About this opportunity
Be a member of Align’s Legal Team and Privacy office, which is responsible for the development of privacy and data protection principles, policies, and practices throughout the organization.
EMEA Privacy Counsel will report to Align’s Global Privacy Director and Data-Protection Officer (with other potential reporting lines) and focus primarily, but not exclusively, on data-privacy needs for Align’s EMEA region.
Overall role will involve advising business groups within Align on matters involving personal data, data privacy, and data protection and compliance for a medical device company.
This will include review of relevant products, services, processes, solutions, systems, and consents to assure compliance with privacy and data protection laws.
This position requires great judgment, a strong background and expertise in data privacy, compliance for a medical device company, very strong written and verbal communication skills, and great attention to detail.
This role presents an opportunity to join a fast-growing company that occupies a unique position as a digital leader in the health-care sector, paving the way with groundbreaking concepts such as machine learning and artificial intelligence.
Coupled with our continued technological advancements is Align’s strong history of Privacy, Ethics, and Compliance around the globe, including being the first company globally to have their Binding Corporate Rules as a Data Processor approved by an EU regulatory body.
In this role, you will
Serve as the primary Privacy point of contact for EMEA (and potentially other corporate or regional) business functions, leaders, and their teams regarding data-privacy compliance throughout Europe, the Middle East, and Africa;
Potentially serve as the primary compliance point of contact for EMEA business functions, leaders and their teams regarding compliance needs of a medical device company.
Work with senior leaders, attorneys, business leads, and technology teams to ensure Align’s ongoing compliance with data-protection laws across EMEA, including the GDPR and national implementations;
Support the Privacy Office’s implementation of the Align’s centralized privacy program throughout the EMEA region and potentially other regions;
Monitor and analyze changes in data-privacy legislation throughout the region;
Identify personal data processing activities carried out by the relevant business or functions assigned to you and conduct necessary impact assessments, where required;
Act as Align’s Incident Response Lead for EMEA in the event of security incidents or potential personal data breaches per established protocol and documentation requirements;
Manage the fulfilment of data subject access requests (or privacy-related complaints) related to Align’s EMEA activities;
Provide support in evaluating and performing due diligence on third parties in coordination with other relevant function areas across the business (Sales & Commercial, Procurement, Finance), including potential Align acquisitions, partner and vendor onboarding throughout the EMEA region;
Assist in responding to third-party due diligence requests where Align acts as a data processor;
Negotiate and execute data-processing agreements and addendums with third parties;
Assist in the maintenance of Align’s Binding Corporate Rules and the continued implementation of their requirements throughout the Align group;
Develop and adjust internal privacy programs to address issues in creative, business-centric ways;
Assist in the coordination and development of training and communication programs for the EMEA regions for all relevant business groups;
Work with Align’s Chief Compliance and Ethics Officer to develop and maintain an open dialogue with other departments to ensure an effective communication and management of risk as Align continuously evolves its compliance programs throughout the EMEA region;
Manage outside counsel relationships related to data privacy;
Assist with various internal audits of our privacy programs;
Create dashboards and KPIs to assess the health of, continuously improve and communicate to leadership about our compliance programs;
Respond to inquiries and investigations from regulatory or other supervisory authorities; and
Work effectively, collaboratively, and efficiently with any internal stakeholders necessary to fulfill the above tasks.
In this role, you’ll need
Fully qualified lawyer with outstanding legal qualification from one of our core European jurisdictions (Switzerland, United Kingdom, Spain, Germany, France, Italy);
Legal background required U.S. JD, EU LLB and / or LLM (bachelors / masters);
Seven or more (7+) years post-qualification experience, including a minimum of two (2) years at a top tier / highly ranked law firm, and in-house experience;
main focus areas must be privacy and data protection for digital company the health-care sector; focus on compliance for a global, publicly traded, medical device and technology company a plus.
Certified International Privacy Professional Certification or equivalent preferred;
A strong understanding of the convergence of privacy and data security as it relates to medical devices, health information, and sensitive personal data;
Comprehensive knowledge of EU and global data protection regulatory requirements; comprehensive knowledge of EU and global needs of a US based, publicly traded medical device company, a plus; and
Fluent English language skills that include the ability to draft complex legal briefs or memoranda.
A strong affinity for technology, with in an interest in machine learning, artificial intelligence, and Technology affinity with a natural interest in internet services and applications and enthusiasm for technical innovation;
Experience with Binding Corporate Rules as a means of cross-border data transfer;
The ability to manage a large number and variety of projects, working independently and often in novel legal environments;
Practical business judgment and ability to qualify actual risk;
Experience working closely with Information Security teams;
A strong team player and consensus builder with excellent people skills and a good sense of humor who can effectively and efficiently collaborate and build relationships with both attorneys and business clients at all levels throughout the organization; and