Legal Specialist, DPO

About The Position

Requirements

• Law degree (LL.B., LL.M., or equivalent) from an accredited institution; admission to the Polish Bar (Radca Prawny or Adwokat) or equivalent EU bar is strongly preferred.
• Minimum 5 years of post-qualification legal experience, with significant exposure to data protection and privacy law.
• Demonstrated, in-depth knowledge of the GDPR and its practical application in a corporate environment, including DPIA methodology, DPA drafting, and interaction with supervisory authorities.
• Strong working knowledge of Polish employment law (Kodeks Pracy) and its application to HR and people operations.
• Experience drafting and negotiating commercial contracts, vendor agreements, and data processing agreements.
• Fluency in Polish and English (written and spoken) is required; additional EU language proficiency is an asset.

Nice To Haves

• Certified Information Privacy Professional / Europe (CIPP/E) or equivalent privacy certification is highly desirable.
• Prior experience serving in a DPO capacity or in a dedicated privacy counsel role.
• Experience in the life sciences, clinical research, or healthcare sector, with familiarity with clinical data and regulatory frameworks (e.g., ICH-GCP, EMA guidelines).
• Familiarity with US privacy regulations (e.g., HIPAA, CCPA) and their interplay with GDPR.
• Experience with multi-jurisdictional data governance in an international organization.
• Working knowledge of ISO 27001 or similar information security standards.

Responsibilities

• Serve as Sitero’s officially designated DPO under GDPR Article 37, acting as the primary point of contact for data subjects, supervisory authorities, and internal stakeholders on all data protection matters.
• Lead the development, implementation, enforcement, and ongoing monitoring of Sitero’s global Data Privacy Policy and Data Protection Program to ensure full compliance with GDPR, applicable US privacy laws, and other regional privacy and security regulations.
• Oversee and conduct Data Privacy Impact Assessments (DPIAs) as required under GDPR Article 35, addressing the following areas in each assessment: The purpose(s) for which Personal Data is being processed and the processing operations to be carried out. Details of the legitimate interests being pursued by Sitero. An assessment of the necessity and proportionality of processing operations relative to the stated purpose(s). An assessment of the risks posed to data subjects, including likelihood and severity. Details of measures in place to minimize and handle risks, including safeguards, data security controls, and other mechanisms to demonstrate compliance.
• Receive, investigate, and respond to reported or discovered violations of Data Processing Agreements (DPAs), coordinating timely remediation and reporting to senior leadership; serve as the primary contact at [email protected] for all data protection inquiries and violation notifications.
• Maintain and continuously update Sitero’s Records of Processing Activities (RoPA) in accordance with GDPR Article 30.
• Manage data subject rights requests (access, rectification, erasure, portability, objection) within statutory timeframes.
• Review, negotiate, and maintain Data Processing Agreements and Standard Contractual Clauses (SCCs) with vendors, processors, and sub-processors.
• Monitor and advise on regulatory developments across EU member states, proactively identifying compliance gaps and recommending corrective action.
• Liaise directly with the Polish supervisory authority (UODO) and other EU data protection authorities as required.
• Deliver organization-wide data privacy training and awareness programs; foster a culture of privacy-by-design and data minimization.
• Provide day-to-day legal advice on a broad range of corporate matters including commercial contracts, vendor agreements, service agreements, confidentiality/NDA agreements, and clinical trial-related legal documents.
• Draft, review, and negotiate contracts with clients, vendors, and business partners, ensuring alignment with Sitero’s risk tolerance and applicable law.
• Advise leadership on corporate governance, regulatory compliance, and risk management, escalating material legal risks as appropriate.
• Support intellectual property protection, including review of IP-related clauses in commercial agreements.
• Assist in managing disputes, claims, and litigation strategy in coordination with external counsel.
• Support corporate entity management and compliance filings across Sitero’s European legal entities.
• Stay current on Polish and EU commercial law and advise on the legal impact of regulatory changes on Sitero’s operations.
• Serve as the primary legal advisor to the People & HR team on all employment law matters in Poland and, where applicable, across EU jurisdictions.
• Advise on the full employment lifecycle, including hiring practices, employment contract templates, compensation structures, performance management, disciplinary procedures, and terminations, ensuring compliance with the Polish Labor Code and applicable EU employment directives.
• Review and maintain compliant employee policies, handbooks, and HR procedures, ensuring alignment with both Polish law and Sitero’s global people policies.
• Advise on the intersection of data privacy and human resources, including lawful bases for processing employee personal data, employee monitoring policies, and HR data retention schedules.
• Support the HR team with legal aspects of employee relations matters, including investigations, grievances, and accommodations.
• Advise on works council obligations, employee representation requirements, and collective labor matters where applicable under Polish law.
• Partner with HR to ensure onboarding processes, background screening, and employee data handling are fully GDPR-compliant.
• Provide guidance on cross-border employment arrangements, including remote work policies and international employee data transfers.

Benefits

• competitive salary
• paid time off
• healthcare and retirement benefits