Main Purpose of the Team

The purpose of the Group Legal Data Protection and Privacy team (DPP) is to comply with Data Protection and Privacy regulations across multiple jurisdictions and influence Specsavers local and global perspective in relation to the privacy and protection of Customers and employees’ personal data and information.  

Main Purpose of the Role

This Legal Counsel – Data Privacy and Protection, role is a key role within the Data Protection Legal team. Ultimately this role is likely to form the succession to the Group DPO role. 

The purpose of this role is to deliver commercial legal advice in order to ensure that Specsavers effectively complies with principles of international data protection and privacy law.

It will be a senior role in the team in terms of experience and provide specialist support to the Privacy managers on points of law, as well as be the main point of contact for all data protection commercial legal work (contracts). This role further supports to the Data Protection Officer (DPO) to discharge his role in relation to ensuring Specsavers compliance with Data Protection and Privacy laws, and to ensure the team is ready to deliver against our long-term framework (LTF). 

The scope of this role is wide, covering, UK/ROI, Spain, and Specsavers operating countries in Northern Europe. The role holder will from time to time as required be called upon to support the ANZ region, as well as Canada and new Specsavers territories.

.  

 Key Responsibilities

• Responsible for delivering on the strategic direction set by the DPO in all issues which relate to the protection of privacy and personal data.
• Acting as principal lawyer for data protection related commercial agreements: this will be group centric, with opportunities to support Specsavers regional teams where needed.
• Act as an expert legal advisor, providing direction and guidance to Privacy Managers in relation to complex DP legal matters.
• Accountable for continuing to develop Specsavers strategic policy in relation to compliance with the GDPR and any analogous international data protection laws and supporting the DPO in delivery of the same.  
• Supporting and deputising for the DPO where necessary relating to both international and local data protection legal queries and advice.
• Support the DPO in delivery of the LTF – specifically around the growth agenda and data protection legal challenges/opportunities of new market entry or extending/developing services.
• Conduct and deliver the investigation, management and resolution of serious personal data breach incidents, complaints, and external regulatory investigations (carried out by the Information Commissioner's Office or relevant supervisory Authorities) involving any aspect of the processing of data /sensitive information by Specsavers and/or its external service providers.
• Deliver an ongoing programme of privacy and data protection training and outreach activities, including the development and ongoing renewal of online guidance and eLearning materials which make colleagues aware of their responsibilities under relevant legislation, policies and standard methodology.

Commercial legal skills

• Drafting and negotiating privacy related contracts and agreements (internal and external).

• Representing the legal team at cross functional project teams in respect of new business initiatives.
• Assisting and advising on larger tender processes (including NHS and other governmental bodies).

Key Skills, Ability or Experience

The postholder will be a Lawyer (Solicitor, Barrister or Legal Executive) and a Data Protection and Privacy expert in their field. 

Due to the wide range of stakeholders both internally and externally there is a requirement for the individual to possess great people skills, with the demonstrability to relate to individuals with differing backgrounds and requirements, excellent communication skills, ability to deal one to one to help solve problems by applying analytical skills to provide the appropriate solution and preventative measures, whilst taking ownership and accountability for actions agreed  and decisions made.  

This is a group wide role and given the nature of the work their stakeholders will range from senior managers to Board level executives.

They will have a passion and drive for data protection and will have proven data privacy experience and, having achieved the required qualifications, possess a good understanding of data protection laws.  

EXPERIENCE & QUALIFICATIONS 

Summary:

• A qualified Lawyer (Solicitor, Barrister, Legal Executive, or internationally recognised equivalent) with at least 2 years’ experience gained in either a top legal firm or in-house environment.
• A Professional qualification relating to Privacy/Information Rights Management would be preferable - Certified Information Privacy Professional/Manager (CIPP/M), British Computer Society/Information Systems Examinations Board (BCS/ISEB) practitioner qualification in data privacy or equivalent. 
• +2 years’ experience of working in a privacy and data protection legal Practice/ compliance area.  
• Expert knowledge of Information rights legislation, the data Protection Act 2018, and the General Data Protection Regulation. 
• Preferably experience of performing a similar role, ideally within Retail, Healthcare or Technology.