paris office, the Privacy Officer will be responsible for all ongoing activities related to the development, implementation, maintenance of, and adherence to the organization’s policies and procedures covering the protection of personal data in compliance with US federal and state, E.U., U.K., and other applicable laws.
The Privacy Officer will be responsible for staff training, data protection / privacy risk assessments (PRAs) and impact assessments (DPIAs), and compliance monitoring (as necessary, as determined by the PO) to verify the business and its functions comply with relevant requirements under applicable data protection / privacy laws. The Privacy Officer will also serve as the primary contact for the relevant data protection authorities and inquiries (i.e., data subject requests) from individuals whose data are processed by the organization.
This role reports to the Firm’s Office of General Counsel.
Responsibilities include:
- Providing development guidance and assists in the identification, implementation, and maintenance of organizational privacy/data protection policies, procedures, and the Firm’s data protection governance framework, in coordination with the Firm’s global Compliance Officer, organization management, and legal counsel.
- Working with Firm management and the Firm’s global Compliance Officer to lead the Firm’s Privacy Oversight Committee, and participates in other Firm committees and fora, including, without limitation, the Firm’s Cyber and Data Governance Committee and Artificial Intelligence (AI) and Technology Strategy Discussion group.
- Performing initial and periodic PRAs and DPIAs and conducts related ongoing compliance monitoring activities in coordination with the Firm’s other compliance and operational assessment functions.
- Working with legal counsel and management, key departments, and committees to ensure the Firm maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
- Overseeing, directing, delivering, or ensuring delivery of initial and ongoing privacy training to all attorneys and professional staff, contractors, interns, visiting foreign attorneys, and other appropriate third parties.
- Participating in the ongoing compliance monitoring of personal data policies and processes with respect to Firm subcontractors, vendors, and other third parties who process personal data at the direction of or on behalf of the Firm.
- Administering a process for receiving, documenting, tracking, investigating and acting on all complaints concerning the organization’s privacy policies and procedures in coordination and collaboration with other functions and, when necessary, legal counsel.
- Initiating, facilitating and promoting activities to foster information privacy awareness within the organization and related entities.
- Promoting privacy by design within the Firm.
- Staying abreast of applicable data protection / privacy laws and accreditation standards, and monitors advancements in data protection technologies to ensure organizational adaptation and compliance.
- Working with Firm management, legal counsel, and other related parties to represent the organization’s data protection interests with external parties, as needed.
- Serving as the primary point of contact and liaison for the relevant data protection authorities.
- Assisting with reviewing, and/or trains others to perform reviews of, data protection clauses, data processing agreements, and related issues presented in client agreements on behalf of the Firm, and Firm vendor contracts, including, without limitation, the Firm’s potential onboarding of AI-powered or AI-enhanced technologies, tools, and platforms.
- Collaborating with other of the Firm’s professional services function(s) to maintain a personal data processing catalog (including an Article 30 register).
- Assisting with data incidents involving the unauthorized release of, or access to, personal data, including internal investigations, privacy impact assessments, incident response and remediation, complaints, claims or notifications, and responding to data subject access requests (DSARs).