Group Data Protection Manager

Purpose of the role

• Responsible for directing and overseeing all data protection activities for the Wizz Air Group (currently including Wizz Air Hungary, Wizz Air UK, Wizz Air Malta AOCs and other subsidiaries). 
• Fulfil statutory obligations applicable for a Data Protection Officer under the General Data Protection Regulation (GDPR) as well as local requirements. 

Responsibilities

• Manage the assignment of responsibilities to ensure privacy by design at all levels and deliver compliance with data protection laws and policies of the Wizz Air Group. 
• Inform and advise on data protection laws and policies of the Wizz Air Group. 
• Maintain appropriate data protection policies and procedures and ensure their implementation. 
• Monitor compliance with data protection laws and policies of the Wizz Air Group: collect information to identify processing activities, analyse, and review compliance of processing activities. 
• Review and maintenance of the privacy notices and consent forms. 
• Answering subject access requests with the support of OneTrust platform. 
• Management of personal data breaches, which may include conducting ENISA risk assessment. 
• Conducting Legitimate Interest, Data Protection Impact Assessments and Data Transfer Impact Assessments. 
• Advising the Wizz Air Group on the EU AI Act and AI solutions.  
• Manage a program of awareness-raising and training to deliver compliance and foster a data privacy culture within the Wizz Air Group. 
• Ensure that the Wizz Air Group addresses all queries from data subjects within legal timeframes. 
• Liaise with service providers and other contracted partners who participate in the data processing activities of the Wizz Air Group. 
• Act as a point of contact with EU residents, supervisory authorities, and internal teams. 
• Follow up with changes in data protection law and issue recommendations to ensure compliance. 
• Continuously review to simplify and streamline processes to provide scalability for growth of the business. 
• Be the champion of Legal Digital Innovation project.  

Experience

4-6+ years overall working experience, with 3+ years of experience in a consulting company, law firm, or legal/compliance department of a multinational company with proven experience in Data Protection and IT Law.

Hard skills

• Solid knowledge of the European data protection legal framework. 
• In-depth understanding of GDPR and the EU AI Act (ideally holding a CIPP/E and/or CIPM and/or AIGP as well as CISM or CISSP). 
• Experience with developing, documenting, communicating, and rolling out a global privacy program. 
• Experience in tools to automate privacy, and report on privacy compliance. 
• Knowledge of cybersecurity risks, PCI DSS, and other information security standards. 
• Understanding of global privacy law in relation to all business functions (sales, marketing, HR, R&D). 

Education

• Law degree. 
• IT qualification or understanding IT/technology is plus. 

Language

Fluent English (both written and spoken)

Skills and competencies

• Strong leadership skills and ability to manage cross-functional projects. 
• Ability to make good judgments regarding data privacy risks and prioritize resources and activity around managing those risks. 
• Good analytical and problem-solving skills. 
• Effective communication capabilities, both verbal and written, comfortable working with diverse cultures. 
• Ability to work with peers and senior management, inspiring trust and confidence. 
• Good organizing and coordinating skills. 
• High degree of independence, with attention to detail.