Director, Privacy by Design

We are looking for a Privacy Director to lead the Clarivate Privacy By Design program as a part of the Global Privacy Office. This role will report to the Chief Privacy Officer and be a part of the larger Compliance & Ethics team. Clarivate has global operations and operates in 40+ countries. This role plays an import role in the overall success of the privacy program by responding to the privacy challenges of a global highly matrix organization with the effective management of risk and by driving privacy compliance while facilitating business objectives. The role can be performed in a hybrid model. We are open to hire in Barcelona, Spain.

About You – experience, education, skills, and accomplishments

• Minimum of 10 years of progressive privacy experience
• Minimum of 5 years of experience in a global company
• Comprehensive knowledge of UK, EU, Swiss, US, and APAC data protection regulations and their application, including technical and organizational measures and procedures
• Broad knowledge of EU AI Act and AI/ML
• Expert understanding of processes and information flows of business and corporate functions that manage customer and employee data as well as other confidential information
• Strong problem-solving skill and comfortable making logical decisions when faced with ambiguous requirements
• Ability to communicate effectively with stakeholders

• Strong written and verbal communication skills
• Undergraduate college degree, or the equivalent, in business, law, finance, technology, or other relevant subject area
• Master’s degree, or the equivalent, in data protection, business, law, or technology
• Certified Information Privacy Professional – Europe Accreditation (CIPP/E)

What will you be doing in this role?

• Provide compliance technical advice and consulting as a subject matter expert in data protection standards and strategically developing, enforcing and leading the global privacy compliance program;
• Continue to improve and build upon a strong global privacy compliance program that keeps pace with applicable global regulations in the UK, EU, US, Switzerland, EMEA, APAC, and other relevant jurisdictions;
• Ensure effective execution of privacy requirements, maintenance and adherence to related policies and procedures, commensurate with the level of privacy risk;
• Work collaboratively with the Chief Privacy Officer, Chief Information Security Officer, Sr. Director, Privacy, and other internal stakeholders across governance forums, strategic projects and engagements to drive the execution of the global privacy compliance program;
• Assist the business and corporate functions with the design and execution of internal controls to address privacy business requirements and mitigate privacy risks;
• Leverage expertise to embed enhancements to enterprise Privacy By Design, Security By Design and AI BY Design frameworks into applicable business processes;
• Independently manage privacy risk assessments (e.g., TIAs, DPIAs, PIAs, etc.,);
• Create a records of processing activities register within the organization;
• Manage Data Subject Access Requests for GDPR, CCPA, and other relevant regulation;
• Support incident response for privacy breaches in coordination with internal partners who oversee mitigation strategies and regulatory communications for the UK, EU, US, Switzerland, EMEA, APAC and other relevant jurisdictions;
• Assist with preparing for or leading privacy related regulatory examinations, ISO audits, and internal audits;
• Manage record retention to comply with regulatory and business requirements;
• Ensure that controllers and data subjects are informed about their data protection rights, obligations and responsibilities and raise awareness;
• Give advice and recommendations to the organization about the interpretation or application of the data protection rules;
• Handle queries or complaints on request by the organization, the controller, other person(s);
• Cooperate with and act as the contact point for the data protection authorities (responding to requests about investigations, complaint handling, and inspections, etc.);
• Proactively manage privacy risks through managing governance forums, performing risk assessments, directing monitoring and testing efforts, and implementing related training programs;
• Ensure privacy practices align with regulatory and compliance standards by identifying potential areas of vulnerability and developing and executing risk mitigation action plans; and
• Champion privacy awareness across Clarivate by leading Privacy Awareness campaigns, training and educational programs to help ensure privacy considerations and embedded in business processes.

About the Team

This role will report into the Senior Vice President, Chief Compliance & Privacy Officer. Collaborating closely with a Legal Counsel in London and working as part of the wider Compliance & Privacy team based globally.

Hours of Work

Full-time, permanent role based out of our Barcelona office on a hybrid basis, 2-3 days’ per week in the office. Due to collaboration with colleagues in the US, some flexibility around standard European working hours is required.

At Clarivate, we are committed to providing equal employment opportunities for all qualified persons with respect to hiring, compensation, promotion, training, and other terms, conditions, and privileges of employment. We comply with applicable laws and regulations governing non-discrimination in all locations.