Related Posts
McKinsey & Company Bain & Company Hiiii! I’ve been at my job for a year and a couple of months now & I’ve gotten rather bored because the work is repetitive, not challenging, and hasn’t really allowed me to learn or grow as much as I would’ve liked to. Given how I’m still paying a ton of money for my postgrad in Business Comms (that I haven’t really gotten the chance to use), I’ve been thinking of entering the world of consulting. Any word of advice? PwC McKinsey & Company Bain & Company Boston Consulting Group KPMG
What is up with Elephant? (/Huge?)
Talk about a strategy pivot
What makes a toxic work environment?
Who billed the most today?
Has anyone interviewed @Leidos? What to expect?
Additional Posts in Privacy Law
New to Fishbowl?
unlock all discussions on Fishbowl.
1)Sales agreement privacy issues
2) vendor agreement privacy diligence
3) marketing privacy advising (CAN-SPAM, CASL, etc.)
4) fielding government inquiries requests for/about data
5) creating and implementing data retention schedules
6) product counseling on privacy implications
7) data incident response counseling
Non-attorney perspective, from someone who works with them regularly (not sure how accurately this reflects their 9-to-5, but may inform how you’ll interact with technical resources):
1. Provide legal expertise on privacy, security, & compliance concerns and projects. (Obviously)
2. Lots of meetings, keeping up to date with changes in privacy laws and regulations, writing and reviewing policy documents, participating in incident responses, guiding, and/or executing external comms.
3. Most significantly for me: establishing the goals and guardrails of the privacy programs and solutions I implement. This is a function also carried out by DPOs with non-legal backgrounds (and is always a collaborative process as the cross-population of lawyers & OSCP/CASP-holders is vanishingly small), but in my experience, attorneys do it better 🤷
4. Statutory DPO duties — acting as a POC for subject rights requests, for example — but this is, at least in my organization (which is not a major controller or processor) not a primary focus for privacy attorneys.
Reviewing, negotiating, and maintaining template data processing agreements.
Writing privacy policies and advising the business on privacy considerations in the implementation of new platforms and new processes.
Assisting in drafting template responses to data subject requests.
Establishing sustainable processes that can be rolled out to many markets
Providing employees training
In-house or firm matters here. Also size of company/firm. At an F500 I wore all the hats at my current F15 my role is narrower