Data Protection & Privacy Lawyer EMEA
American Express is a global service company, providing customers with exceptional access to products and experiences that enrich lives and build business success.
Each day, we make it easier, safer and more rewarding for consumers and businesses to purchase the things they need and for merchants to sell their goods and services, enabling them to do and achieve more.
We’re committed to becoming the world’s most respected service brand and daily deliver extraordinary service to our customers, constantly reinventing our ways of working to ensure we offer rich rewards that redefine expectations for our clients and ourselves.
Right now we have an exciting opportunity for a lawyer who will lead responsibility for EMEA Data Protection within the Global Privacy Legal team, based in London. More specifically you will be responsible for helping to support, initiate and drive efforts to provide best-in-class data protection-focused legal advice across the American Express (AXP) enterprise to ensure compliance with applicable EU, Middle East and Africa data protection laws, rules and regulations.
In this integral role you will report to the Chief Privacy Counsel within the General Counsel’s Organisation (GCO) here at American Express. We will look to you to interface with GCO colleagues internationally on in-country and cross-border privacy and data protection-related legal issues, as well as working collaboratively and supporting internal business clients in the AXP Privacy Office, Compliance and Operational Risk Management organizations and outside counsel.
Further responsibilities to include:
- Providing legal advice to AXP companies and affiliates in the UK and throughout the EU on the full range data protection issues as well as privacy / information security issues, including Binding Corporate Rules, EU/US Privacy Shield and Online Behavioral Advertising
- Providing legal advice and support regarding privacy and data protection-related laws, rules and regulations applicable to AXP’s businesses to ensure that AXP’s practices around personal information of customers, prospective customers, employees and partners comply with applicable laws, rules and regulations, company practices and standards, as well as leading industry practices
- Serving as data protection legal “subject matter expert” resource to colleagues in the GCO, AXP Privacy Office, Compliance and the businesses
- Working with the AXP Privacy Office, Compliance, Technology, GCO, and other stakeholders to build-out the existing privacy program in preparation for the new EU General Data Protection Regulation
- Advising on issues around collecting, sharing and accessing personal information, marketing to customers and providing and honoring opt-out choices, as well as concerning online privacy policies and practices
- Providing legal advise on data incidents as well as internal investigations and making determinations as to whether any notification is required to DPAs
- Providing privacy-related legal advice concerning business transactions, including reviewing contracts with 3rd party vendors and business partners, performing privacy-related legal due diligence and drafting and negotiating applicable privacy-related provisions
- Providing privacy-related legal advice regarding online and social media activities and the development and implementation of mobile applications
- Review and negotiate data protection and information security terms in vendor agreements, confidentiality agreements, etc
- Monitoring and providing legal advice concerning legislative and regulatory developments in the areas of data protection and information security
- Supporting the global privacy legal team in designing and delivering continuing legal education programs on privacy-related issues
- Participating in and advising on various strategic initiatives related to cutting-edge privacy and data use issues.
- Offer of employment with American Express is conditioned upon the successful completion of a background verification check, subject to applicable laws and regulations.
- Relevant privacy experience in a law firm and/or in-house corporate legal environment (in-house experience strongly preferred)
- Law degree (UK or EU) and bar admission
- Corporate transactional background with experience negotiating and drafting a variety of complex commercial agreements
- Strong knowledge of data protection and info security laws, rules and regulations, including EU Directive and national implementation laws, EU GDPR, Cookies Directive, EU Cybersecurity Strategy, EBA security guidelines, as well as industry leading-practices and standards
- CIPP/EU (Certified Information Privacy Professional) accreditation a plus
- Practical experience in dealing with business-level implications related to financial privacy and data protection laws and regulations (e.g., notices, telemarketing and email opt out processes, vendor due diligence and oversight, etc.)
- Broad familiarity/experience in general consumer banking/financial service legal and regulatory matters
- General knowledge of consumer protection laws and regulations
- Experience addressing privacy issues around social media, mobile applications and online privacy strongly preferred
- Strong and effective communications and client relationship/management skills
- Experience managing outside counsel and junior lawyers and comfort in working as part of virtual teams
- Strong interpersonal skills and teamwork and ability to influence through collaboration
- Demonstrated experience influencing without direct authority
- Self-motivated, with the ability to resolve novel, complex issues with a resourceful, “can-do” attitude
- Ability to handle multiple tasks (including those out of one’s comfort zone) and prioritize work in a deadline-intensive environment
- Ability to understand details of business/operational/technology environment in applying legal and policy requirements
- Willingness and flexibility to take on new responsibilities and challenges as American Express and its businesses continue to evolve.
- Fluency in a European Language preferred but not essential
- Why American Express?