Legal & Data Protection Officer
To provide Data Protection and Privacy related advice to all KPNWE (Kuwait Petroleum North West Europe) business units, holding the DPO role and also to provide effective legal and compliance support to the legal department of KPNWE and its mission in furtherance of the strategy and business interests of KPNWE the other KPI OUs that we service. Given the fact that the DPO is appointed for the whole KPNWE group, he needs to be easily accessible from each establishment. During the exercise of this function, the DPO will work and act independent, without getting instructions from the company. The DPO shall not be dismissed or penalized for performing his tasks.
On the request of the KPNWE legal department, the Legal & Data Protection Officer, with the support from external DP office, conducts the following activities directed towards the related end results:
- Data Protection activities:
- To perform the role of DPO at KPNWE, comprising the duties of information & advice, the duty to monitor compliance and the duty of cooperation with DP Authorities in KPNWE jurisdictions;
- The DPO will perform, at a minimum, the following tasks (required by GDPR);
- Inform and advise the Company, and employees of the Company who carry out processing, of their obligations pursuant to the Regulation and any other obligations required by Union or Member State data protection provisions;
- Monitor compliance with the Regulation, with other Union or Member State data protection provisions, and the policies of the Company in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of Company staff involved in processing operations, and related audits;
- Provide advice where requested regarding any data protection impact assessments and monitor its performance pursuant to Article 35 of the Regulation;
- Cooperate with the relevant supervisory authority or authorities;
- Act as the contact point for the supervisory authority or authorities on issues relating to processing, including the prior consultation referred to in Article 36 of the Regulation, and to consult, where appropriate, with regard to any other matter;
- Respond to the requests of data subjects pertaining to the processing of their personal data and the exercise of their rights under the Regulation.
- In matters of data protection, the DPO shall represent the Company before any external parties, and shall handle all relevant inquiries and contacts from the relevant supervisory authority or authorities;
- To keep businesses informed about developments in DP law at Benelux, KPNWE jurisdictions and also European Union level;
- To advise management on DPstrategies and framework policy;
- To foster a culture of data protection in the organization by implementing principles of data processing, data subjects rights, protection by design and default, records of processing, security and communication of potential data breaches;
- To ensure the creation and maintenance of the Data Processing Register (“DPR”, register of processing activities , art. 30 GDPR). This register must mention the contact details of the DPO. The DPO will be the owner of the files, ensuring a yearly update of the DPR. The DPO must be involved in the DPO process (review the content and the quality of information provided, ensure common understanding, answer questions…)To work proactively with fellow management team members to enhance organizational and operational process and effectiveness, working on projects and initiatives as required and to inform, advise and issue recommendation;
- To train and inform staff and management, to draft policies and ensure DP compliance is embedded in other corporate procedures and policies;
- Indicate whether or not to carry out a DPIA. If a DPIA is needed, to decide on the methodology, the outsourcing of those if required. Give advice on any safeguards to apply to mitigate the data privacy risks and verify whether or not the DPIA has been correctly carried out and whether its conclusions are in compliance with the GDPR (with evidences).To contact regularly DP authorities in each jurisdiction and respond all notifications and official requirements from those, and to notify them and register as single point of contact for all DP activities in KPNWE entities;
- To monitor possible data breaches and implement “lessons learnt”;
- To keep written & electronic documentation re processing operations within KPNWE and make this available to authorities if so required;
- To draft and review DP clauses for contracts, processing agreements, and legal review of all DP related aspects in legal documentation, contracts and M&A projects;
- To conduct and participate to any GDPR audits.
- To participate and provide guidance for the IT Security activities in terms of procedures, policies, and management and reporting of incidents;
- To monitor and direct the GDPR activities as described above, the DPO should: - Provide a ‘GDPR Quarterly Reporting’ to Legal supervisor - Provide a ‘GDPR Yearly Reporting’ for the Legal supervisor.
- Legal and compliance activities:
- To review and/or draft contracts (intercompany or towards third parties), all legal documents and related correspondence;
- To coordinate and assist in the handling of legal proceedings and/or claims, by and against the company, including instructing outside counsels;
- Responsible for maintaining sound practical procedures in order to meet legal requirements and safeguard the legal position of said companies;
- Keep the Management of the companies informed of new developments in legislation on jurisprudence whenever relevant;
- To draft and handle correspondence of a legal nature such as correspondence with outside counsel or contracting parties;
- To prepare the files in legal cases handled by the KPNWE legal department;
- To conduct know how research on a specific legal topic;
- To assist and provide legal services connected to Tenders including to collect information from authorities, e.g. tax certificates from local authorities or courts;
- To check the wording of bank guarantees and to prepare release letters of securities, in liaison with the Credit Control department;
- Legal counseling of the business in consultation with KPNWE Senior legal counsels;
- Board secretarial tasks if required, drafting of MoMs, resolutions, correspmdence with directors etc;
- To assist and provide legal advice and admin support within projects for Acquisitions, mergers, demergers, etc;
- To participate in compliance commitees and teams including antitrust, Anticorruption, Data Protection, and including delivery of intenral workshops;
- To support Corporate board and legal work (MoMs, POAs, Notarial legalizations, etc).
- Knowledge of Q8 Business at KPNWE;
- International experience and orientation;
- Familiarised with Information systems and IT;
- Basic knowledge of audit processs.
- Degree of Law
- Expert knowledge of Data Protection Law in Benelux and EU (including but not limited to crossborder transfers, individual rights, data security, profiling, cookies, direct marketing).
- Languages: Dutch, French and English, spoken and written;
- Conceptual and analytical problem solver;
- Quality & service minded;
- Team player, open minded, good communicator;
- Results oriented;
- Demonstrate continuous improvement and the ability to sum up complex information in an understandable way.