The key purpose of the role is to be accountable and responsible for ASOS’s data privacy and data protection needs on a global basis. This will require the provision of data protection and privacy subject matter expertise and advice to the ASOS business across all of its territories, as well as acting as the designated DPO for the purposes of the EU and UK privacy legislation. This is a highly visible and senior role, which is critical to ensuring that the Data Privacy team effectively manages the data protection and privacy risks impacting the ASOS business across the globe.
You’ll need to be technically excellent, hands on and commercially minded, with a strong professional ethic and the energy, interest and training to pursue a huge array of matters. You will also need the ability to juggle a multitude of complex data issues and quickly distil these into language that the business understands. To win our Tech and Data Teams over, you’ll need to speak their language and move as quickly as them – ditto for our Commercial, Procurement, Supply Chain, Marketing and People Teams.
In addition to your role as Head of Privacy and as Data Protection Officer (DPO), you’ll also be responsible for leading ASOS’s Compliance functions (for both ASOS.com and ASOS Payments Limited).
The Details
Privacy and Data Protection
- Responsible for ensuring ASOS is meeting data privacy requirements globally, including acting as the Data Protection Officer (DPO) for UK and EU markets.
- Providing expert advice on a wide range of data privacy matters on a global basis, which includes providing general advice on current data privacy legislation, but also horizon scanning for legislative or regulatory changes, and providing subsequent advice in a timely and efficient manner to enable full business readiness.
- Provide strategic and commercially focussed advice to the ASOS business in relation to business initiatives.
- Assist the ASOS business in effectively managing its privacy risk profile, keeping in mind the business’s strategic current and longer-term goals.
- To design and develop a programme of work in order to demonstrate compliance with global privacy standards and ensure the optimum customer experience.
- Lead the data privacy response to data breaches / critical incidents which will involve working closely with the wider business including data security, risk & insurance, and public affairs & comms, as well as informing and providing updates to the executive management team as required.
- Drive and co-ordinate development of data privacy standards, governance, training and policies.
- To advise on specialist privacy areas, including data retention, data transfer, data exploitation and analytics, training and awareness, building knowledge and capability.
- Act as the liaison point for privacy matters to ASOS customers. ASOS employees and DPA supervisory authorities/regulators.
- Manage litigation or arbitration relating to privacy and/or compliance matters.
- Manage data subject rights and requests for information.
- Manage internal and external privacy compliance audits as required.
- Drafting and advising on technical privacy and security aspects in contracts.
- Advise and support remediation and notification of personal data incidents.
- Define policies and procedures in relation to personal data handling, including data subject access requests and other requests for information.
- Maintain the data privacy impact assessment framework and facilitate an assessment to advise on privacy risks and suggested mitigations.
- Act as the escalation point for enhanced privacy complaints and enquiries.
- Advise on marketing and third-party initiatives including, but not limited to, consent requirements. In order to do so, you’ll need to be at the forefront of understanding new and upcoming marketing technologies and initiatives.
- Review and update fair processing information and privacy notices.
- Provide technical advice around data minimisation techniques including anonymisation, pseudonymisation and hashing.
- Strategically prioritising the team’s resourcing and capacity to meet the most pressing challenges, and effectively communicating priorities and rationale to relevant stakeholders.
- Producing regular reporting on privacy and data protection compliance and ethics to the Management Committee and Board.
- Leading the development of ASOS’ AI Governance Framework. Coordinating with cross-functional teams to develop a fit-for-purpose framework to guide and govern the business’ current and future use of AI.
Compliance
The Compliance team is responsible for ensuring that ASOS operates in accordance with applicable laws, regulations, industry standards, and internal policies and procedures. Alongside the Compliance teams, you’ll advise senior management on compliance laws, rules and standards, provide support to educate ASOSers on compliance matters, identify, document and assess compliance risks associated with ASOS’s activities, monitor, test and report on compliance, and build and operate the compliance programme. You’ll do all of this by:
- Leading and developing ASOS’s Compliance functions for both ASOS.com and ASOS Payments Limited.
- Defining and delivering ASOS’ global compliance framework, aiming to make compliance simple for ASOSers.
- Reviewing ASOS’ compliance requirements and identifying any gaps and/or improvement areas.
- Reporting on compliance internally and externally, for example to ASOS’ Audit Committee and Governance Working Group.
- Developing and refining policies in connection to existing and upcoming relevant regulatory compliance regulations
- Horizon scanning to ensure the business is prepared for future regulatory changes
- Implementing appropriate training and communication programmes to help embed the Compliance Framework within the business and ensure consistent understanding of key compliance policies and procedures.
- Working cross functionally with key stakeholders across People Experience (PX), Legal, and Co-Sec to manage a robust ethics programme on a range of areas including, but not limited to financial crime, anti-bribery and corruption (ABC), sanctions, gifts and hospitality, anti-money laundering, Code of Conduct and Code of Integrity, Declaration of Interest, and Whistleblowing.
- Working cross functionally to design and embed a policy update process and policy management framework.
- Working with the General Counsel and Company Secretary to build the profile of Compliance within the business.
- Building collaborative relationships to drive the compliance agenda and business maturity forwards. Ensuring that Compliance works with the business in a way that works for the business as well as protects the business.
- Acting as an independent advisor and business partner - a critical friend to help the business achieve its vision and objectives.
- Working with emerging second line functions to present an aligned approach to compliance, finding efficiencies from working together where possible.
- Responsible for following up on agreed actions and driving through change.
Supporting our culture by driving Diversity, Equity & Inclusion strategies.
- Data Privacy Professional certification (ISEB/IAPP)
- Legal qualification/background and/or CIMA/ACA/ACCA qualified would be useful (Desirable)
- Project management qualifications (Prince 2/Agile) (Desirable)
- Technical security qualification such as CISSP/CISSM (Desirable)
About You
- In-depth and extensive specialist knowledge of data protection laws and issues and leading in-house data privacy team.
- Excellent stakeholder management and communication skills with the flexibility and agility to work within a fast paced, ever changing business and risk landscape.
- Experience of developing, leading and embedding a data privacy programme that ensures early and full business awareness and ownership of privacy risks.
- Comfortable in an environment with a very broad range of specialisms and responsibilities. Strong cross functional leadership and influencing skills. Experience of influencing across business areas and working with advisers and key external stakeholders as appropriate. A thought leader with respect to privacy, data protection, risk management, governance, compliance and internal control best practice.
- Ability to translate technical and legal concepts to commercially focussed advice, which is readily digestible by the business.
- Expert knowledge of data protection law and practices, including:
- Technical and organisational measures and procedures;
- Mastery of technical requirements for privacy by design, by default and data security;
- Industry specific knowledge in accordance with the sensitivity of the personal data processed;
- The ability to carry out inspections, consultation, documentation and log file analysis; and
- The ability to work effectively with employees’ representatives
- Experience working in a listed company and/or exposure to e-commerce is preferable, as is experience with working in a business where the commercialisation of data had been part of the broader business strategy.
- A strong, diverse compliance technical background.
- Experience in conducting ad-hoc investigations as required.
- Someone who wants to make a difference and is excited by opportunity to grow and build.
BeneFITS’
- Employee discount (hello ASOS discount!)
- ASOS Develops (personal development opportunities across the business)
- Employee sample sales
- Access to a huge range of LinkedIn learning materials
- 25 days paid annual leave + an extra celebration day for a special moment
- Discretionary bonus scheme
- Private medical care scheme
- Flexible benefits allowance - which you can choose to take as extra cash, or use towards other benefits
Why take our word for it? Search #InsideASOS on our socials to see what life at ASOS is like.