Data Privacy Analyst

Keen to become part of a truly global, collaborative team of professionals? Your journey begins here.

Job Title

Data Privacy Analyst

Department

Global Privacy Office

Office Location

London

Reports To

UK Data Protection Officer

Working Hours

35 hours per week, 9:30am to 5:30pm but additional hours may be required. We are happy to consider agile and flexible working patterns. Our approach to hybrid working allows for up to 40% of time working from home and 60% working in the office, please contact a member of the recruitment team to discuss further.

Firm Description

Hogan Lovells is one of the leading global law firms. Our distinctive market position is founded on our exceptional breadth of our practice, on deep industry knowledge, and on our 'one team' global approach. Formed through the combination of two top international law firms, Hogan Lovells has over 40 offices in the Americas, Asia-Pacific, Europe, the Middle East and Africa. 

With a presence in the world's major financial and commercial markets, we are well placed to provide excellent business-oriented advice to our clients locally and internationally. Our people are the key to our success, which is why we seek to recruit and retain the most talented individuals in all regions of our global practice.

Department Description

The General Counsels’ office is legal counsel to the firm. We are involved with all legal matters relating to conflicts, ethics, engagement terms and business intake; compliance with law and legal requirements in all of our jurisdictions; interactions with regulators; general firm policies; risk management and matters affecting the reputation of the firm; and legal issues in the business of the firm such as contracts and agreements.

Role Overview

We are seeking a meticulous and experienced Data Protection Analyst to join our dynamic team. In this pivotal role, you will be responsible for evaluating and ensuring our organization’s privacy practices comply with regulatory requirements and industry standards, including, but limited to, the EU General Data Protection Regulation (GDPR), the EU AI Act, the California Consumer Privacy Rights Act (CCPA), and the Health Insurance Portability and Accountability Act (HIPAA).

As a Data Protection Analyst, you will support our clients and partners in responding to various data protection queries, support the completion of data privacy audits, and work with our business teams to ensure operational business processes are compliant with data protection laws and regulations. In addition, you will support our third-party risk management program. 

Reporting to the UK Data Protection Officer, you will be a key member of the Global Privacy Office, tasked with continuously enhancing the firm’s global, data protection posture.

Key Responsibilities/ Accountabilities

• Conduct comprehensive reviews of data protection policies, procedures, and processes, and advise on improvements.

• Identify potential vulnerabilities and risks in data handling practices.

• Conduct data protection impact assessments for high-risk processing activities and monitor their remediation actions.

• Maintain and update the firm’s records of processing activities and related documentation.

• Assist with client audits and third-party vendor risk reviews, from a privacy perspective.

• Provide guidance and training to staff on data protection best practices and compliance requirements.

• Collaborate with stakeholders to implement correct actions and enhance data protection across the firm.

• Support the completion of third-party audits, such as TISAX and HIPAA.

Specific duties or responsibilities may be reviewed from time to time to reflect changes in personnel and management structure, staff location or services.

All members of the firm participate in our Responsible Business program.

Person Specification

Qualifications and Training

• Preferences provided to individuals holding IAPP certifications (e.g.; CIPP-E, CIPP-US, AI-G, or CIPT).

• Bachelor’s degree in legal studies, Computer Science, Information Technology, Executive Education, Corporate Communications, or related field.

General Attributes

• Extremely organized and detail orientated.

• Excellent interpersonal skills, with the ability to build strong relationships with peers and executives.

Skills and Experience

• Experience in consulting and risk management preferred.

• At least three years’ experience in data privacy, data risk, data management, and data protection fields

• Proven experience in data protection fields, with a strong understating of data protection laws and regulations, including the General Data Protection Regulations (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and the California Consumer Privacy Rights Act (CCPA).

• Previous work experience at law firms, banks, insurance companies, or accounting firms is desirable.

• Experience with requirements gathering, analysis, and recommendations development.

• Experience in reviewing policies and technical requirements from the user perspective, providing a pragmatic approach to improving privacy by design requirements.

• Familiarity with industry standards and frameworks related to data protection and privacy, including those that address AI-specific considerations (e.g., NIST, ISO, Fed Ramp).

• Experience in effectively communicating with both technical and non-technical roles.

• Demonstrated project management planning and skills; ability to break down complex problems into manageable goals.

• Outstanding oral and written communication skills

• Experience with One Trust is preferred.

Agile Working Statement

Our goal is to embed flexibility across our business by giving everyone the opportunity to work in an agile way, whether as a regular pattern or on an ad hoc basis, and we will be happy to discuss this further.

Equal Opportunities Statement

It is the policy of Hogan Lovells to provide equal opportunities for all employees in relation to recruitment, training and promotion. Decisions in these areas will be made only by reference to the requirements of the job and shall not be influenced by any consideration of racial or ethnic origin, religion, sex , gender and gender identity, age, sexual orientation, marital and civil partnership status, pregnancy or disability.

#LI-WSI