The Global Data Protection team is responsible for designing and maintaining Deliveroo's global data privacy program and compliance framework. We regularly advise on privacy matters, liaise with regulators, provide guidance and training, and develop privacy compliant processes that have a real impact on our customers, riders and employees. This role reports directly to the Global DPO, sits within the Deliveroo Legal team and has a global reach.
We're a bunch of creative privacy geeks who get to work at the forefront of emerging tech, help pave the way for others in privacy, and grow and have fun whilst doing so. No two days are ever the same at Deliveroo and we're looking for a like minded and experienced Deputy DPO who will thrive in our fast-paced environment.
What you'll be doing:
- Deputising for the Global DPO
- Leading on large scale cross functional privacy improvement initiatives
- Drafting and completing DPIAs and PIAs autonomously, and providing pragmatic privacy advice on new and retrospective business projects i.e. AI, automated processing and personalisation
- ersonal data incident management for medium and large scale personal data incidents (leading on the investigation, response to data subjects, notification assessment and remediation advice)
- Supporting the management of Deliveroo's global data privacy program and compliance framework
- Supporting in training and upskilling the Data Protection team
- Supervising the team's accurate and timely processing of individual rights requests such as DSARs and erasures, and approving responses where appropriate
- Supervising the team's timely and appropriate response to contentious individual complaints, and where necessary advising on appropriate investigation, liaison with the business and drafting or reviewing responses
- Drafting internal policies, procedures and guidance materials, training and awareness, and maintaining documents that illustrate data privacy compliance
- Supporting the Global DPO in responding to regulatory enquiries, investigations and dawn raids
- Leading and conducting data protection departmental compliance audits
- Working closely with our Privacy Legal, InfoSec, Employment legal, Commercial and other business teams
- Instructing external counsel, and reviewing and challenging their advice
- Drafting and reviewing privacy notices
The successful applicant will be a self-starter, a strong performer and passionate leader who is focussed on helping to ensure that the team successfully supports the business in its privacy compliance. While responding appropriately to privacy challenges, you must act with integrity and be able to deliver robust and practical advice and exercise sound judgement. We are specifically looking for:
- Strategic and "big-picture" thinking, an ability to propose creative solutions to emerging challenges
- Expert knowledge of the DPA, GDPR, PECR and future legislation around data privacy, security and protection, best practise and relevant case law relevant to a commercial, tech organisation
- Effective communicator upwards and downwards; can align multiple teams across common goals
- Line management experience and experience in coaching team members
- Demonstrable experience and confidence in providing sound "on the spot" pragmatic privacy advice, strong practical application of expert knowledge
- Excellent written and verbal communication skills in English and strong interpersonal skills
- Ability to work flexibly to accommodate other time zones when necessary
- Team-focused with a passion for learning, excellence, and continuous improvement
- Highly organised and able to manage a broad range of responsibilities in a fast paced environment
- Successful negotiation/liaison with privacy regulators
- Prior experience presenting to and writing reports for executives/ the Board
- Prior experience as a Deputy DPO or DPO
- Minimum 6 years previous experience interpreting and applying data protection laws, including the EU's General Data Protection Regulation (GDPR)
- Bachelor's degree or equivalent from an accredited university, preferably in a legal or technical topic
- Previous experience evaluating and assessing privacy risks relating to consumer facing businesses / tech platforms
- Liaising with privacy regulators
- (Strongly preferred) International Association Privacy Professionals (IAPP), Certified CIPM, CIPPE, CIPT
- (Strongly preferred) Previous experience advising on global privacy compliance
- (Desirable) Experience with OneTrust
Our mission is to be the definitive food company. We are transforming the way the world eats by making food more convenient and accessible. We give people the opportunity to eat what they want, when and where they want it.
We are a technology-driven company at the forefront of the most rapidly expanding industry in the world. We are a large and experienced team, making a very large impact, seeking to answer some of the most interesting questions out there. We move fast, value autonomy and ownership, and we are always looking for new ideas.
Workplace & Diversity
At Deliveroo we know that people are the heart of the business and we prioritise their welfare. We offer a wide range of competitive benefits in areas including health, family, finance, community, convenience, growth, time away and relocation.
We believe a great workplace is one that represents the world we live in and how beautifully diverse it can be. That means we have no judgement when it comes to any one of the things that make you who you are - your gender, race, sexuality, religion or a secret aversion to coriander. All you need is a passion for (most) food and a desire to be part of one of the fastest growing startups in an incredibly exciting space.
Something looks off?