Manager, Data Privacy

Posted 5 hours 43 minutes ago by MeiraGTx

£80,000 - £100,000 Annual
Permanent
Full Time
I.T. & Communications Jobs
London, United Kingdom
Job Description
Your mission

The Data Privacy Manager is responsible for the day to day management and continuous improvement of MeiraGTx's global data privacy program across clinical trials and corporate operations. The role provides practical, risk based privacy guidance to business stakeholders and supports the Data Protection Officer and senior leadership in ensuring compliance with global data protection laws.

Purpose of Job

Manage the organization's data privacy program and deliver risk based guidance.

Job Description Key Responsibilities Privacy Program Management
  • Manage and operate MeiraGTx's global data privacy program, ensuring policies, standards, and controls are implemented effectively across clinical and corporate functions.
  • Embed privacy by design and privacy by default principles into business processes, systems, and projects.
  • Support continuous improvement of privacy processes through monitoring, issue tracking, and remediation activities.
Advisory & Stakeholder Support
  • Act as the primary privacy point of contact for business stakeholders, providing pragmatic guidance on data protection risks and compliance obligations.
  • Partner closely with Legal, IT, Security, Clinical Operations, and HR to support compliant data processing activities.
  • Provide subject matter expertise on privacy considerations related to new initiatives, vendors, technologies, and systems.
Regulatory Compliance
  • Support compliance with applicable global data protection laws and regulations, including UK GDPR, EU GDPR, HIPAA, CCPA/CPRA, and other relevant regional requirements.
  • Assist the Data Protection Officer in maintaining regulatory readiness and responding to supervisory authority inquiries or audits.
  • Monitor regulatory developments and assess their impact on MeiraGTx's operations
Risk Assessments & Documentation
  • Lead and coordinate Data Protection Impact Assessments (DPIAs) and privacy risk assessments for clinical trials, systems, and third party engagements.
  • Maintain Records of Processing Activities (RoPA) and other required privacy documentation.
  • Draft, review, and negotiate data protection provisions in commercial contracts and Clinical Trial Agreements.
  • Identify and implement relevant data transfer mechanisms with vendors, as appropriate.
  • Draft and agree Data Sharing Agreements as necessary.
Data Subject Rights & Incident Management
  • Oversee the intake, assessment, and response to data subject rights requests in line with regulatory timelines.
  • Coordinate the management of data privacy incidents, including investigation, documentation, and remediation, in collaboration with Legal, IT, and Security teams.
Training & Awareness
  • Develop and deliver privacy training and awareness initiatives tailored to different business functions.
  • Promote a culture of privacy awareness and accountability across the organization.
Key Performance Indicators
  • Effective operation and continuous improvement of the Data Privacy Program.
  • Timely completion of DPIAs and regulatory deliverables.
  • Compliance with applicable data protection laws and internal policies.
  • Quality, reach and effectiveness of training, guidance, and stakeholder engagement.
  • Timely and compliant handling of data subject requests and incidentsDescribe Expectations.
Key Job Competencies

Privacy & Risk Judgement: Applies regulatory requirements pragmatically to business scenarios.

Stakeholder influence: Builds trust and credibility across functions without direct authority.

Execution Focus: Manages multiple priorities and delivers high quality outputs in a regulated environment.

Communication: Explains complex privacy concepts clearly to non-specialists audiences.

Professional and integrity: Demonstrates sound judgement, discretion and resilience.

Experience and Qualifications
  • Bachelor's degree in Law, Compliance, Information Security, Risk, or a related field (or equivalent experience).
  • Typically 4-6 years' experience in data privacy, compliance, legal, or risk management roles.
  • Strong working knowledge of GDPR and experience supporting privacy compliance in a multijurisdictional, life sciences or regulated environment.
  • Experience with clinical trials, healthcare data, or sensitive personal data is strongly preferred.
  • Privacy certification (e.g., CIPP/E, CIPP/US, CIPM) is desirable but not mandatory.