eDreams ODIGEO is one of the world’s largest online travel companies and one of the largest European e-commerce businesses. Under its four leading online travel agency brands – eDreams, GO Voyages, Opodo, Travellink, and the metasearch engine Liligo – it offers the best deals in regular flights, low-cost airlines, hotels, cruises, car rental, dynamic packages, holiday packages and travel insurance to make travel easier, more accessible, and better value for the more than 18 million customers it serves across 44 markets. eDreams ODIGEO is listed in the Spanish Stock Market.
Our Legal team is looking for a Privacy & Data Protection Counsel who will support both the strategy and the daily operations of the DPO-Data Protection Office. The position will report to the Group Data Protection Officer.
The Privacy & Data Protection Counsel will support the DPO-Data Protection Office to ensure privacy compliance is built into eDreams ODIGEO data-driven products.
The Privacy & Data Protection Counsel will have responsibility for driving privacy tools and technology development, including implementation of new privacy requirements in compliance with global data-related and privacy & data protection laws.
The position requires an excellent understanding of international and European privacy and data protection law, the ability to understand new and complex data-related technologies, and to develop creative solutions to ensure compliance with all privacy and data protection laws globally, whilst having a process-driven attitude and ease to communicate with stakeholders globally both internally and externally.
Main Responsabilities:
- Ensure that eDreams ODIGEO complies with all global, regional and local privacy and data protection related laws, working in our Privacy Compliance Program.
- Help manage the day-to-day operations of the DPO-Data Protection Office, and ensure individuals’ and regulators’ privacy expectations are met and eDreams ODIGEO’s privacy policies and standards are complied with.
- Advise on and identify legal, procurement, business and technical infrastructure requirements and controls to enable privacy compliance (also, as part of the management or development of privacy tools); working with all relevant teams to ensure implementation, timely compliance and usability.
- Provide guidance and thought leadership on the use of emerging/advanced technologies in a privacy-compliant manner including the use of privacy tools and automation (with special focus on eDreams Privacy by Design, among others).
- Manage and have up to date the Article 30 GDPR Records of processing activities, including third-party relationships (including, international data transfers, second-party audits, etc.), and evaluate the associated processing risks.
- Coordinate and enable compliance monitoring activities, including reporting and analytics pertaining to data-related and privacy and data protection laws.
- Engage with the organisation to assist in training employees on privacy and data protection requirements, handle employee privacy-related queries and raise employee awareness about privacy and data protection developments.
Candidate profile:
- 3+ years of relevant experience specialising in privacy and data protection compliance, risk management and program management roles.
- European Law degree required from a major European jurisdiction (preferably, Spain), and membership to a European Bar (if permitted by law); or other relevant degree combined with data protection postgraduate education.
- Full professional proficiency in English and Spanish (at least C1 Common European Framework of Reference for Languages level).
- Knowledge of Privacy Tools.
- Experience working in a global, large-scale, complex, and fast-paced environment and ability to drive forward results.
- Problem solver, able to troubleshoot issues independently or escalate when necessary;
- With a sense of accountability and sound professional judgement.
- Proven analytical capabilities; experience with large amounts of data and in developing audit reports, metrics, and reporting mechanisms.
- Experience defining technical requirements and specifications, writing policy and procedures, and adapting requirements to technical and business needs.
- Excellent written and verbal communication skills.
Additional preferred qualifications (considered as an asset):
- Other postgraduate degree and/or certification in a related area, such as data protection, IT and/or project management (e.g. CIPM, CIPP/E, national DPO certification).
- 1+ year of experience using OneTrust.
- Other major European languages, apart from English and Spanish (e.g. French, German, Italian).
What do we offer?
- We support a phenomenal lifestyle and work-life-balance with our flexible hours and flexible remote work policy.
- A free eDreams Prime subscription to benefit from significant discounts on your travels.
- Competitive compensation package with an attractive bonus structure.
- Excellent environment for continuous growth and learning: with our Learning & Development programs, you will have access to tech talks, internal soft skills and technical skills training, language lessons, external events and industry conferences.
- Free subscription to O’Reilly Online Learning.
- Fast-track career development: with our unique programs, you are always working towards the next step on your career path.
- We also have for you a Ticket Restaurant benefit & unlimited beverages and coffee for free at the office (with many types of milk alternatives) because we like our eDOers happy and healthy.
- A phenomenal lifestyle and work-life-balance.
- New to the city? We also offer great relocation packages.
- Additional prizes and awards for a variety of team and individual achievements.
- Fun at work: at eDreams ODIGEO, work and fun go hand in hand!
… And the opportunity to work on a dynamic, dedicated, fun and passionate team of professionals. We journey together!
Come dream with us and join us now!
We are an equal opportunity employer and value diversity at our company. We do not discriminate on the basis of race, religion, color, national origin, gender, sexual orientation, age, marital status or disability status.