IndiGo - Data Privacy Professional - Legal Counsel (4-7 yrs)

We are seeking a highly motivated and detail-oriented Data Privacy Professional to join our team. The ideal candidate will have 4-5 years of experience in reviewing Data Processing Agreements (DPAs), Standard Contractual Clauses (SCCs) for the EU and UK, and hands-on experience with the implementation of the General Data Protection Regulation (GDPR), Iso 27701, DPDPA, CCPA. The candidate should possess a legal academic qualification combined with a strong understanding of technical and security controls, ensuring a balanced approach to legal compliance and data protection practices.

Key Responsibilities:

1. Contractual Review and Negotiation:

- Review and negotiate Data Processing Agreements (DPAs), EU Standard Contractual Clauses (SCCs), and UK SCCs to ensure compliance with data protection laws and organizational standards.

- Collaborate with internal stakeholders to address contract-related data privacy risks and concerns.

2. GDPR Implementation :

- Lead or support the implementation of GDPR-compliant processes and frameworks across the organization.

- Conduct gap analyses and recommend necessary actions for alignment with GDPR and other applicable data protection regulations.

3. Legal Advisory :

- Provide expert advice on privacy-related legal matters, including cross-border data transfers and regulatory requirements.

- Monitor and interpret changes in global data protection laws and their potential impact on the business.

4. Technical and Security Controls :

- Work closely with IT and security teams to ensure appropriate technical and organizational measures are in place to protect personal data.

- Provide recommendations on privacy-enhancing technologies and secure data handling practices.

5. Training and Awareness :

- Conduct training sessions for employees and stakeholders on data protection principles, regulatory updates, and best practices.

- Promote a culture of privacy within the organization.

6. Privacy Impact Assessments:

- Perform Data Protection Impact Assessments (DPIAs) for new projects, systems, and processes involving personal data.

- Identify and mitigate risks associated with data processing activities.

Qualifications and Skills:

- Bachelor's or Master's degree in Law or a related field (legal academic qualification required).

- 4-5 years of professional experience in data privacy, with a focus on reviewing and negotiating DPAs, EU SCCs, and UK SCCs and other global related laws and regulation which has a bearing on Privacy.

- Strong knowledge of GDPR and its practical implementation in an organizational context.

- Solid understanding of technical and security controls related to data protection.

- Certifications such as CIPP/E, CIPM, or CIPT are mandatory.

- Excellent communication, analytical, and problem-solving skills.

- Ability to work collaboratively across departments and with external partners.

Preferred Attributes:

- Experience with privacy management tools and technologies (e.g., OneTrust, TrustArc).

- Familiarity with other global data protection laws, such as the PDPA or PIPL.

- Proactive, detail-oriented, and capable of handling multiple projects simultaneously.