Global Data Protection Officer

AstraZeneca UK

Location: Cambridgeshire, Cheshire East

Job Type: Full time


Be brave, not perfect.
- Reshma Saujani

Global Data Protection Officer

Location: Cambridge, UK / Macclesfield, UK / Gothenburg, SWE

Competitive salary and benefits package

The Global Data Protection Officer functions at an advanced level of complexity spanning data processing activities across the enterprise. The role reports to the Head of Operations and Innovation for Global Compliance and has a dotted-line into the Deputy Chief Compliance Officer to ensure direct access to both Senior Management and the Audit Committee of the Board of Directors with respect to data privacy matters. The GDPO serves as the Data Protection Officer for AZ in jurisdictions in which a DPO is a central role to privacy governance, including, but not limited to the EU, UK, Brazil, etc. The GDPO will be the central point of contact for data subjects and supervisory authorities. In addition to EU/UK data protection officer responsibilities, this role is also responsible for global horizon scanning and providing advice and oversight based upon strong subject matter expertise and guidance across the elements of an effective compliance program with respect to data privacy. The GDPO works closely with the rest of the Data Privacy Office and broader compliance organisation to enhance privacy risk management and compliance while embedding and fostering a privacy mindset across AZ.

Typical Accountabilities

Company representative for data subjects and supervisory authorities:

  • Point of contact for supervisory authorities related to AZ data processing activities and data subjects

  • Maintain required licenses, registrations and other local regulatory requirements to enable compliant processing and transfer of personal data within the AZ Group and among AZ partners/vendors (e.g., Binding Corporate Rules)

  • Oversight of responses to subject access requests

  • Consult with members of the Global Privacy Office when required on data protection impact assessments and serve as contact to authorities as required on data protection impact assessments and other privacy impact assessments

  • Reporting of significant and/or serious breaches (whether requiring external notice or otherwise), including advice on remediation measure, related oversight and trend analysis

  • All Deputy Data Privacy Officers will have a dotted-line to the GDPO to ensure he/she is able to effectively communicate with data subjects and cooperate with supervisory authorities as needed

  • Partner with the Global Assurance team within Global Compliance, Internal Audit and independent auditing resources (where necessary) to monitor compliance with applicable data protection and privacy laws and broader data privacy requirements and provide assurance on effectiveness of our global compliance program with respect to data privacy risk

Advisor (in consultation with Global Privacy Officer Leadership, legal, outside counsel and local resources as necessary) for members of the Privacy Office and other Global Compliance personnel in their support of the business and evolution of the global privacy program with respect to:

  • Company policy and implementation

  • Data protection impact assessments

  • Ongoing monitoring and enhancing risk assurance capabilities

  • Evolving expectations of supervisory authorities

  • Remediation and continuous improvement activities

  • Unique, novel or high risk business activities or projects as needed

As the leader of AZ Privacy Risk and Assurance function, manage horizon scanning for key jurisdictions globally related to regulatory developments, proposed legislations, expectations of supervisory authorities and best practices (in consultation with legal, external counsel and local resources as needed)

Collaborating with the members of the Privacy Office, Data Privacy Forums/DDPOs and broader Global Compliance committee, as well as key stakeholders from IT, HR, and the business, to fulfil his/her responsibilities and to foster a global privacy mindset across AZ.

Education, Qualifications, Skills and Experience


  • Legal degree or qualifications with extensive experience in privacy law and/or Data Privacy Programs.

  • In-depth knowledge of GDPR, EU/EEA local data protection legislation, UK Privacy Act and UK GDPR, familiarity with US, China and other local data privacy regulations

  • Significant experience and knowledge of privacy program elements and best practices/tools

  • Substantial experience working in a multi-national and multi-regional organization in a highly regulated sector

  • Familiarity with data processing operations in the Global Bio- pharmaceutical sector

  • Significant experience in pharmaceuticals or a related industry; corporate governance, health care regulations, laws and standards

  • Excellent analytical, written and oral communications skills

  • Strong collaborative, partnering, and interpersonal skills, ability to influence across different levels and sectors of the organisation

  • Strong experience speaking to and working with senior leaders, including Board members and executive team members

  • Demonstrated ability to work independently

  • High ethical standards, trustworthy, operating with absolute discretion

  • Demonstrated ability to remain independent and objective while collaborating effectively with stakeholders


  • In-depth knowledge of US federal and state privacy regulations and China privacy/cyber-security regulations

  • IAPP certifications (e.g., CIPP/US, CIPT, CIPM)

  • CIPP certification

  • High degree of digital literacy, familiarity with use of AI, machine learning and automation in across different business applications (e.g., marketing, business services and processes, research and drug development activities)

  • Familiarity with computer security frameworks and technologies

  • Experience interacting with regulatory authorities, auditors, inspectors, and other third external assurance stakeholders

Why AstraZeneca?

At AstraZeneca we’re dedicated to being a Great Place to Work. Where you are empowered to push the boundaries of science and unleash your entrepreneurial spirit. There’s no better place to make a difference to medicine, patients and society. An inclusive culture that champions diversity and collaboration, and always committed to lifelong learning, growth and development. We’re on an exciting journey to pioneer the future of healthcare.

So, what’s next?

Are you already imagining yourself joining our team? Good, because we can’t wait to hear from you!

Where can I find out more?

Our Social Media, Follow AstraZeneca on LinkedIn

Follow AstraZeneca on Facebook

Follow AstraZeneca on Instagram

Job open date: 09/09/2022

Job closing date: 30/09/2022

Date Posted


Closing Date


AstraZeneca embraces diversity and equality of opportunity. We are committed to building an inclusive and diverse team representing all backgrounds, with as wide a range of perspectives as possible, and harnessing industry-leading skills. We believe that the more inclusive we are, the better our work will be. We welcome and consider applications to join our team from all qualified candidates, regardless of their characteristics. We comply with all applicable laws and regulations on non-discrimination in employment (and recruitment), as well as work authorization and employment eligibility verification requirements.

You’ve got this!