Share this Job

Senior Legal Counsel - Data Privacy and Protection IOGC

Date: May 15, 2021

Location: London, United Kingdom

Company: KPMG UK

Title: Senior Legal Counsel, International Office of General Counsel (IOGC)
Service Live: KPMG Global
Grade: A (Director)
Location: London + some international travel (post covid)
Role type: Full time, Permanent


This is an outstanding opportunity to join an expanding legal team of high calibre in a global organisation and a chance to broaden your range of legal skills and experience and to make a deep impact within our firm.

IOGC is our international, in-house legal team. The team provides legal advice and support to KPMGI’s senior leadership and the various groups that support them. This includes advice and support in connection with critical strategic projects, and key brand and legal risks that can significantly impact the KPMG global organisation. IOGC is also regularly consulted on legal issues relating to member firms that may have a significant impact on the KPMG global organization. IOGC does not, however, provide member firms with legal advice.

Role Summary

The increasing importance of technology in KPMG’s business has resulted in a need to continually assess how we manage risk across the Global Organization in pursuit of our Collective Strategy, including our ability to operate within our risk profile in the areas of information privacy, confidentiality and information security. By working closely with colleagues in Global Quality Risk Management and the Information Protection Group (including the Head of Information Protection Risk Management and the Global Chief Information Security Officer), this role will play an important part in addressing information protection risks in KPMGI and the global organization.

The role will provide, under the ultimate supervision of the General Counsel or other senior experienced lawyers in the team, legal advice on a broad range of privacy and data protection issues, including (i) GDPR, the Data Protection Act (UK) 2018, the US CLOUD Act, the California Consumer Privacy Act, the New York Privacy Act, the Hong Kong Personal Data (Privacy) Ordinance, the Singapore Personal Data Protection Act, and other relevant national laws and regulations, (ii) information security incidents, data breaches and cybercrimes, (iii) privacy and information security issues in procurement contracts and alliance agreements, (iv) privacy policies and statements, and (v) privacy reviews of both KPMG and third party technology solutions.

Duties include:

- Providing legal expertise on complex data protection matters, e.g. cross-border data transfers, information security incidents, data breaches and cybercrimes, and disclosures of data to governmental and regulatory authorities.
- Managing the Global privacy management team, supporting collaboration with OGCs and privacy professionals across KPMG member firms, performing privacy reviews of technology solutions and advises on privacy and information security issues in procurement contracts and alliance agreements.
- Proactively monitoring and responding to the latest legal and regulatory developments and advising on the impact of these laws and regulations to the business.
- Implementing required data privacy and information protection changes in creative and business-centric ways that address risk
- Working globally to ensure KPMG’s ongoing compliance with data protection laws, including GDPR, the Data Protection Act (UK) 2018, the US CLOUD Act, the California Consumer Privacy Act, the New York Privacy Act, the Hong Kong Personal Data (Privacy) Ordinance, the Singapore Personal Data Protection Act and other relevant national laws and regulations.
- Supporting a wide range of regulatory inquiries, including direct engagement with regulators worldwide.
- Involvement in the drafting, reviewing, amending and updating of a range of privacy and data protection documents, including organisation-wide agreements, global policies, privacy statements and templates.
- Providing support to Global Procurement and Global Alliance colleagues in relation to drafting and negotiation of complex commercial provisions relating to data privacy and protection laws and regulations.
- Performing KPMG and third-party technology solution reviews from a data privacy perspective.
- Assisting IOGC colleagues in evaluating the impact of data privacy and protection laws, regulatory guidance and enforcement actions on KPMG and third party technology solutions.
- Maintaining subject matter expertise in areas of data privacy and information protection law.
- Training and educating KPMG professionals on legal risks related to non-compliance with data privacy regulations
Essential Requirements

- Qualified and licensed to practice law and have a degree from an accredited college or university with 10+ years PQE (or equivalent, if not qualified in the UK) within data privacy and information protection law, with significant experience advising on laws and regulations across multiple jurisdictions mainly advising business transactions.
- One or more certifications from the International Association of Privacy Professionals (IAPP) and/or International Information Systems Security Certifications Consortium (ISC2).
- Demonstrable, deep technical legal skills expertise in data privacy and information protection, with a focus on providing legal advice on a range of global privacy laws, regulatory guidance and enforcement actions.
- Technical understanding of how technology solutions process data, and the ability to translate such technical information into privacy statements.
- Negotiation and drafting skills, focused on data privacy and information security, across a wide variety of inter-firm governance, commercial technology and alliance agreements.
- Able to translate complex legal and regulatory issues, within the context of complex technical and business issues, into easily understandable, pragmatic and commercial advice.
- Deep understanding of the types of data privacy and protection issues and challenges faced by a large global organisation, along with an understanding as to how to balance the needs, demands and requirements of a global business with legal risks and protections
- Deep understanding of the core concepts of information security and the ability to quickly understand how these relate to the data privacy aspects of KPMG’s services and business.
- Significant experience liaising with regulatory authorities concerning data privacy matters in one or more jurisdictions.
- Experience working as part of a legal team (either at a top tier law firm or at an equivalent position in-house) on complex cross-border commercial matters.
- Ability to advise on, and drive forward the implementation of, solutions to complex issues and matters with an international/cross-border dimension.
- Experience managing legal and other professionals in multiple jurisdictions.
- Ability to work flexibly and collaboratively as part of a supportive legal team while taking responsibility for their own work.
- Must be self-motivated and able to thrive in a fast-paced, high-volume legal department with many different stakeholders worldwide.
- Collaborative and inclusive approach in engaging in a culturally sensitive way with senior leaders globally building effective relationships.
- Supervision, mentoring, performance management skills.
- Ability to instruct and manage external counsel as required
- A natural interest and affinity in cloud-based technology solutions and technical innovation


Job Segment: Database, Law, Compliance, Risk Management, Information Systems, Technology, Legal, Finance