Support legal and business teams on privacy, data protection and spam marketing related matters.
Work with product, technology and data services teams – including security, data governance and product compliance/regulatory – on existing and new data use cases and product features to ensure compliance with Xero’s approach to responsible data use, including working through data protection impact assessments (DPIAs) where appropriate.
Take ownership over privacy and data protection projects and drive cross-functional engagement.
Support data incident management.
With the Global Privacy Counsel, take ownership of Xero’s response to enquiries from data protection regulators.
Work closely with Customer Experience to ensure compliance with data subjects rights obligations.
Help evaluate the impact of evolving legislative and regulatory environments for data protection on Xero’s various business units.
Collaborate with key internal stakeholders to champion data protection and compliance across the business while continuing to enable commercial opportunities in a fast-paced environment, including through the development and delivery of training and the promotion of awareness.
Work with the compliance team and business leaders to support implementation of compliance procedures that will ensure Xero continues to optimise data sets for enhanced customer benefit
Review and advise on data processing addenda and data protection/privacy related clauses in intra-group agreements and contracts with third parties.
Coach and mentor junior members of the legal team.
Support data protection related matters as part of M&A activity.
Contribute to internal data protection policy and process development (including training)Liaise with and manage Xero’s external legal advisors as required
Strong drafting, analytical, and interpretation skills.
Strong commercial acumen and a pragmatic approach.
Practical and proactive problem solving skills.
Excellent written and verbal communication skills.
High level of attention to detail.
Ability to work autonomously.
Ability to take a proactive and creative approach to solving legal issues.
Collaborative, growth and innovation mindset.
Ability to convey complex legal matters in a digestible, plain-english format
6+ years post-qualification legal, privacy and data protection experience (in-house legal experience desirable).
Detailed knowledge and experience of privacy laws and data protection frameworks, including the existing EU General Data Protection Regulation
Law degree (strong academic results)
Current practising certificate.
Experience providing advice to companies in the technology sector preferred.
Experience with fintech or financial services a plus