Apply on Employer Site

H&M · 3 days ago

Regional Data Privacy Lead

New York, NY

Full-time

Hybrid

Mid, Senior Level

$160K/yr - $200K/yr

4+ years exp

H&M is a global fashion retailer seeking a Regional Data Privacy Lead to manage privacy compliance for the Americas. The role involves leading privacy governance, ensuring alignment with global standards, and collaborating with various stakeholders to implement effective data privacy strategies.

Customer ServiceFashionRetail

Responsibilities

Lead privacy governance for Region Americas, ensuring compliance with local laws while aligning with H&M Group’s global data privacy standards in both the Customer and Employees areas

Act as primary regional point of contact for global stakeholders on Data Privacy matters

Stay updated on local regulatory developments and translate the global standards into regional ones when necessary

Advise on and implement changes across business functions and brands in accordance with new privacy legislation and global privacy standards

Create, implement, and uphold Regional Privacy Guidelines based on the global standards and local legislation, applying a risk-based and pragmatic mindset

Oversee key compliance areas such as Privacy Policy/Notice Development, Regulatory Response, Consent Management, Cookie and Tracking Technology Compliance, and Data Subject Rights Management

Collaborate with Group DPO and the global privacy community and oversee outside counsel to interpret the law and assess business application, scope, and risks

Establish regional understanding and commitment to global privacy principles, adapting them to local context

Conduct privacy monitoring and testing across all brands and markets in both the Customer and Employee areas

Drive awareness and training initiatives in line with global programs, ensuring regional relevance

Offer hands-on support and guidance to regional and local stakeholders in each function on new and changing processes, tools, and initiatives that collect or use personal data

Identify Personal Data needs in future business plans and initiatives – take actions to support, guide, and help navigate to do right while reaching business targets

Empower local teams to carry out and monitor ongoing Data Privacy mandates and responsibilities

Oversee regional privacy risk management, including risk identification and assessment process following the global risk framework

Identify potential gaps and be the owner of the risk-based action plan including recurring reviews as well as follow up, decision making, and hands-on support

Create and implement data retention & deletion policies and standard operating procedures

Report status, risks, and plans to regional and global key stakeholders such as the Group Data Protection Officer

Oversee and advice on third party management, ensuring new vendors and/or service providers comply with applicable privacy and employment laws, revise and implement contractual privacy safeguards to align with company and industry data privacy compliance standards

Lead regional data breach strategy and response in cooperation with global Customer Service and Business Tech teams, ensuring compliance with local breach notification laws

Be the “go to” person internally (within H&M Group) for knowledge about regional privacy framework/requirements and for regional/country support

Maintain good relationship with local authorities in each country within Region Americas and manage regulatory interactions in a timely fashion to such authorities’ requests

Qualification

DPO/DPC experienceGDPR knowledgeCIPP/US certificationPrivacy risk assessmentInformation security standardsCuriosityCommunication skillsInterpersonal skillsStrategical thinking

Required

4-5 years of DPO/DPC experience in privacy and security risk assessment and best practice mitigation, including significant hands-on experience in privacy assessments, privacy certifications/seals, and information security standards certifications

Updated knowledge of, and experience with, GDPR and relevant local data protection legislation and legal compliance, as well as employee privacy and employment laws

Strong business acumen with a pragmatic mindset, with ability to lead and execute business goals and initiatives

Ability to prioritize and manage risk – balancing business value versus effort and cost

Excellent cooperation and communication skills with ability to make the complex simple and communicate and engage at all levels, both formal and informal

Strategical, abstract, and conceptual thinking ability with a flexible mindset and the ability to see, formulate, and propose different solutions in an easy-to-understand way

Ability to identify and remediate compliance gaps, and recognize opportunities for new or improved technologies to enable a more effective data governance and compliance program

Curious nature and interest in learning and developing yourself

Great interpersonal skills and ability to work well both independently, as a part of a team, and as a leader. Inclusive, positive, open to feedback, willing to multitask and learn on the job