Legal Counsel Data Protection
MSC is a privately owned global shipping company founded in 1970 by Gianluigi Aponte. As the world’s leading container shipping line with headquarters in Geneva, Switzerland, MSC operates in over 524 offices across more than 155 countries worldwide with over 74,000 employees.
With access to an integrated network of road, rail and sea transport resources which stretches across the globe, the company prides itself on delivering global service with local knowledge.
We are searching for an experienced Legal Counsel Data Protection at our MSC Geneva - Service Center Greece - Piraeus facility.
MSC is looking for an experienced Legal Counsel specialized in Data Protection to help it meeting its obligations under the General Data Protection Regulation (GDPR), the Greek Data Protection Law 2472 / 1997 amended and other applicable data protection laws.
Within MSC’s Corporate Legal Data Protection Team, the Legal Counsel will provide guidelines to business and operational functions to ensure those meet the applicable legal requirements.
He / she will be notably responsible for trainings, data protection impact assessments, contract reviewing and internal audits.
ESSENTIAL DUTIES AND RESPONSIBILITIES In this role, you will work closely with the Legal / Compliance, Information Technology and Information Security functions to develop and monitor policies and standards applicable to the business and in compliance with the GDPR and data protection laws. Duties will include :
Draft and implement policies, procedures, guidelines, measures and other privacy governance frameworks to manage data use, including developing templates for data collection, assisting with data mapping, and vendor management reviews.
Working with key internal stakeholders in the review of projects and related data to ensure compliance with data protection laws, and where necessary, complete and advise on privacy impact assessments.
Serving as the primary point of contact for queries in the business.
Serving as the primary point of contact for data subject access requests (DSAR).
Liaise with Data Protection Authorities on all data protection related matters.
Reviewing vendor contracts and ensuring filing requirements with local regulators are achieved.
Conducting ongoing reviews of MSC data protection governance framework, including setting standards and reviewing policies and procedures globally that meet the legal requirements.
Monitoring changes to local data protection laws and making recommendations to local entities when appropriate.
Developing and delivering data protection training to various business functions.
Support the DPO in undertaking audit, review and evaluation of MSC’s measures to comply with legislations’ and the MSC group policies’ requirements.
Collaborating with the Information Security function(s) to raise employee awareness of data protection and security issues and providing training on the subject matter.
Collaborating with the Information Security function(s) to maintain records of all data assets and exports, and maintaining a data security incident management plan to ensure timely remediation of incidents including DPIA, security breach response, complaints, claims or notifications, and responding to DSAR.
Law degree from an accredited law school required.
Holding a Data Protection and / or Privacy certification (such as, CIPP, CIPT, ISEB, etc.) a plus.
Full professional proficiency in English and Greek.
Limited Working Proficiency in French and / or German a plus.
At least 3 years' experience within a compliance, legal, audit and / or risk function, with recent experience in data protection compliance.
Experience in developing policy and compliance training within global organisation.
KNOWLEDGE, SKILLS, AND ABILITIES
Strong knowledge of EU data protection regulation and Greek data protection Act, and a good understanding of other major privacy frameworks and evolving legislation worldwide.
Sufficient knowledge of information technology and data management systems required.
Knowledge of cybersecurity risks and other information security standards.
Well-developed and professional interpersonal skills; ability to interact effectively with people at all organisational levels of the company.
Excellent writing and presentation skills.
Strong change and project management skills, including the ability to manage time well, prioritise effectively, and handle multiple deadlines.
Detail-oriented approach needed to recommend and implement strategic improvements on a range of data protection and legal issues.
Ability to handle confidential and sensitive information with the appropriate discretion.
Knowledge of MS Office required and privacy software like OneTrust, a plus
Some international travel might be required (specially in EU and bordering countries but may include from time to time more distant countries).
Good general understanding and knowledge in Information Technology and Information Security.
Privacy enthusiast a plus.