Compliance and Risk Counsel - Data Privacy and AI
Compliance and Risk Team
The firm’s Risk Legal Team, led by the firm’s General Counsel, includes 10 lawyers and 2 paralegals advising on all aspects of legal risk, including financial crime compliance, claims, complaints, insurance, engagement terms, contracts, data privacy, SRA STaRS compliance and conduct issues and regulatory engagement.
This role will report to the firm’s Data Privacy Officer who is responsible for advising on the firm’s data protection and ePrivacy compliance. It will suit a junior data protection/privacy lawyer, with broad experience of data protection advice from private practice, who is looking to move to an in-house role whilst retaining the benefits of working in a law firm environment. An interest in data protection issues relating to developments in AI would be advantageous.
Roles and Responsibilities
* Supporting the maintenance of the data protection compliance programmes in line with Data Protection Legislation applicable across Charles Russell Speechlys, with a reporting line to the Data Privacy Officer. This includes data accountability and governance, drafting policies and procedures, privacy notices, advising on lawful bases for processing personal data, legitimate interest assessments and data protection impact assessments, data transfers, contract terms, training and handling data subject rights requests, including data subject access and erasure requests;
* Supporting the Firm's General Data Protection Regulation (GDPR) and UK GDPR Programme and the various work streams as required;
* Providing support with the management and reporting of personal data breach notifications, including: preparation of security incident/data breach investigation reports; collection of relevant information from individual(s) reporting the breach; working with relevant stakeholders; and managing the internal personal data breach log;
* Responding to queries from individuals, including leading with the searches and collation of data, the review and preparation of responses to data protection related requests from individuals when needed;
* Supporting the data protection related third-party vendor management process, including maintenance of database, contact with vendors and internal business owners, including Procurement and Information Security, contract reviews, vendor questionnaires and risk assessments;
* Leading the maintenance of data protection policies and procedures, including the Data Protection and Monitoring Policy, Subject Access Request Policy and specific departmental policies, and ensuring these are kept up-to-date with changes in the law, case law and industry guidance;
* Supporting the DPO on data protection requirements relating to developments in AI at the firm, including reviewing AI offerings and developments, identifying and addressing additional needs and finding solutions to minimise risks;
* Maintaining a watching brief on data protection developments abroad, particularly related to the firm’s office locations and identifying potential requirements and implications of local data protection laws;
* Drafting and advising on complex data protection-related documentation such as data privacy policies, intra-group agreements and leading in drafting of other data protection related internal policies, procedures and manuals and their implementation;
* Handling complaints, queries and subject access requests from data subjects;
* Reviewing, planning for and responding to client cyber and information security audits, in conjunction with Information Security.
* Comply with all relevant legal and regulatory obligations including the Solicitors Regulation Authority (SRA) Standards and Regulations, and Principles.
Skills and experience
* Qualified solicitor (or equivalent) with around 2 years’ Post Qualification Experience
* Ideally, experienced in data protection and AI work
* Relevant experience may have been gained either in a fee-earning or in-house role
Person specification
* Be able to work with minimal supervision and using own initiative
* Able to work effectively with and build strong relationships with colleagues at all levels across the firm
* Able to articulate difficult messages and decisions to the business through effective communication
* Resilient, flexible in approach and responsive
* Self-motivated and able to take responsibility for taking matters through to completion or resolution
* Experience of working in a large City or international law firm is desirable
#J-18808-Ljbffr