Head of Privacy and Compliance - 12 month FTC

Overview

The key purpose of the role is to be accountable and responsible for ASOS's data privacy and data protection needs on a global basis. This will require the provision of data protection and privacy subject matter expertise and advice to the ASOS business across all of its territories, as well as acting as the designated Data Protection Officer (DPO) for the purposes of EU and UK privacy legislation. This is a highly visible and senior role, critical to ensuring that the Data Privacy team effectively manages data protection and privacy risks impacting the ASOS business globally.

You will need to be technically excellent, hands-on, and commercially minded, with a strong professional ethic and the energy, interest, and training to handle a vast array of matters. The ability to juggle complex data issues and distill these into understandable language for the business is essential. You will also need to communicate effectively with ASOS's Tech and Data Teams, as well as ASOS's Commercial, Procurement, Supply Chain, Marketing, and People Teams.

In addition to your role as Head of Privacy and as Data Protection Officer (DPO), you will also be responsible for leading ASOS's Compliance functions (for both ASOS.com and ASOS Payments Limited).

The Details

Privacy and Data Protection

• Responsible for ensuring ASOS meets data privacy requirements globally, including acting as the Data Protection Officer (DPO) for UK and EU markets.
• Providing expert advice on a wide range of data privacy matters globally, which includes general advice on current data privacy legislation, horizon scanning for legislative or regulatory changes, and providing subsequent advice to enable full business readiness.
• Provide strategic and commercially focused advice to the ASOS business in relation to business initiatives.
• Assist the ASOS business in managing its privacy risk profile, aligned with the business's strategic goals.
• Design and develop a programme of work to demonstrate compliance with global privacy standards, ensuring an optimum customer experience.
• Lead the data privacy response to breaches and critical incidents, working closely with various teams including data security and public affairs.
• Drive and coordinate the development of data privacy standards, governance, training, and policies.
• Advise on specialist privacy areas, including data retention, transfer, and analytics.
• Act as the liaison point for privacy matters to ASOS customers, employees, and regulatory authorities.
• Manage litigation or arbitration related to privacy and compliance matters.
• Oversee data subject rights and requests for information.
• Conduct internal and external privacy compliance audits as required.
• Draft and advise on technical privacy and security aspects in contracts.
• Support remediation and notification of personal data incidents.
• Define policies regarding personal data handling, including data subject access requests.
• Maintain the data privacy impact assessment framework and advise on privacy risks and mitigations.
• Act as the escalation point for enhanced privacy complaints and enquiries.
• Advise on marketing and third-party initiatives, particularly regarding consent requirements.
• Review and update fair processing information and privacy notices.
• Provide technical advice around data minimization techniques including anonymisation and pseudonymisation.
• Strategically prioritize the team's resources to meet pressing challenges and communicate priorities effectively.
• Produce regular reports on privacy and data protection compliance and ethics to the Management Committee and Board.
• Lead the development of the ASOS AI Governance Framework, coordinating with cross-functional teams.

Compliance

The Compliance team ensures that ASOS operates in accordance with applicable laws, regulations, industry standards, and internal policies. You will advise senior management on compliance laws, support education on compliance matters, and assess compliance risks associated with ASOS's activities.

• Lead and develop ASOS's Compliance functions for both ASOS.com and ASOS Payments Limited.
• Define and deliver ASOS's global compliance framework, making compliance straightforward for ASOSers.
• Review ASOS's compliance requirements and identify gaps and improvement areas.
• Report on compliance internally and externally, such as to the ASOS Audit Committee.
• Develop and refine policies related to regulatory compliance.
• Horizon scan to prepare the business for future regulatory changes.
• Implement training and communication programmes to embed the Compliance Framework.
• Work cross-functionally with key stakeholders to manage a robust ethics programme.
• Design and embed a policy update process and policy management framework.
• Collaborate with the General Counsel to enhance the Compliance profile within the business.
• Build relationships to drive the compliance agenda and business maturity forwards.
• Act as an independent advisor and business partner, supporting the business in achieving its objectives.
• Follow up on agreed actions and drive through change.

Support ASOS's culture by driving Diversity, Equity & Inclusion strategies.