LEGAL COUNSEL DATA PROTECTION

GENERAL SUMMARY

MSC MEDITERRANEAN SHIPPING COMPANY S.A. Cargo Division is looking to recruit an experienced Legal Counsel specialized in Data Protection to meet its obligations under the General Data Protection Regulation (GDPR), the Greek Data Protection Law 2472/1997 amended and other applicable data protection acts. Within MSC Cargo’s Data Protection Team, the Legal Counsel will monitor compliance and data practices internally to ensure the business and its functions comply with the applicable requirements. He/she will be notably responsible for staff training, data protection impact assessments, contract reviewing and internal audits.

ESSENTIAL DUTIES AND RESPONSIBILITIES

In this role, you will work closely with the Legal/Compliance, Information Technology and Information Security functions to develop and monitor policies and standards applicable to the business and in compliance with the GDPR and data protection acts. Duties will include:

• Implementing measures and a privacy governance framework to manage data use, including developing templates for data collection, assisting with data mapping, and vendor management reviews. 
• Working with key internal stakeholders in the review of projects and related data to ensure compliance with local data protection laws, and where necessary, complete and advise on privacy impact assessments. 
• Serving as the primary point of contact for queries in the business. 
• Serving as the primary point of contact for data subject access requests (DSAR). 
• Liaise with Data Protection Authorities on all data protection related matters. 
• Reviewing vendor contracts and ensuring filing requirements with local regulators are achieved. 
• Conducting ongoing reviews of MSC Cargo Division data protection governance framework, including setting standards and reviewing policies and procedures globally that meet the legal requirements. 
• Monitoring changes to local data protection laws and making recommendations to local entities when appropriate. 
• Developing and delivering data protection training to various business functions. 
• Support the DPO in undertaking audit, review and evaluation of MSC’s measures to comply with legislations’ and the MSC group policies’ requirements. 
• Collaborating with the Information Security function(s) to raise employee awareness of data protection and security issues, and providing training on the subject matter. 
• Collaborating with the Information Security function(s) to maintain records of all data assets and exports, and maintaining a data security incident management plan to ensure timely remediation of incidents including DPIA, security breach response, complaints, claims or notifications, and responding to DSAR.
  

EDUCATION

• Law degree from an accredited law school required.
• Hold a Data Protection and/or Privacy certification (such as, CIPP, CIPT, ISEB, etc.) a plus.

LANGUAGE PROFICIENCY

• Full professional proficiency in English and Greek. 
• Limited Working Proficiency in French, Italian, Spanish and/or German a plus.

WORK EXPERIENCE

•  At least 3 years' experience within a compliance, legal, audit and/or risk function, with recent experience in data protection compliance.
• Experience in developing policy and compliance training within global organisation.

KNOWLEDGE, SKILLS, AND ABILITIES

• Strong knowledge of EU data protection regulation and Greek data protection act, and a good understanding of other major privacy frameworks  and evolving legislation worldwide. Sufficient knowledge of information technology and data management systems required.
• Knowledge of cybersecurity risks and other information security standards.
  
• Well-developed and professional interpersonal skills; ability to interact effectively with people at all organisational levels of the company.
• Excellent writing and presentation skills.
• Strong change and project management skills, including the ability to manage time well, prioritise effectively, and handle multiple deadlines.
• Detail-oriented approach needed to recommend and implement strategic improvements on a range of data protection and legal issues.
• Ability to handle confidential and sensitive information with the appropriate discretion.
• Knowledge of MS Office required and privacy software like OneTrust, a plus.

ADDITIONAL REQUIREMENTS

• Some international travel (30% at least for the first year in Europe) will be required (specially in EU and bordering countries but may include from time to time more distant countries). 
• Good general understanding and knowledge in Information Technology and Information Security. 
• Privacy enthusiast a plus.