Country Data Protection Officer
L’Oréal is present in 140 countries on five continents. For more than a century, L’Oréal has devoted itself solely to one business: beauty. A unique and international portfolio of 34 complementary brands, generating over 25.8 billion euro of sales in 2016 : Lancôme, Garnier, L’Oréal Paris, Armani Parfums, YSL, Kerastase, Vichy, Kiehl’s, La Roche-Posay, Gemey Maybelline NY, Shu Uemura, NYX, Urban Decay, Diesel...
Reporting to Country Legal Manager and functionally to Group DPO, the country Data Protection Officer is responsible for implementing locally Group’s personal data protection policies and processes, for employees, consumers and service providers, in compliance with local law.
- IMPLEMENT LOCALLY THE GROUP DATA PROTECTION GOVERNANCE PROGRAM
- Implement data protection policies (in compliance with local regulations);
- Adapt procedures to ensure Group policies are effective (including privacy impact assessments, data subjects complaint handling procedures,…);
- Adapt standard data protection clauses for consumers, clients, service providers;
- Ensure with IT security that relevant measures guarantee compliance with data protection policies and procedures;
2. ENSURE LOCAL ENTITY’S COMPLIANCE ON DATA PROTECTION
- Report to local Management and Group DPO on the data protection program implementation.
- Ensure documentation of processings incl. maintain a data protection register;
- Cooperate with the Data Protection Authorities and act as its contact point for any related privacy issues ;
- Review data protection clauses in customers’ and providers’ agreements;
- Assess internal tools’ privacy impact and make recommendations to ensure tools’ compliance;
- Inform employees’ representatives or obtain their prior approval, with HR’s support ;
- Handle data breaches’ crisis situation with Group DPO and other relevant functions;
- Ensure that data subjects’ requests are handled adequately and in a timely manner;
- Inform country Management and Group DPO of new regulations which may impact activities.
3. RAISE INTERNAL AWARENESS
- Train all entity’s employees;
- Communicate internally regularly; organize events, such as a “Data Protection Day”;
- Monitor the local evolution on data protection (participate to conferences and training)
About You :
- You will have a Masters in Law and a strong passion for IT
- You will have 7 - 10 years experience in a corporate legal environment
- You will have knowledge of local data protection law, regulations and practices
- You have experience in working with Data Protection Authorities
- You understand the of IT challenges and business stakes
- You are a great communicator and have the ability to manage projects
- You have the ability to influence key stakeholders and manage relationships
- You are fluent in English, French and other languages highly welcome