Job Description

Are You Ready to Make It Happen at Mondelēz International?Join our Mission to Lead the Future of Snacking. Make It Uniquely Yours.

This position requires recurring presence at our Bremen office.

The key purpose of the role of legal counsel and German Data Protection Officer (“DPO”) is to provide legal counseling and advice on data privacy, data privacy aspects of cybersecurity, and data protection laws covering Germany, and the broader European Union. The legal counsel/DPO has the position of a DPO as defined in Art. 38 et seqq. GDPR and will monitor local compliance and data practices internally to ensure the business and its functions comply with the applicable privacy requirements in Germany and work on broader EU data privacy, cybersecurity, and data protection matters. The legal counsel/DPO acts will be responsible for and or assist with EU data protection impact and transfer assessments, government privacy filings, data privacy aspects of cybersecurity regulations and notification requirements, internal audits, and any other requirements mandated by local privacy law. The legal counsel/DPO will also serve as the primary contact for the local German Data Privacy Supervisory Authority and individuals whose data is processed by the local entity.

Essential Duties and Responsibilities

Reporting to the Chief Counsel, Global Compliance and Chief Privacy Counsel, you will work closely with the Compliance, Legal, People Team, and Mondelez Digital Services (“MDS”) functions to develop and monitor policies and standards applicable to the business and in compliance with the local regulation. Duties will include:

• Implementing measures and a privacy governance framework to manage and protect personal information in compliance with local regulations, including developing templates for data collection, assisting with data mapping, and conducting vendor management reviews, as well as the implementation of data privacy audits.

• Working with key internal stakeholders to review projects and related data to ensure compliance with applicable data privacy and cybersecurity laws, and where necessary, complete and advise on privacy impact and cross-border data transfer assessments.

• Serving as the primary point of contact, responsible person, and liaison for the German Supervisory Authority on all data protection-related matters that are required under the local data protection laws of that country, including being responsible for managing and coordinating regulatory filings, data incident responses, complaints, data subject access requests, privacy compliance reviews and cooperate with local data protection authority on issues relating to processing.

• Serving as the primary point of contact for privacy queries in the local business unit, inform and advise the Chief Counsel as well as employees of their obligations under data protection law, and working alongside local legal counsel on the execution and drafting of any required documentation.

• Review contracts and consents to implement projects in partnership with Procurement, local Legal, Marketing and MDS and ensure filing requirements with local regulators are achieved.

• Monitoring changes to EU local privacy, cybersecurity, and data protection laws and making recommendations to the Chief Counsel, Global Compliance & Chief Privacy Counsel, and the Global Data Privacy Community of Practice legal group.

• Working with the Chief Counsel, Global Compliance & Chief Privacy Counsel, and BU Counsel to understand localization requirements, set local standards, review local policies and procedures, and meet local regulatory requirements.

• Developing and delivering privacy training to various local business functions.

• Developing strategies and initiatives to ensure engagement with key internal and external stakeholders.

• Collaborating with the MDS to raise employee awareness of data privacy and cybersecurity security issues and providing training on the subject matter.

• Collaborating with MDS to maintain records of all data assets, maintain a data security incident management plan to ensure timely remediation of incidents, including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests.

• Comprehensively coordinate and implement personal information security within the local EU business units and take direct responsibility for personal information security.

• Establish, maintain and update the list of personal data and information held by the local organization (including the type, quantity, source and recipient of personal information, etc.) and authorized access strategies.

• Provide advice where a DPIA has been carried out and monitor its performance.

What you will bring

• Law degree and registered attorney – Preferably German.

• Certifications (e.g. CIPP/E, CIPM) are a plus.

• Minimum six (6) years of data privacy experience required.

• Experience in EU and German data privacy, cybersecurity and data protection laws, and ideally practical experience dealing with local privacy authorities, local data privacy office filings, and regulatory issues.

• At least three (3) years’ experience within a compliance, legal, audit, privacy, and/or risk function, with recent experience in privacy compliance.

• Strong knowledge of EU and German data privacy, cybersecurity and data protection regulation, and familiarity with local regulatory filing requirements in market.

• Must be fluent (both written and spoken) in English and German (C2).

• Sufficient knowledge of information technology and data management systems required; Affinity for understanding various IT solutions and their data protection implications in an international company structure.

• Well-developed and professional interpersonal skills; ability to interact effectively with people at all organizational levels within Mondelez.

• Excellent writing and presentation skills.

• Strong change, project management and leadership skills, including managing time well, prioritizing effectively, and handling multiple deadlines.

• A detail-oriented approach is needed to recommend and implement strategic improvements on a range of data privacy, cybersecurity and data protection issues.

• Ability to handle confidential and sensitive information with the appropriate discretion.

KPI Targets/ Dimensions

• Data Privacy guidance in case of data breaches and compliance with potential notification requirements.

• Data Privacy counseling and check of Data Protection Impact Assessments (DPIAs) provided by the various functions (e.g. IT, Sales, Marketing, Procurement)

• Support GDPR audits (internal/ external)

• Regulatory inquiry resolutions

• Training on data privacy laws to various stakeholder (e.g. IT, Sales, Marketing, Procurement)

• Review of data privacy policies and regular updates

• Third-party compliance checks for GDPR compliance**.**

Relocation Support Available?

No Relocation support available

Business Unit Summary

We value our talented employees, and whenever possible strive to help one of our associates grow professionally before recruiting new talent to our open positions. If you think the open position you see is right for you, we encourage you to apply!

Our people make all the difference in our succes

Mondelēz International is an equal opportunity employer and all qualified applicants will receive consideration for employment without regard to race, color, religion, gender, sexual orientation or preference, gender identity, national origin, disability status, protected veteran status, or any other characteristic protected by law.

Excited to grow your career?

We value our talented employees, and whenever possible strive to help one of our associates grow professionally before recruiting new talent to our open positions. If you think the open position you see is right for you, we encourage you to apply!

IF YOU REQUIRE SUPPORT TO COMPLETE YOUR APPLICATION OR DURING THE INTERVIEW PROCESS, PLEASE CONTACT THE RECRUITER

Job Type

Regular

Legal Business Growth Partners and Services:

Legal