Consultant-EMEA Data Protection and Privacy, Medtronic, Heerlen, Limburg, Netherlands - flexible

The preferred location for this position is Heerlen, the Netherlands, although there is flexibility for locations that allow for easy travel to Heerlen in neighboring countries close to other Medtronic Offices including in the Netherlands, Belgium, France, UK, Ireland, Spain, or Switzerland. While not preferred, this position could be based in Minneapolis, Minnesota, USA at Medtronic Operation Headquarters where the Global Data Protection and Privacy Program team is located.

As the Consultant, EMEA Data Protection and Privacy (“Consultant”), you provide leadership and direct support for the strategy, design, development, implementation, and ongoing management of Medtronic’s Global Data Protection and Privacy Program activities that address and support EMEA, US and OUS legal and regulatory requirements. In collaboration with the Senior Director, as a seasoned professional, you actively engage with privacy professionals within the team as well as regional and business unit personnel and leaders to provide privacy expertise, direct support, and influence management for operational execution and compliance with EMEA, US and OUS based legal, regulatory and business data protection and privacy requirements.

In alignment with the Global Data Protection and Privacy Program policies, standards and requirements, you focus on a wide range of business operations activities, practices and standards to meet EMEA, US and OUS privacy regulatory requirements such as HIPAA, PIPEDA, US Patriot Act, Breach Notification laws, EU 95/46, GDPR, regional and country specific laws throughout globe, ISO and other standards bodies and international standards.

The Data Protection and Privacy team operates as a high functioning team within a relatively flat team structure. Members of this team are innovative, highly flexible; enthusiastic collaborators; results orientated; independent; actively engaged; and able to influence without direct authority.

In collaboration with data protection and privacy leadership, the broader team, and the business, you closely align with multiple partner stakeholders and the global data protection professionals to design, execute, and execute standards and practices for effective data protection and privacy across Medtronic.

Key responsibilities include:

  • Lead by example to model a culture of ethics and integrity; exercise sound judgment and courage as a trusted advisor to the business and to the team; 
  • Provide data protection and privacy program and requirements subject matter expertise as key resource and point of contact to regional, business, partner functions, and other key stakeholders;
  • Conduct and evaluate privacy impact assessment (PIA) activities and/or business consulting for new product development, material changes to existing products, third party vendor privacy assessments and business consultation requests as required by the PIA standards and procedures. Analyze results of assessments to identify trends and patterns that can be used to improve review efficiencies, existing processes, and standards: 
  • Lead or direct region or business level privacy assessments that results in program enhancement, mitigation and remediation activities as appropriate;
  • Lead or direct the development and implementation of regional or business unit corrective action for identified privacy incidents or breaches; provide routine remediation status reporting for management and governance oversight;
  • Collaborate with business resources and leadership and other key stakeholders to implement new legal and regulatory requirements relating to data protection and privacy impacting Medtronic businesses. Provide communication and guidance to regional and business leads personnel for implementation of identified requirements. Design and implement effectiveness testing for high risk implementation activities as appropriate; 
  • Design, direct and execute data protection and privacy operational compliance monitoring activities in collaboration and coordination with the organization's security, compliance, audit, risk management and other related corporate functions as appropriate;
  • Develop and implement business level data protection and privacy policies, standards and procedures, as required. Ensure routine review and approvals thorough the Data Protection and Privacy Office as required; 
  • Provide subject matter expertise for development and implementation of role based data protection and privacy training as required. Coordinate module review with the Data Protection and Privacy Office as necessary to confirm alignment of content and approach with the broader data protection and privacy training and awareness program; 
  • Collaborate with the legal team to develop and provide business access to model data protection and privacy documents such as confidentiality notices, consents, authorization forms, contract language, business associate agreements and other related required documents; coordinate with DPP Program team for model document review, approval, maintenance and exception procedures for these types of privacy documents;
  • Collaborate with legal and the business privacy leads to design and implement standards and processes for business response to individual rights requests such as data access requests, accounting of disclosures, the right to inspect and copy, restrictions on disclosures, opt-in or opt-out requirements and other related individual rights;
  • Design and implement business unit privacy “Covered Entity”, “Business Associate” or similar privacy related contracting requirements; 
  • Lead and execute data protection and privacy efforts for the due diligence and integration of acquisitions within the businesses;
  • Provide input and detail for budget planning, monitoring, and function metrics and reporting as requested;
  • Provide subject matter expertise for the Global Data Protection and Privacy Program in development and implementation of core privacy program elements as requested. 
  • Other responsibilities as assigned.

Must Have:

• BS/ BA Degree
• 10+ years of privacy experience with a Bachelor’s Degree and 8+ years of privacy experience with a Master’s or Advanced degree
• Knowledge of and experience supporting business understanding and compliance with US privacy laws 
• Experience supporting a data privacy, security or equivalent function directly or indirectly for a large, regulated and matrixed organization
• Project/program management experience
• Experience with business operations requirements implementation
• Experience in supporting cross-functional teams
• Willingness to travel around 10% of the time

Nice to Have:

• Advanced degree
• Proven track record of successful and broad influence management
• Experience in the healthcare industry
• Experience directly or indirectly with compliance or similar function
• Experience supporting change management projects
• Strong knowledge of, and experience in program and project management
• Experience working with global and/or matrixed IT systems, services, operations or other related management environment
• Demonstrated cross-functional team execution skills
• Experience assessing and defining system specifications preferably in relation to compliance with data protection and privacy regulations
• Demonstrated advocate for proper data management systems
• Demonstrated experience building positive relationships with a variety of stakeholders, including with employees, clients, senior management, external parties/authorities and suppliers.
• Demonstrated results orientation (driving to deadlines, financial targets, project goals, etc.)
• Strong ability to work collaboratively and partner with employees, other leaders, clients, and vendors.
• Demonstrated ability to work across many levels of an organization, from VP to non-exempt staff
• Demonstrated ability to work across a matrixed or virtual organization and still meet objectives
• Demonstrated ability to manage multiple priorities simultaneously.
• Demonstrated ability to utilize excellent decision making skills.
• Experience and demonstrated ability to present to a variety of audiences including the ability to translate technical information
• Lean Sigma or Six-Sigma training/experience
• Vendor management experience
• Familiarity with FDA/EDA and FTC regulations, HIPAA, PIPEDA, US Patriot Act, EU 95/46 and GDPR, Breach Notification laws, ISO and other standards bodies and international standards

Application Submission Information: