Senior Data Protection Specialist

Headquartered in Geneva and part of the A.P. Moller Group, Unilabs is one of Europe’s leading medical diagnostics companies, offering a complete range of laboratory, pathology, genetics, and imaging services to patients across 14 countries. Unilabs invests heavily in technology, equipment, and people – using digital technologies in its state-of-the-art laboratories and imaging institutes – to improve the lives of close to 100 million people every year.

The Role

In this role you will have a key role to play in the management our Data Protection Programme. Our team is at the heart and start of all effective data protection controls and decisions, providing vital data protection oversight and management for our operations in all countries.

The Senior Data Protection Specialist will support the Group Data Protection Officer (DPO) to ensure Unilabs continues to meet its data protection legal and regulatory obligations. The successful candidate must have a strong understanding of the General Data Protection Regulation ('GDPR') and an exposure to other global data protection laws and regulations.

There is a significant advisory and cross-functional business partnering component to this role, with the successful candidate able to articulate thoughts clearly, plan initiatives, and execute with appropriate prioritisation and urgency. The successful candidate will demonstrate drive, intelligence, maturity, and energy and will be a proven change agent.

The role is international for Unilabs’ group covering all countries in Unilabs portfolio, whether located in Europe or elsewhere. The Specialist’s specific focus shall be dedicated also to HQ – Swiss tasks in the collaboration with the dedicated data privacy coordinator in the Switzerland.

Key Responsabilities

·     Collaborate with a team of centralised data protection professionals and geographically dispersed Local Data Protection Coordinators (LDPCs).

·     Responsible for maintaining and managing the data privacy controls supporting Unilabs' Data Protection Operating Model across people, process and technology related to data protection.

·     Manage and ensure mitigations for all key data protection risks throughout Unilabs.

·     Support business stakeholders and LDPCs in understanding and maintaining:

• The Records of Processing Activities (RoPA) including identifying the need for Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), Transfer Impact Assessments (TIAs).
• Key policies and their enactment locally such as: Consent management; Complaints management; Retention management etc.
• Local risk registers.

·     Ensure the business manages and responds to Data Subject Rights Requests and Personal Data Breaches in line with internal policies, regulatory requirements and timelines.

·     Assist the Group DPO in:

• Creating and maintaining leading and lagging data protection metrics .
• Developing, updating and maintaining data protection policies, standards, processes, notices, and guidelines.
• Conducting audits and deep dives in data protection procedures and processes to identify risks and gaps.
• Interacting with the relevant Data Protection Authorities, where required.
• Act as delegate for the DPO in the various forums and stakeholder governance meetings by:
• Effectively communicating the status of the Data Protection programme to the Senior Leadership team and other stakeholders;
• Assisting the DPO in managing and reporting on applicable KPIs and metrics.

·     Work with stakeholders in the operation of Vendor Risk Management and Due Diligence processes for requirements such as transfer impact assessments, need for specific transfer mechanisms (e.g. SCCs), data privacy risk assessments etc.

·     Prepare, review and negotiate data protection agreements and contractual clauses.

·     Champion a data protection culture of:

• Privacy by Design and Default.
• Providing Data Protection awareness and training at all levels of the organisation.
• Ensuring appropriate data protection general and specific training is delivered throughout the business.

·     Oversee, identify, track and assist, as necessary, the execution of Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), Transfer Impact Assessments (TIAs)

·     Lead Data Protection projects and programmes as DPO delegate as required.

·     Keep up to date with new data protection laws, regulations and key developments in data protection impacting all our territories and advise management on changes and potential impact on Unilabs activities.

·     Support the AI activities and strategy of Unilabs.

·     Bachelor´s degree in Law, Information Technology, Computer Science or related discipline.

·     Professional qualification/certification or experience in data protection law is essential (e.g. CIPP, CIPP, CIPM, CDPO etc).

·     Minimum of five years of experience working in the field of data protection/ privacy.

·     Good communication and interpersonal skills with the ability to build credibility and trust at all levels across the organization.

·     Strong analytical and problem-solving skills and excellent attention to detail.

·     Self-starter with strong interpersonal, written, and verbal skills in English with a proven ability to educate, inform, negotiate and achieve understanding and consensus on needs across different functions, levels and customers.

·     Experience managing a team and multiple senior stakeholders.

·     Experience implementing data protection policies, standards, processes, and support models to achieve business objectives.

·     Experience conducting or overseeing data protection risk assessments such as DPIAs, TIAs, LIA, etc.

·     Strong knowledge of Data Protection regulations, including the GDPR, ePrivacy Regulations.

·     Ability to work with various functions to identify feasible solutions to data protection requirements and challenges.

·     Ability to handle multiple projects and workstreams simultaneously, delivering high-quality results under thigh deadlines.

·     Experience working with data protection systems e.g. OneTrust, whereas OneTrust certification will be offered at joining

·     Microsoft office proficiency in Word, Excel and PowerPoint.

·     Experience directly supporting business units on privacy issues is strongly preferred.

·     Experience with AI based tools (Copilot, ChatGPT, other).

·     Proficiency in English, and Professional level of French is of advantage.

Desired but not essential experience:

·     Understanding of other data privacy regulations (e.g. CCPA/CPRA, PIPL, LGPD, HIPAA, HITECH, UK GDPR etc.,) and standards a distinct advantage.

·     Ideally delivered elements of a privacy related change programme.