Data Protection Officer / Manager

Salary & Benefits
Employment Type
Full Time, Permanent
Report to Position
EMEA Executive Committee / Deputy Compliance Officer, EMEA
EMEA Knowledge Centre, Hatfield, UK
Business Area
Application Deadline
26 May 2017

Full Job Description

Main purpose of the job:

In order to enhance the management of data held by Eisai generally and specifically to meet obligations arising out of the EU General Data Protection Regulation (GDPR), we have created a new position for a Data Protection Officer / Manager (DPO) EMEA, based at our European Knowledge Centre (“EKC”) in Hatfield, Hertfordshire, England.


The position will report on substantive data protection matters directly to the EMEA Executive Committee and will have a dotted reporting line to the Deputy Compliance Officer EMEA and will sit in the Compliance, Ethics and Risk Management Department.


Main Duties / Responsibilities:

  • Be the subject matter expert for all data protection matters relevant to the EMEA region across all functions and will have the following key tasks:

  • to inform and advise Eisai and employees who carry out processing of their obligations pursuant to the GDPR and to other national data protection provisions;

  • to monitor compliance with the GDPR, with other national data protection provisions and with Eisai policies and procedures in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of employees involved in processing operations, and related audits;

  • to provide advice where requested as regards data protection impact assessments and monitor their performance pursuant the provisions of the law;

  • to cooperate with the designated supervisory and other data protection authorities as required;

  • to act as the contact point for supervisory authorities on issues relating to processing, including the prior consultation referred to in the GDPR, and to consult, where appropriate, with regard to any other matter.

  • The DPO is expected to have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing;

  • Being available for inquiries from data subjects on issues relating to data protection practices, withdrawal of consent, the right to be forgotten, and related rights.


    Additional tasks shall also include, but not be limited to, the following:

  • The implementation, management and monitoring of the EMEA data protection strategy and the creation and roll out of policies, standard operating procedures and guideline documents;

  • The development /maintenance of organisational / governance frameworks, training, data protection awareness campaigns, cross-border transfer of data mechanisms and identification and management of risks around data protection;

  • Undertaking supplier management due diligence activities with regards to data protection;

  • Liaising with the Risk Manager, EMEA and / or the Deputy Compliance Officer, EMEA concerning escalated data protection risks and issues;

  • Maintenance of central tracking mechanisms for key repositories of personal data across EMEA (including IT systems, shared folders and mobile and all other applications), and managing data protection inventories;

  • Management, notification and remediation of data breach incidents involving personal information;

  • Partnering with other functions to address data protection risks / issues in addition to assessing the impact of the GDPR on Eisai as a group worldwide.


Tools & Equipment Used:

  • Use of Microsoft Office (Word; Excel spreadsheets including use of pivot tables; Visio or other workflow tools; PowerPoint; Project);

  • Laptop computer

  • Mobile phone


    Working Conditions:

    This job is based in Hatfield with some international travel required, both regionally and globally


    Working Relationships:

  • EMEA Executive Committee

  • Deputy Compliance Officer, EMEA

  • ITC department

  • Other stakeholders throughout the business as required



Person Specification

Qualifications, Education and Languages Required:

  • A degree in law, or relevant to data protection, or equivalent.

  • CIPP(E) (Certified Information Privacy Professional (Europe)) preferred.

  • A second language (ideally French, German, Italian, Russian or Spanish) is advantageous but not required.


    Experience Required: 

  • Possess good experience and understanding alongside practical application of current UK and other European data protection legislation.

  • Previous experience in a compliance, data protection and/or privacy role in the pharmaceutical sector preferred.

  • Evidence of undertaking data protection risk assessments, including compliance gap analysis and data protection impact assessments with sound judgement in managing risks.

  • Proven track record of developing and implementing data protection policies, procedures and training material, promoting a culture of data protection compliance across business functions.

  • Experience of advising internal / external stakeholders around data protection questions, risks and issues.

  • Experience of working with data protection authorities, works councils and international data transfer agreements.

  • Excellent verbal and written communication skills (fully fluent in spoken & written English) with strong presentation / negotiation skills.

  • Able to communicate effectively across a matrix organisation.


Skills & Aptitude Required:

  • Logical thinker.

  • Problem solver.

  • Good influencing and communication skills.

  • Able to work under pressure and enforce company-wide standards.

  • Good team player.