Data Protection Associate
The Global Data Protection team is responsible and accountable for designing and maintaining Deliveroo's global data privacy program and compliance framework. We regularly advise on privacy matters, create policies, guidelines and training, and develop privacy compliant processes relating to a broad range of data processing.
No two days are the same at Deliveroo and we're looking for like minded and experienced Data Protection Associate who will thrive in a dynamic environment and be a great fit for our growing team.
We are looking to hire a full-time Data Protection Associate to support the team with the management of our global data privacy program, with a particular focus on customer data processing (online marketing, personalisation, data rights etc) and the enhancement of our privacy compliance framework.
What you'll be doing:
- Overseeing the accurate and timely processing of customer data subject rights requests such as DSARs and erasures; these are already partly automated and otherwise processed by our Data Protection Paralegal.
- Overseeing the timely and appropriate response to contentious customer complaints (where necessary leading/advising on appropriate investigation, liaison with the business and drafting responses)
- Personal data incident management for small-medium sized incidents (lead on the investigation, response to data subject and remediation advice). Support on larger incidents managed by the DPO.
- Conducting privacy impact assessments and provide privacy advice on new business projects or retrospectively
- Drafting and completing DPIAs
- Working cross functionally on data mapping, ROPA completion, ongoing compliance improvement initiatives across the business
- Reviewing third party privacy due diligence and assess vendors from a privacy risk perspective
- Drafting internal policies, procedures and and guidance materials, and maintain documentation requirements that illustrate data privacy compliance
- Project management, including preparing and maintaining tracker documents for monitoring progress of matters, minutes, risks and action logs and meeting preparation
- Legal research with a view to providing the business with pragmatic advice.
- Supporting the DPO in responding to regulatory enquiries or investigations.
The successful applicant will be a self-starter and a strong performer and team player who is focussed on helping to ensure that the team successfully delivers projects for the business. While consulting appropriately on difficult issues, you must be able to deliver robust and appropriate advice and exercise sound judgement. We are specifically looking for:
- Prior extensive / in-depth knowledge of DPA, GDPR and future legislation around data privacy, security and protection, best practise and relevant case law relevant to a commercial, tech organisation
- Expert knowledge of privacy legal requirements relevant to consumer marketing, personalisation, online advertisements is highly desirable
- Effective communicator upwards and downwards; can align multiple teams across common goals
- Mentoring of more junior members in team
- Demonstrable experience and confidence in providing sound "on the spot" privacy advice, strong practical application of expert knowledge
- Demonstrable strong project management, organisational and time management skills
- Excellent written and verbal communication skills in English and strong interpersonal skills
- Ability to work flexibly to accommodate other time zones when necessary
- Be team-focused with a passion for learning, excellence, and continuous improvement
- Demonstrate respect and integrity in working with others at all levels of the business
- Highly organised and able to manage a broad range of responsibilities in a fast paced environment.
- Bachelor's degree or equivalent from an accredited university, preferably in a legal or technical topic
- Minimum 4 years previous experience interpreting and applying data protection laws, including the EU's General Data Protection Regulation (GDPR)
- Previous experience managing and responding to complex data subject requests and contentious complaints
- (Strongly preferred) Data Protection Associate/Manager experience and/or similar
- (Strongly preferred) Previous experience evaluating and assessing privacy risks relating to consumer facing businesses / tech platforms
- (Desirable) International Association Privacy Professionals (IAPP), Certified CIPM, CIPPE, CIPT
- (Desirable) Experience with OneTrust, including its privacy risk assessment module
- (Desirable) Liaising with privacy regulators
Our mission is to be the definitive food company. We are transforming the way the world eats by making food more convenient and accessible. We give people the opportunity to eat what they want, when and where they want it.
We are a technology-driven company at the forefront of the most rapidly expanding industry in the world. We are a large and experienced team, making a very large impact, seeking to answer some of the most interesting questions out there. We move fast, value autonomy and ownership, and we are always looking for new ideas.
Workplace & Diversity
At Deliveroo we know that people are the heart of the business and we prioritise their welfare. We offer a wide range of competitive benefits in areas including health, family, finance, community, convenience, growth, time away and relocation.
We believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion or a secret aversion to coriander. All you need is a passion for (most) food and a desire to be part of one of the fastest growing startups in an incredibly exciting space.