Local Privacy Officer

About the job

Job purpose:

As business partners and accountable to their Risk Owners, Privacy officers are accountable for assessing, mitigating, and independently monitoring the privacy risks within their respective Markets/clusters.

Local Privacy Officers are also the delegates of the Group DPO and the main points of contact to Data Protection Authorities (DPAs)

Key accountability:   

Governance & Monitoring

•        Appoint and manage a network of Privacy Champions (point of contacts) within the relevant local departments; 

•        Chair the Local Privacy Working Group consisting of appointed Privacy Champions. Through this working Group, design, secure sponsorship and deliver the Local action plan for Privacy;

•        Actively contribute to Privacy Transformation Working Groups where appointed, cascade action plans to Privacy Champions where needed;

•        Actively monitor local privacy regulations/enforcements, and implement local adaptations of global procedures when required by local laws;

•        Contribute to internal position papers, represent Sanofi in industry advocacy efforts (trade associations);

•        Report Program and Operations KPIs through the Global Privacy dashboard;

•        In accordance with the Global Privacy reporting framework, produce a yearly activity report and present it to the Country chair and local business operations;

Accountability & Privacy by design

•        Map the processing activities within the Privacy Officer scope in accordance with GPO’s methodology;

•        Integrate and maintain the record of local Personal information processing activities;

•        For local projects, ensure assessment processes are respected:

o   Promote and champion the usage of the Privacy Checklist by the Business to ensure Privacy-By-Design principles are implemented within projects;

o   Review & validate Personal Data Protection Assessments (PDPA) in Onetrust;

o   When relevant, review and validate Study Compliance Forms or other relevant study questionnaires;

o   Document local variations from global processes and procedures;

o   Ensure that local registrations/filings with competent data protection authorities are completed;

•        For Global projects, partner with the BU/GF Privacy Officer in ensuring local practices or regulations are considered at the early stage of design, escalating showstoppers, and offering local resolutions;

•        Ensure Data Processing Agreements processes are respected;

•        Cascade communication of Global DPA templates and guidance to Legal in charge of the negotiation;

•        Provide support for local adaptation of DPA templates where mandatory;

•        Cascade communication of Privacy Notices templates and guidance;

•        Provide support for local adaptation of Privacy Notices where mandatory;

Management of privacy events

•        Review and answer all Individual Rights Requests, ensuring Data subject rights are upheld in line with regulatory requirements and Sanofi’s commitments to privacy;

•        Review and coordinate the management, assessment, and resolution of local data breaches in line with Sanofi SOPs with the support of GPO;

•        Partner with Sanofi Auditors for the planning and execution of internal audits;

•        As the primary contact of local Data Protection Authorities, Carry out regulatory notifications and answer to local Authorities’ inquiries with the support of GPO;

•        Manage data protection dawn raids in accordance with GPO dawn-raid procedure and local requirements;

Training and awareness

•        Actively contribute to Sanofi Global Privacy Training strategy in ensuring Materials designed centrally are fit for purpose, review translations and establish the relevant priority audience;

•        Organize local and ad hoc training session in line with local needs;

•        Cascade GPO communication campaigns (flyers, data protection days, GPO initiatives…);

Key Working Relationships

Internal:

•        Direct local privacy champions with clear expected outcomes in line with the local action;

•        As the voice of privacy rights of employees, act with integrity and independence with regards to resolutions of potential conflicts;

•        Establish credibility and influence local senior stakeholders such as General management, Digital, HR, R&D, Commercial;

•        Confident in escalating project risks and issues to senior leaders individually and collectively, i.e.. The global privacy committee;

External:

•        As the voice of privacy rights of external Data Subjects (candidate, consumers, patients), act with integrity and independence with regards to resolutions of potential conflicts;

•        As the main point of contact of local Data Protection Authorities, establish an active relationship in line with Sanofi commitments;

•        Represent Sanofi within local Privacy and trade associations;

Qualifications

•        Soft skills: Strong business acumen • Personally mature, able to deal effectively with complex issues and manage conflicts • Highly self-organized and accurate with documents • Relationship building & networking / influencing skills;

•        Technical skills: Privacy certification CIPP highly desired, OneTrust (advanced);

•        Education: Degree or Master preferably Business Administration, Legal and computer science;

•        Languages: Excellent written and verbal communication skills in local language and English.

Pursue progress, discover extraordinary

Better is out there. Better medications, better outcomes, better science. But progress doesn’t happen without people – people from different backgrounds, in different locations, doing different roles, all united by one thing: a desire to make miracles happen. So, let’s be those people.

At Sanofi, we provide equal opportunities to all regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, or gender identity.

Watch our ALL IN videoand check out our Diversity Equity and Inclusion actions at sanofi.com!