Data Protection Officer

EveryMatrix is a leading B2B SaaS provider delivering iGaming software, content and services. We provide casino, sports betting, platform and payments, and affiliate management to 200 customers worldwide. The company is profitable, has over EUR 100m in annual revenues, and has 700 employees in offices across ten countries in Europe, Asia and the US. EveryMatrix was founded in 2008 and remained a founder-owned private company.

• At least 2 years’ experience in a similar DPO role (must have)
• Background and expertise in legal, data compliance, data protection audit or IT security
• Expert knowledge of data protection law and practices (must have)
• CIPP/E and/or CIPM certificate (would be ideal)
• Working knowledge and demonstrated experience with complex regulatory frameworks/requirements in terms of Data Protection and ISMS.
• Understanding of IT systems and their connection to data collection and processing
• Experience in organizing and managing audits (internal auditor skills, external audits management skills).
• CISSP Certification - nice to have
• Bachelor’s degree in technical studies - nice to have
• Experience with implementation of data protection processes and internal policies.
• Identity and Access Management knowledge - nice to have
• General knowledge of information security: infrastructure security, application security.
• Other regulatory requirements such as PCI and experience with standards work in security, such as ISO;
• Integrity and high professional ethics
• Organizational skills with attention to detail
• Ability to handle confidential information
• Strong judgment, confident to make independent decisions and the ability to engender trust as well as ethical, with the ability to remain impartial and report all non-compliances.
• Capacity to organize and prioritize;
• Exceptional communication skills and ability to interact with all stakeholders, executives, employees, and clients.
• Dynamic personality.
• Independent and self-managing.

The General Data Protection Regulation (GDPR) has established the concept of a Data Protection Officer (DPO) in Europe.
The Data Protection Officer (DPO) will be involved in all issues which relate to the protection of personal data and will have the independence to fulfil statutory responsibilities.
Therefore, the new DPO’s responsibilities will be:

• Monitors compliance with the GDPR and applicable Data Protection laws for EM group, in different jurisdictions.
• Monitor compliance of the organization with all legislation in relation to data protection, including in audits, awareness-raising activities as well as training of staff involved in processing operations.
• Conducts Data Protection Impact Assessment (DPIA) risk analysis for EM group.
• Handles all data subject access requests.
• Records all our Data processing activities and updates them regularly, having in mind all group operations and development.
• Contact point for all internal and external Data Protection requests (such as DD forms, RFPs for new leads, info for drafting of DP contract appendices)
• Review and draft data protection clauses in client service agreements, non-disclosure agreements, and data controller and processor agreements with clients and suppliers.
• Keep up to date your expert knowledge of GDPR, LGPD, and other upcoming privacy regulations, including guidance issued by supervisory authorities and relevant legal decisions that may impact our processing of personal data.
• Act as point of contact with supervisory authorities, clients, suppliers and internal teams on data protection matters
• Identify and evaluate the company’s data processing activities and maintain records of processing operations
• Monitor data management procedures and compliance within the company
• Draft new and amend existing data protection policies, audit, procedures, processes and guidelines, where required, in consultation with key stakeholders to ensure organisational compliance
• Perform audits and determine whether the company needs to alter its internal procedures to comply with regulations
• Liaise with other organisations that process data on the company’s behalf
• Prepare and maintains (or ensures maintenance of) data protection related documentation, including records of personal data processing, Data Protection Impact Assessments (DPIAs), data incident/breach record; and conducts periodic compliance assessments of these.

• Work together with IT, information security, human resources, sales, legal, marketing, and other business units as well as participates in meetings with managers as is relevant to ensure incorporation of a privacy by design approach into data processing procedures.

• Handle complaints or requests by the institutions, the data controller, data subjects within legal timeframes, and/or introduce improvements on his/her own initiative
• Offer consultation on how to deal with privacy breaches
• Give advice and recommendations to the company about the interpretation or application of the data protection rules and follow up with changes in law
• Approve the standard data processing agreements and assist the legal team in reviewing the third party data agreements to ensure that they are compliant with relevant data protection legislation and regulation.
• Develop and mainten policies, standards, playbooks and standard operating procedures that support global privacy and data protection compliance requirements within the group.
• Arrange for training on GDPR compliance for employees

Perks and benefits:

Headquarters in the heart of the city, at Unirii Square
Flexible schedule
Private Medical Subscription
Daily Catered Lunch
Our own in-house gym, health & well-being programs
Bookster subscription & Books corner (online and offline)
Fun corner: pool, ping pong table, PS4, lots of board games
Internal & external training
Team Activities, Friday Bars, Summer Party & Christmas Party (we like to ‘Work hard, party harder’)
Extra vacation days with every year inside the company
Anniversary Gifts
Fruits Tuesday