• Privacy/Data Protection Officer*

    Job Location UK-Nottingham | UK-Cambridgeshire-Peterborough | DE-BY-Estenfeld
    Full time/Regular
    Regular Full-Time
  • Overview

    The Privacy and Compliance Officer is responsible for the development, implementation, and enforcement of policies, procedures, and practices necessary to ensure that ERT products/services comply with all applicable US, EU and regional privacy laws and regulations and conforms to industry best practices for clinical trial, health care and employee privacy and security. Applicable requirements include but are not limited to EU GDPR – General Data Protection Regulation, HIPAA Privacy and Security Rules, relevant provisions in the HITECH Act. The Privacy and Compliance Officer will be the designated point of contact who receives privacy and security-related inquiries, complaints, if any, associated with ERT service activities and who is able to provide guidance related to privacy, compliance and security-related matters


    • Serves as the Privacy and Compliance liaison with local Data Protection Authorities (DPA)
    • Works with ERT legal counsel and Sr. Management, key departments, and committees to ensure ERT has and maintains appropriate privacy and confidentiality consent, authorization forms, and information notices and materials reflecting current organization and legal practices and requirements.
    • Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities. Translates and develops employee training programs statutory and policy obligations into implementable privacy and security requirements.
    • Serves as information privacy consultant to the organization for all departments and appropriate entities.
    • Produces privacy and compliance documentation, including Privacy Risk Assessments, risk analyses, incident reports, and related artifacts.
    • Performs ongoing compliance monitoring activities in coordination with ERT’s other compliance and operational assessment functions.
    • Responsible for specifying and documenting privacy and security regulations and associated compliance requirements, performing privacy impact assessments, documenting administrative, physical, and technical security requirements and working with project management and operational team members to ensure that all privacy and security requirements are adequately addressed. 
    • Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the practice/organization’s privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel.
    • Works with the designated ERT Security Officer to produce security documentation, including a security management plan, contingency plan, and incident response plan
    • Works closely with project, product, platform team members to make sure that applicable privacy and security requirements are incorporated in standard operating procedures and other controls implemented for a project, product or platform.
    • Participates in business, technical, and security reviews of the operational environment and technical solution to explain privacy controls
    • Participates in the development, implementation, and ongoing compliance monitoring of all business associate agreements to ensure that all privacy concerns, requirements and responsibilities are addressed.
    • Manage, direct, deliver, or ensure delivery of privacy training and orientation to all employees, volunteers, medical and professional staff and applicable business associates.


    • Minimum 5-7 years relevant experience
    • Bachelor’s Degree or equivalent experience
    • Strong knowledge of EU General Data Protection Regulation (GDPR) on the protection of individuals with regard to the processing of personal data and on the free movement of such data; EU Model Clauses
    • Strong knowledge of HIPAA and other privacy and security laws, regulations, and corresponding practices
    • General knowledge of global compliance requirements related to global geographic area – US, EU, APAC, etc.
    • Formal education or professional experience in law, privacy, public policy, or health care; Pharmaceutical/Clinical Trial experience preferred.
    • Experience working in environments that process personally identifiable information (PII) or protected health information (PHI)
    • Experience establishing and maintaining privacy and security compliance in a health-related setting
    • Excellent organizational, interpersonal, verbal, and written communication skills


    Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
    Share on your newsfeed