Secondment via YER
IT & Telecom, High Tech
About this vacancy
Ensuring setup and execution of a Privacy Monitoring Program, in order to prevent, detect and report data protection risks, stimulate solutions and taking part in the execution of corrective actions. Contributing in setting up and maintaining the ASML privacy practice, supporting ASML in its Privacy Compliance Journey contributing to implement the ASML Privacy Control Framework and monitoring progress.
- Being responsible for designing a worldwide Privacy monitoring program, ensuring it remains up-to-date and adapted to the Company and Privacy Office circumstances / instructions, ensuring it is consistent with the Company Compliance monitoring standard
- Being responsible for planning the execution of the monitoring testing activities, including, among others and for example:
- Privacy Risks, identifying flags and managing up when necessary
- Privacy Assessments
- Binding Corporate Rules implementation
- Being responsible for performing the monitoring and testing activities through regular and ad-hoc tasks, both independently and in cooperation with the other members of the Privacy Office
- Being responsible for executing the monitoring of the evolution of privacy and data protections laws and regulations applicable to ASML, both independently and in cooperation with the other members of the Privacy Office
- Being responsible for building and keeping up-to-date a Privacy Monitoring Dashboard
- Being responsible for creating reports of completed and ongoing monitoring and testing activities both at country level and at group level
- Being responsible for updating stakeholders on the progress of activities and findings with reports, meetings and presentations and escalate significant findings to the ASML Chief Privacy Officer
- Being responsible for supporting the internal and/or external Audit team(s) in the preparation and execution of the periodic Privacy audits and being in the lead for triggering the execution of potential remediation actions
- Contribute to the work of the Privacy Office in any other ways reasonably expected, including implementing Privacy Controls Framework, participating in projects/programs and workgroups and assisting with other priorities
- Periodically monitoring maturity level with regard to the areas of responsibility
- Carrying out Awareness activities with regard to the areas of responsibility
- Periodically reporting to the Chief Privacy Officer with regard to the areas of responsibility
- There are several challenges/ issues facing the members of the ASML Privacy Officer in their role mainly relating to:
- Complexity of the global Privacy regulations – The Privacy domain has been constantly evolving all around the world and ASML is a company spread all around the globe. This makes the understanding, connection and operationalization of the different privacy requirements challenging and strategically important for the ASML privacy compliance journey.
- Complexity of the ASML organization – ASML is a fast growing and fast paced organization. This puts the management of the cross-boarder transfers of personal data within and outside of the organization constantly at the top of the privacy list.
- Fines and Consequences for Non-compliance - ASML must be able to demonstrate to the internal & external auditors and potentially privacy authorities that a privacy practice is in place, that the internal and external responsibilities are assigned and fulfilled, in order to mitigate the risks of not being compliant with internal and external privacy laws and regulations.
- Privacy culture – ASML is developing a privacy culture, gradually growing embedding privacy in the daily operations. The growth of the Privacy Maturity level is strictly related to the spread of privacy culture all around the organization.
- Personal Data Breaches – ASML processes an important amount of personal data, in cooperation with its data processors. Making sure that the data is adequately protected and that the potential personal data breaches are promptly and correctly addressed is key in order to mitigate the risks of non-compliance.
- The key decisions a Privacy Monitoring Officer will need to make include:
- Prioritize Privacy Monitoring Planning, based on the ASML Privacy Strategy and Privacy Control Framework
- Connect with the stakeholders being capable of getting them onboard and engaged
- Be structured, factual and practical when planning and reporting
- Escalate the issues at the adequate identifying adequate timings
- Build and maintain strong and positive relations with the relevant stakeholders
- Be capable to set and implement the role that the ASML Privacy Office wants to play within the organization
- The whole ASML is part of the ASML Privacy Office stakeholders. Every and each department, business, country, region may seek for privacy advices and/or being involved in privacy programs / projects.
- The main stakeholders to team up with will be:
- Members of the Privacy Office / Privacy Network
- Employees, suppliers, customers, and other third parties, whose personal data we process;
- Senior executives (BoM, ExCom, and Supervisory Board) who are accountable for the development, execution and oversight of our privacy compliance program. They also set the ‘tone at the top’;
- The business (e.g., HR, IT, Info Sec, Corp Legal, Strategic Sourcing & Procurement, Sales, CS, etc.) and other team members who rely on our expertise and advice, Business unit representatives help ensure that privacy practices are being implemented and followed across the business and that the privacy team is aware of any privacy issues that arise within the business.
- (external) Privacy authorities and regulators, who have oversight of our privacy management practices and can issue fines and other penalties up to 4% of our global annual turnover.
Context of the position
The ASML Privacy Office is part of the ASML Privacy Practice, based on a dual-layers organization, composed by the Privacy Office itself and by the Privacy Network. The ASML Privacy Office acts as focal point for all the privacy and personal data protection matters within the company and has the main duties to:
- define the Privacy strategy and framework, leading and overseeing its group-wide implementation,
- advise management on privacy and personal data protection related risks (i.e. through DPIAs),
- define privacy controls / actions and monitor their implementation,
- define and monitor the privacy awareness program,
- handle privacy related requests and personal data breaches,
- launch and coordinating specific special programs and projects.
Other relevant organizational aspects:
(e.g.: diversity of the business, acquisitions/ventures, geographical spread, risk, etc.)
The pending approval of ASML’s Binding Corporate Rules (BCRs), relating to the international transfer of data, will expand the scope of the personal data protection legal requirements to other regions and additional stakeholders (employees and business partners) in these regions. This may lead to an increased workload within the Privacy Office.
ASML is a successful Dutch high-tech enterprise that produces complex lithography systems used by chip manufacturers in the production of integrated circuits. ASML is at the cutting edge of this technology and delivers systems to all the world's leading chip manufacturers. ASML's employees are among the most creative talents in the fields of physics, mathematics, chemistry, mechanical engineering and software. Every day they collaborate in close-knit multidisciplinary teams in which members listen to and learn from one another and exchange ideas. It is the ideal environment for professional development and personal growth.
ASML is headquartered in Veldhoven, the Netherlands.
- Good employee benefits
- Challenging assignments
- Excellent guidance from your consultant and YER's back office
- Development opportunities, including the YER Talent Development Programme with a personal coach
- Intensive support for international candidates (including Dutch lessons, tax-return and accommodation assistance)
- Cooperative and results and relationship-driven
- Friendly atmosphere and open culture
- Community/network with other technology professionals from a variety of multinationals
- Events and master classes with interesting speakers and attractive companies
The ideal candidate should have:
- 2+ years experience on Privacy
- Autonomy and ability to organize and prioritize high workload
- Understanding of Privacy related matters and the main Privacy processes
- Knowledge of audit/testing methodology
- Strong business orientation and flexibility
- Excellent planning and organizational skills
- Team-spirit, collaboration skills and ability to connect people and gain trust
- Excellent written/verbal communication and presentation skills. Fluency in English and preferably one other language
- Quality and risk-management orientation