Regional Data Privacy Manager

About The Position

Requirements

• 4-5 years of DPO/DPC experience in privacy and security risk assessment and best practice mitigation, including significant hands-on experience in privacy assessments, privacy certifications/seals, and information security standards certifications
• Bachelor’s degree (preferred if in related field)
• Updated knowledge of, and experience with, GDPR and relevant local data protection legislation and legal compliance, as well as employee privacy and employment laws
• Strong business acumen with a pragmatic mindset, with ability to lead and execute business goals and initiatives
• Ability to prioritize and manage risk – balancing business value versus effort and cost
• Excellent cooperation and communication skills with ability to make the complex simple and communicate and engage at all levels, both formal and informal
• Strategical, abstract, and conceptual thinking ability with a flexible mindset and the ability to see, formulate, and propose different solutions in an easy-to-understand way
• Ability to identify and remediate compliance gaps, and recognize opportunities for new or improved technologies to enable a more effective data governance and compliance program
• Curious nature and interest in learning and developing yourself
• Great interpersonal skills and ability to work well both independently, as a part of a team, and as a leader. Inclusive, positive, open to feedback, willing to multitask and learn on the job

Nice To Haves

• CIPP/US certification preferred

Responsibilities

• Lead privacy governance for Region Americas, ensuring compliance with local laws while aligning with H&M Group’s global data privacy standards in both the Customer and Employees areas.
• Act as primary regional point of contact for global stakeholders on Data Privacy matters
• Stay updated on local regulatory developments and translate the global standards into regional ones when necessary.
• Advise on and implement changes across business functions and brands in accordance with new privacy legislation and global privacy standards.
• Create, implement, and uphold Regional Privacy Guidelines based on the global standards and local legislation, applying a risk-based and pragmatic mindset
• Oversee key compliance areas such as Privacy Policy/Notice Development, Regulatory Response, Consent Management, Cookie and Tracking Technology Compliance, and Data Subject Rights Management
• Collaborate with Group DPO and the global privacy community and oversee outside counsel to interpret the law and assess business application, scope, and risks
• Establish regional understanding and commitment to global privacy principles, adapting them to local context.
• Conduct privacy monitoring and testing across all brands and markets in both the Customer and Employee areas
• Drive awareness and training initiatives in line with global programs, ensuring regional relevance.
• Offer hands-on support and guidance to regional and local stakeholders in each function on new and changing processes, tools, and initiatives that collect or use personal data
• Identify Personal Data needs in future business plans and initiatives – take actions to support, guide, and help navigate to do right while reaching business targets
• Empower local teams to carry out and monitor ongoing Data Privacy mandates and responsibilities
• Oversee regional privacy risk management, including risk identification and assessment process following the global risk framework.
• Identify potential gaps and be the owner of the risk-based action plan including recurring reviews as well as follow up, decision making, and hands-on support
• Create and implement data retention & deletion policies and standard operating procedures
• Report status, risks, and plans to regional and global key stakeholders such as the Group Data Protection Officer.
• Oversee and advice on third party management, ensuring new vendors and/or service providers comply with applicable privacy and employment laws, revise and implement contractual privacy safequards to align with company and industry data privacy compliance standards
• Lead regional data breach strategy and response in cooperation with global Customer Service and Business Tech teams, ensuring compliance with local breach notification laws
• Efficient way of working and decision making. Active member of H&M’s global data privacy community, collaborating with the Group DPO and peers worldwide to share best practices and drive global standards.
• Instruct teams on privacy technical safeguards and “privacy by design” principles to be incorporated into new and/or improved tools, systems, and platforms
• Ensure well working processes and tools to be and stay compliant within the region including handing data subject’s rights as well as supporting working efficiently – using our group common processes and tools if possible, or with local adaptations if needed
• Be the “go to” person internally (within H&M Group) for knowledge about regional privacy framework/requirements and for regional/country support
• Maintain good relationship with local authorities in each country within Region Americas and manage regulatory interactions in a timely fashion to such authorities’ requests.

Benefits

• We pride ourselves on being a values-driven organization, guided by our 7 unique values that have been part of our success story for over 75 years
• You’ll have access to our Colleague Resource Groups (CRGs) to find community and networking opportunities among colleagues
• We value diverse backgrounds, including but not limited to race, ethnicity, gender, age, religion, sexual orientation, and disability
• We are an inclusive company where you’re encouraged to be yourself at work
• You will have access to a large global talent community, where career growth and aspirations have no limits
• We believe in supporting your overall wellbeing and offer comprehensive benefits inclusive of health insurance, wellness and family support programs, company match 401k, paid leave programs, and paid time off, including a community day to serve your local community
• You’ll be able to express your personal style with our employee discount at H&M, & Other Stories, and COS
• 25% Staff Discount
• Medical, Pharmacy Vision and Dental Coverage
• Employee Assistance Program
• Vacation, Wellness, Holiday and Parental Pay
• 401K
• Commuter Benefits, Health and Dependent Care FSA
• Plus, additional Voluntary Benefits.