Director, Data Protection Officer in Weybridge, Surrey at Royal Caribbean Group

Date Posted: 3/4/2021

Job Snapshot

Job Description

Journey with us! Combine your career goals and sense of adventure by joining our exciting team of employees. Royal Caribbean Cruises Ltd. is pleased to offer a competitive compensation & benefits package, and excellent career development opportunities, each offering unique ways to explore the world.

Position Summary:
This position will serve as the subject matter expert for data privacy laws and regulations for the company, providing guidance and direction to our global business. Working closely with the Legal/Compliance leadership team and the business, the DPO will have those responsibilities described in Article 39 of the EU’s General Data Protection Regulation (“GDPR”) and will play a critical role in continuing to build, develop and deliver Royal Caribbean’s global data privacy program to ensure compliance with applicable data privacy laws and regulations, including the GDPR.

Essential Duties and Responsibilities:

  • Keep abreast of legal and regulatory changes in data privacy laws and regulations, assess their impact on the business, and manage the implementation of any business changes/practices.
  • Draft and update data privacy policies, procedures, processes and controls in line with applicable data privacy laws and regulations, including the GDPR
  • Provide guidance and direction in relation to data processing, privacy issues, data subject access requests, and breach management and response
  • Work cross-functionally to resolve individual privacy compliance issues/questions and investigations, assessing causes, developing corrective actions, and ensuring consistent application of corrective actions
  • Advise on the data privacy impact assessment process and perform as necessary
  • Liaise with IT and Information Security departments on security assessments which impact personal data
  • Work closely with Supply Chain and Information Security departments to conduct and/or review data privacy impact assessments and privacy aspects of supplier contracts and third-party agreements.
  • Serve as an advisor in the context of selection of new technologies and IT’s roadmap including drafting, negotiating and reviewing data processing agreements with suppliers
  • Maintenance of up-to-date records of processing activities
  • Interact with business to advise upon and record new or changed processing activities
  • Perform scheduled and ad-hoc reviews of data processing activities
  • Develop and deliver privacy compliance training and awareness activities
  • Serve as the point of contact and coordinate with business to respond to data subject requests
  • Establish safeguards to apply to mitigate risks to the rights and interests of data subjects
  • Report on a timely basis, and in adequate format, of significant compliance issues and relevant updates, to the Legal/Compliance leadership
  • Coordinate with IT and Information Security on review of potential data breaches
  • Manage the analysis and possible notification of data breaches, and registrations (including filings where necessary) with the relevant data protection authorities
  • Act as the point of contact for data privacy supervisory authorities and oversee implementation of data privacy processes and procedures applicable to individuals whose data is processed (employees, customers, etc.)



Job Requirements

Qualifications, Knowledge, and Skills:

  • Legal degree required
  • Seven (7) years’ experience at a large law firm, corporate legal department or equivalent compliance function, with significant experience in privacy matters
  • Expert knowledge of key aspects of privacy laws in the EU and other countries. Especially an expertise in national and European data protection laws and practices and an in-depth understanding of the GDPR
  • The ability to fulfil the tasks required of a DPO under Article 39 GDPR
  • Experience advising clients on the privacy implications of social media, cloud-based services, and global marketing campaigns that leverage mobile platforms
  • Fluency in information technologies and an understanding of data security
  • Ability to promote a data protection culture within the organization
  • Highly effective written, oral and interpersonal communication skills to address a wide variety of sophisticated audiences
  • Must be able to clearly communicate with data subjects and cooperate with the supervisory authorities
  • Experience interacting directly with law enforcement personnel or privacy and data protection authorities and regulators
  • Ability to understand RCL’s mission and core operations
  • Able to react quickly and confidently to advise on and manage a data breach incident and subject access requests
  • Preferred: Certification or membership in data privacy associations

It is the policy of the Company to ensure equal employment and promotion opportunity to qualified candidates without discrimination or harassment on the basis of race, color, religion, sex, age, national origin, disability, sexual orientation, sexuality, gender identity or expression, marital status, or any other characteristic protected by law. RCL and each of its subsidiaries prohibit and will not tolerate discrimination or harassment.

Stay Connected!

If you’re interested in career opportunities, but not ready to apply, join our Talent Network to stay connected to us and receive updates on the latest job opportunities and company news.