Job Title: Data Privacy Compliance Counsel
In a fast-paced environment, this role will be responsible to assist with improving, sustaining and facilitating robust, interdisciplinary global programs to address and mitigate personal data privacy risk and execute the CBRE Group’s global data privacy and protection strategy, with focus on CBRE’s EMEA Region and Advisory business line.
This individual will be a member of CBRE’s Global Data Privacy Office (“GDPO”), report to the GDPO’s EMEA Regional Legal Director, and serve a point of contact for data privacy and protection issues facing the business in CBRE's EMEA Region.
• Advise internal clients on compliance with legal requirements and CBRE’s privacy policies, notices, standards and procedures.
• Identify and implement comprehensive processes to support implementation of data privacy and protection policies, Privacy Impact Assessments, Data Subject Request responses, Privacy by Design and manage customer/employee consents and complaints.
• Create, coordinate and deploy privacy training and communications programs through multiple avenues, including in-person training, specifically around operational compliance with the GDPR privacy principles, privacy by design, data subject requests, and cross-border transfers.
• Assist with data privacy and protection due diligence relating to mergers and acquisitions.
• Understand the regulatory framework that applies to privacy risk assessment processes, analyse compliance requirements and make recommendations as needed. Support the implementation of new requirements into technology or compliance solutions.
• Continue to build, improve, and mature CBRE’s global data privacy and protection program to align the global and regional programs with a focus on CBRE's EMEA Region and Advisory business line.
• Improve and maintain subject matter expertise of local data privacy and protection regulations impacting countries in CBRE's EMEA business.
• Support CBRE’s Legal, Compliance and IT departments with investigations and responses to privacy incidents.
• Improve and maintain cross-border data transfer legal frameworks, including CBRE’s Intra-Group Data Transfer Agreement and the EU model clauses
• Manage, under the supervision of the EMEA Regional Director, Data Privacy, the planning, organization, and controls for a major functional area or department.
• E&W Qualified Solicitor or other equivalent European qualification.
• Experience in EMEA Data Protection Laws and understanding of the GDPR or demonstrated ability to learn.
• Willingness to build on any gaps of knowledge.
• Ability to negotiate effectively with key employees, management, and client groups.
We are an equal opportunities employer and do not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age.
CBRE Group, Inc. is the world’s largest commercial real estate services and investment firm, with 2019 revenues of $23.9 billion and more than 100,000 employees (excluding affiliate offices). CBRE has been included on the Fortune 500 since 2008, ranking #128 in 2020. It also has been voted the industry’s top brand by the Lipsey Company for 19 consecutive years and has been named one of Fortune’s “Most Admired Companies” for eight years in a row, including being ranked number one in the real estate sector in 2020, for the second consecutive year.
CBRE offers a range of integrated services, including facilities, transaction and project management; property management; investment management; appraisal and valuation; property leasing; strategic consulting; property sales; mortgage services and development services.
In central London, CBRE advises on more commercial property than any other adviser and across the United Kingdom with offices in Aberdeen, Birmingham, Bristol, Edinburgh, Glasgow, Jersey, Leeds, Liverpool, Manchester, and Southampton.