In this role, you will actively create and contribute to Leyden Labs` global privacy program and initiatives, as well as assist the organization as legal counsel in reviewing agreements and providing legal advice. Depending on the complexity of the situation and the client`s needs, it may be necessary to call on functional specialists to support us as external data protection officers. For example, the GDPR requires companies to have documented instructions between data controllers and data processors, the latter typically being an outsourced service provider. In this situation, the DPO may advise on how to draft these instructions, taking into account the operational context, procedures and procedures. However, where complex legal relationships exist behind the scenes, our team`s lawyer can help balance data protection needs with the overall business relationship. Home / EU-GDPR / Data Protection Officer as Legal Advisor Operative is a trusted partner of more than 300 leading global media companies in 25 countries, managing more than $40 billion in advertising revenue annually through our platforms, with an exciting opportunity for a candidate with a passion for technology, Negotiation and legal compliance for a hybrid role of legal advisor and DPO: Some law firms, which wish to extend their billable hours beyond their core competencies, are trying to position themselves as a data protection officer for companies. If you`ve ever used the services of a lawyer, you know that the legal industry has specializations. The vast majority of law firms will therefore not be really familiar with data protection law and its application. A legal adviser within a company could only provide such a service if he was able to remain independent of the interests of the controller, also taking into account the interests of the data subjects and, in case of control, to speak to the data protection authorities. For in-house counsel who are used to it, it is not so easy to consider the interests of the company first. The GDPR prohibits anyone performing the functions and duties of a DPO from having conflicts of interest. In large organizations, the role of DPO is usually in the governance, risk and compliance (GRC) role, rather than in the legal department.

Indeed, lawyers have a duty to put the interests of their employer or client above the interests of the persons concerned. On the other hand, the DPO is obliged to put the interests of the persons concerned first. Therefore, any lawyer assigned to a DPO has a fundamental conflict of interest when assuming the role of DPO, which is illegal under the GDPR. I continue to review job postings for DPOs here in the EU and am regularly frustrated by some organisations` understanding of DPO requirements under the GDPR. The most common mistakes are finding DPOs with too little experience (a few years are a common requirement), insufficient extensive work experience (focusing on only one of the many necessary disciplines) and lack of independence, with DPOs reporting to IT, legal or compliance organisations rather than the board as required by the GDPR. In addition to providing general legal advice, this role will help develop and strengthen Leyden Labs` privacy and data management and provide support in the processing and protection of personal data. This is an exciting new opportunity for an experienced and dedicated Legal Advisor/DPO with previous experience in pharmaceutical, biotechnology, medical device or clinical research. For someone who prides himself on providing top-notch legal advice.

We offer you the opportunities and support you need for your professional development. So what do lawyers say? Well, as law firm and parliamentary agent Sharpe Pritchard says, when looking for a DPO, of course, the GDPR does not prohibit it, and if an in-house legal advisor is appointed DPO, the controller must be accountable for the independence required by the DPO role (in terms of powers, resources, time allocated to perform tasks). Of course, the legal advisor must be a data protection expert who has in-depth knowledge of the GDPR and the interpretation of the data protection authorities as well as the company`s data processing. Germany has long required companies to have a DPO, and we can draw on their experience in this area. The Bavarian Data Protection Authority considers that “members of the legal department may, in certain cases, have a conflict of interest that prevents these persons from acting as DPOs”. This is supported by law firm Baker McKenzie, which states that “while legal counsel may represent the company in legal proceedings (particularly with respect to lawsuits against employees or clients that involve many aspects of privacy), legal counsel is subject to a conflict of interest and is therefore not independent.” The content is provided for educational and informational purposes only and is not intended and should not be construed as legal advice. This can be considered “attorney advertising,” which requires notice in some jurisdictions. The previous results do not guarantee similar results. For more information, see: www.bakermckenzie.com/en/client-resource-disclaimer. A DPO must know not only what the law says, but also what it means and how it is applied to the company in question and its activities. I do not believe that only a lawyer can have these knowledge and skills, and I firmly believe that it is not necessary to be a lawyer to understand a piece of legislation.