Reports to: Senior Data Protection Legal Counsel
The Group Legal and Compliance (GLC) department provides the Group with sound and pragmatic advice on legal issues. Our team handles a range of commercial, corporate, employment law, data privacy, competition law and regulatory matters. We handle litigation and regulatory and investigations which involve the Group. We also develop and implement Cathay’s compliance policies and programmes, including competition, anti-bribery, sanctions and data privacy.
As the Data Protection Legal Counsel, you will part of a team which supports the Data Protection Officer (DPO) team in ensuring compliance with the Hong Kong Personal Data (Privacy) Ordinance (PDPO), the EU General Data Protection Regulations (GDPR), the Personal Information Protection Law (PIPL) and other relevant data protection laws across all regions in which the Cathay Group operates. You will work closely with a wide range of Cathay Group business units, including Procurement, IT, Digital and People.
Key ResponsibilitiesSupport the DPO team in monitoring compliance with the GDPR, PDPO, PIPL and other relevant data protection laws and engage with internal stakeholders to provide advice on data protection matters.Support on the advice on privacy impact assessments (PIAs), including on when they are required, what methodology to follow, identifying key privacy risks and suggesting mitigation actions in compliance with relevant data protection laws.Independently draft, review, and negotiate data protection-related contracts or clauses (e.g. Data Protection Addendums), as requested by the Senior Data Protection Legal Counsel.Support the development, and management of internal data protection-related policies and compliance processes.Independently investigate and follow up on potential privacy incidents, as requested by the Senior Data Protection Legal Counsel.Independently coordinate responses to individual rights requests (e.g. access, deletion, rectification) and law enforcement requests, as requested by the Senior Data Protection Legal Counsel.Promote strong data protection standards through conducting training and awareness sessions to various Business Units and Outports.Support the DPO team in managing third-party privacy risk related procedures, including to independently review and assess responses provided by third parties through pre-onboarding questionnaires, as well as alerts provided by the pre-onboarding screening system.Requirements
A proven interest in global data protection laws and practices, with a focus on PDPO, GDPR, PIPL and other relevant data protection laws in which Cathay Group operates, and a strong desire to learn how these regimes relate to both customer and employee personal data.Law degree with 3+ years of experience specialising in data protection and privacy and holding privacy-related certifications (e.g. CIPM, CIPP), OR a 3+ year PQE data protection lawyer with experience gained in a reputable law firm. In-house experience in an organisation that has substantial personal data operations is preferred.High proficiency in office applications (including Word, PowerPoint and Excel).Fluent spoken and written English, Cantonese and Putonghua.Experience in using OneTrust and / or other privacy management software is advantageous.Excellent communication and presentation skills and ability to interact with a wide range of stakeholders.High attention to detail, and able to see and understand the bigger picture.Extremely well organised and good at planning and managing his/her time as well as others. Ability to work flexibly and on multiple tasks.Mature and has a high sense of responsibility and accountability for their work.Excellent team player and able to work with people at all levels across the organisation.Personal & Application Information
Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.
Apply nowShare