Data Privacy Lead

At Aon, we shape decisions for the better to protect and enrich the lives of people around the world.

As an organization, we are united through trust as one inclusive, diverse team, and we are passionate about helping our colleagues and clients succeed.

What the day will look like

Reporting directly to Aon Enterprise Solutions Shanghai Co Ltd (“AES”) Chief Operating Officer and Aon’s Global Privacy Office, Data Privacy Lead is responsible for providing enterprise-wide privacy and data protection legal and compliance advice, including review and negotiation of privacy agreements and data protection terms, advising on privacy impact assessments for new and innovative uses of data, advise on data breach investigations and management of breach response within AES, periodically assesses AES’s compliance with China data privacy laws and policies and advising Aon’s business on risks related to privacy. The person in this role will provide practical privacy legal and compliance advice to AES’s business and shared services leaders on their privacy and data protection risks.

The Data Privacy Lead will work within the Global Privacy Office and should be passionate about privacy. The person in this role will be comfortable with counselling business partners, negotiating privacy and data protection terms, and navigating a complex organization with broad services related to risk, retirement, health, reinsurance, and data and analytics. The job entails getting deeply involved with ensuring that AES’s business operations are designed, built and maintained in a way that complies with applicable data privacy obligations in their region.

Responsibilities

• Develop and maintain AES privacy management system (advising and drafting internal policies, standards, guidelines, SOPs and etc).
• Work with commercial teams to ensure client contracts and agreements with suppliers or third parties comply with all relevant privacy laws.
• Draft, review, and negotiate privacy and data protection language for AES’s client, supplier, and third-party agreements.
• Work collaboratively within the OneTrust system to review initiatives for compliance with privacy laws, conduct privacy impact assessments and develop solutions that address privacy risks.
• Responsible for important data risk assessment, data cross-border transfer (DCBT) compliance, including overseeing the preparation and completion of DCBT self-assessment report, CAC security assessment approval request, conduct annual DCBT self-assessment and bi-yearly resubmission for CAC security assessment approval for DCBT as well as ensuring separate consent and privacy notice mechanisms are in place for DCBT.
• Advise on data privacy incidents; provide legal advice on notification obligations, best practices for communication. Manage regulatory interactions.
• Establish and maintain excellent working relationships with members of the business and work proactively with them to identify, mitigate and address privacy risks.
• Work closely with the relevant AES stakeholders in assisting business and shared services teams in responding to requests from individuals with common rights under the applicable data protection with respect to their personal information.
• Help support projects designed to maintain awareness throughout the organization of AES’s approach to privacy and commitment to its privacy obligations locally and globally.
• Provide regular privacy training and communications to AES business and shared services teams.
• Help support projects designed to maintain privacy compliance.
• Keep abreast of regulatory developments. Analyse existing and new legislative and regulatory developments to ensure that AES understands and remains compliant with evolving requirements.

Skills and experience that will lead to success

• 3-5 years relevant experience with a focus in privacy and data protection law and regulation, especially the China data protection laws (including but not limited to Data Security Law, Cybersecurity Law and Personal Information Protection Law and their related subsidiary legislations, regulations, guidelines and measures), EU data protection laws (including the GDPR), China sectorial laws that are applicable to AES which impact its data protection and privacy responsibilities, procedures and policies and other data protection and privacy guidelines, measures, standards and specifications issued by the China authorities and regulators that apply to AES’s business and operations (which may include GBT35273/GBT39335/ISO27701).
• CIPP certified, or ability to demonstrate equivalent knowledge
• Experience drafting, reviewing, and negotiating commercial agreements, especially privacy and data protection provisions and addendums
• Experience with interpreting and implementing privacy programs
• Familiar with the new business and application system development process, be able to review and modify the privacy requirements analysis as well as consult with privacy design and privacy acceptance documents at the business and application levels for new system or major system changes. Additionally support for development & continuous privacy analysis for online sales platform
• Have risk assessment capabilities, familiar with privacy impact & data cross-border assessment process, can complete privacy impact assessment (PIA) and cross-border assessment report
• Familiar with the data cross-border assessment process, able to assist the cross-border assessment report for privacy data
• Familiar with the handling procedures and methods of privacy incidents, able to compile emergency plans according to different needs, and complete drills
• Familiar with the internal training and awareness process, able to establish training materials & deliver privacy training to internal staff based on existing and new regulatory requirements
• Familiar with the internal privacy inspection process, assist in the privacy inspection of each department
• Experience working with OneTrust preferred
• You are a self-motivated team player with the ability to learn quickly, identify and resolve legal and business issues, drive projects and earn the confidence of the partners you work with
• You can work independently but also like to be part of a diverse team