Privacy and Data Protection Officer

Recruitment Genius
11 Nov 2017
18 Nov 2017
Contract Type
Full Time
One of the fastest growing technology businesses in the UK is looking torecruit a Privacy and Data Protection Officer. The Privacy andCompliance Officer is responsible for the development, implementation,and enforcement of policies, procedures, and practices necessary toensure that ERT products/services comply with all applicable US, EU andregional privacy laws and regulations and conforms to industry bestpractices for clinical trial, health care and employee privacy andsecurity. Applicable requirements include but are not limited to EU GDPR- General Data Protection Regulation, HIPAA Privacy and Security Rules,relevant provisions in the HITECH Act. The Privacy and ComplianceOfficer will be the designated point of contact who receives privacy andsecurity-related inquiries, complaints, if any, associated with ERTservice activities and who is able to provide guidance related toprivacy, compliance and security-related matters Main duties: Serves asthe Privacy and Compliance liaison with local Data ProtectionAuthorities (DPA) Works with ERT legal counsel and Sr. Management, keydepartments, and committees to ensure ERT has and maintains appropriateprivacy and confidentiality consent, authorization forms, andinformation notices and materials reflecting current organization andlegal practices and requirements. Initiates, facilitates and promotesactivities to foster information privacy awareness within theorganization and related entities. Translates and develops employeetraining programs statutory and policy obligations into implementableprivacy and security requirements. Serves as information privacyconsultant to the organization for all departments and appropriateentities. Produces privacy and compliance documentation, includingPrivacy Risk Assessments, risk analyses, incident reports, and relatedartifacts. Responsible for specifying and documenting privacy andsecurity regulations and associated compliance requirements, performingprivacy impact assessments, documenting administrative, physical, andtechnical security requirements and working with project management andoperational team members to ensure that all privacy and securityrequirements are adequately addressed. Skills needed: Strong knowledgeof EU General Data Protection Regulation (GDPR) on the protection ofindividuals with regard to the processing of personal data and on thefree movement of such data Strong knowledge of HIPAA and other privacyand security laws, regulations, and corresponding practices. Generalknowledge of global compliance requirements related to global geographicarea - US, EU, APAC, etc. Formal education or professional experience inlaw, privacy, public policy, or health care; Pharmaceutical/ClinicalTrial experience preferred. Experience working in environments thatprocess personally identifiable information (PII) or protected healthinformation (PHI) - provided by Dice PROJECT MANAGEMENT