Senior Counsel - Privacy, AI and Data Responsibility

Senior Counsel - Privacy, AI and Data Responsibility

Placering
Ballerup

Our Purpose

Mastercard powers economies and empowers people in 200 countries and territories worldwide. Together with our customers, we’re helping build a sustainable economy where everyone can prosper. We support a wide range of digital payments choices, making transactions secure, simple, smart and accessible. Our technology and innovation, partnerships and networks combine to deliver a unique set of products and services that help people, businesses and governments realize their greatest potential.

Title and Summary

Senior Counsel - Privacy, AI and Data Responsibility
Position – Senior Counsel - Privacy, AI and Data Responsibility
Location – Denmark

Overview
Mastercard is committed to balancing innovation while protecting individuals’ privacy and has embraced privacy and data protection as core to the successful execution of its business strategy. As part of that commitment, Mastercard has established a world-class privacy program and is currently adding talent to its global team.

The Senior Counsel - Senior Counsel - Privacy, AI and Data Responsibility will support both the strategy and the daily operations of the Europe Data Protection Office (“DPO Office”) and the Open Banking Privacy Team. The position will report to the Head of the DPO Office and the Senior Managing Counsel for Open Banking, will be a member of the Privacy, AI and Data Responsibility team as well as a member of the Law & Policy team.

Role
The Senior Counsel - Privacy, AI and Data Responsibility will be part of the DPO Office and focus on Mastercard’s Open Banking business in Denmark and the UK to ensure privacy compliance, including necessary documentation, oversight and senior management reporting. The Senior Counsel will drive engagements with data protection authorities, clients and individuals and ensure accountability under the GDPR. The position requires the ability to understand and apply complex data-related including privacy & data protection laws, therefore a deep understanding of the General Data Protection Regulation (“GDPR”) will be important. The candidate will also need, or be willing to quickly develop, a good working knowledge of the Payments Services rules and regulations associated with Open Banking. This is a fast-moving field, and it will be important that the successful candidate is comfortable analyzing new technologies and innovative product constructs. The role will require effective communication and reporting with internal and external stakeholders globally.

Activities include:

• Ensure that Mastercard complies with global, regional, and local privacy and data related laws (including the Danish Payments Act, GDPR, UK DPA, EDPB Guidelines, Open Banking/Open Finance laws, EU Payments Package, any new and evolving privacy laws and regulations) and is able to show accountability to regulators, clients and individuals.
  • Maintain and monitor data protection impact assessments, records of processing, legitimate interest tests, transfer impact assessments and any related materials required to manage internal data protection activities and ensure compliance with applicable laws and Mastercard’s data protection policies in close collaboration with the business.
  • Provide guidance and thought leadership on application of data protection in Open Banking including promoting consistency between the Open Banking strategy and Mastercard’s Global Privacy and Data Protection Program and DPO Office.
  • Ensure individuals’ and regulators’ privacy expectations are met and Mastercard privacy policies and standards as well as Mastercard’s Binding Corporate Rules (“BCRs”) are complied with.
  • Organize and handle complaints and requests from data subjects, and support queries from customers, clients, partners and suppliers regarding Mastercard’s compliance privacy and data laws and regulations in close collaboration with internal and external stakeholders.
  • Liaise with regulators globally and specifically Danish, UK and EU Data Protection Authorities on Mastercard’s Open Banking processes, including in the event of investigations and audits.
  • Advise on and identify legal, business and technical infrastructure requirements and assist with complex contract negotiations with clients, partners, and vendors to promote privacy compliance.
  • Maintain Open Banking Privacy Risk and Control Framework advise on Open Banking privacy controls implementation to enable privacy timely compliance and appropriate reporting in partnership with legal, risk, business, technical teams as well as coordinate with external counsel to ensure implementation.
  • Analyze evolving and new legal requirements in the Open Banking and privacy space, perform gap analysis and work with stakeholders to ensure that Mastercard complies with the requirements.
  • Manage data breaches and responses to individuals’ privacy requests in partnership with members of the privacy team globally.
  • Identify new and/or increased individuals’ rights under local data protection laws and ensure implementation globally.
  • Manage and enable privacy assurance, testing and monitoring activities for Open Banking, including reporting and analytics pertaining to data-related and privacy and data protection laws.
  • Engage with the organization and provide guidance and training to employees on privacy and data protection requirements in the Open Banking business; handle employee privacy-related queries and raise employee awareness about privacy and data protection developments.

All activities involving access to Mastercard assets, information, and networks comes with an inherent risk to the organization and, therefore, it is expected that every person working for, or on behalf of, Mastercard is responsible for information security and must:

• Abide by Mastercard’s security policies and practices;
• Ensure the confidentiality and integrity of the information being accessed;
• Report any suspected information security violation or breach, and
• Complete all periodic mandatory security trainings in accordance with Mastercard’s guidelines.

• Legal and analytical mindset
• Pro-active approach and solution driven attitude to privacy compliance; ability to operationalize privacy requirements in a practical manner
• Ability to familiarize with new privacy laws and requirements quickly and translate to compliance tasks
• Experience with and excellent understanding of individuals’ data privacy rights and expectations
• Familiarity with financial sector and experience with regulatory engagements regarding payments and Open Banking would be a plus
• Basic knowledge of software development, data management and data integration processes would be a plus
• Ability to collaborate with various types of stakeholders (business, lawyers, third parties such as customers and vendors and regulators)
• Superior time management, planning, and organizational skills
• Excellent written and oral communication skills in Danish and English, ease to communicate with stakeholders globally, both internally and externally. Attention to detail is a must
• Exceptional interpersonal skills with proven experience in relationship building and partnering. Must work well in both team and individual settings
• Ability to drive execution of DPO and privacy compliance tasks, motivate and influence business and other stakeholders

Corporate Security Responsibility

The ideal candidate for this position should have:

All About You
• European Law degree required, preferably from a reputable Danish, Swedish or Norwegian university; specialization in privacy and data protection
• Membership to a Bar (if permitted by law)
• Additional qualifications e.g. Master of Laws degree, IT certifications, CIPM, CIPP/US, CIPP/E, considered as an asset
• Experience, and track record dealing with privacy laws including the GDPR, CCPA, LGPD and Open Banking/Open Finance laws, EU payments rules and regulations, Danish Payments Act
• Expertise in carrying out DPO tasks including reporting and maintaining privacy documentation, handling regulatory and data subjects’ requests
• Expertise in managing privacy risks, monitoring & testing and reporting
• Fluent in Danish and fluent in English