Booking Holdings (NASDAQ: BKNG) is the world leader in online travel and related services, provided to customers and partners in over 220 countries and territories through six primary consumer-facing brands – Booking.com, KAYAK, priceline, agoda.com, Rentalcars.com, and OpenTable. The mission of Booking Holdings is to make it easier for everyone to experience the world. 

Booking Holdings Financial Services (hereinafter “BHFS”) provides financial services in the form of payment services and e-money products across all the brands. BHFS is committed to conducting its business in compliance with applicable laws, regulations and guidelines, with integrity and to the highest ethical standards

BHFS is looking to recruit an experienced Global Data Protection Officer (Global DPO) to meet its obligations under the European Union (EU) General Data Protection Regulation (GDPR) and other relevant privacy regulations. 

Reporting to the General Counsel, you will monitor compliance and data practices internally to ensure the business and its functions comply with the applicable requirements under the GDPR. You will be responsible for staff training, data protection impact assessments, and internal audits. You will also serve as the primary contact for supervisory authorities and individuals whose data is processed by the organisation. 

You will also be responsible for overseeing BHFS’s privacy program globally and monitor the global privacy maturity framework. In your role, you will be expected to collaborate with global Privacy Officers, Data Protection Officers and teams at Booking Holdings and across the Booking Holdings brands. participate in cross-brand privacy initiatives and projects and support global data processing and data transfer arrangements..

You will be a Senior member of the BHFS Legal and Privacy team and will manage a small team of highly impactful privacy professionals, and be an exemplary role model for all the Legal and Privacy Team and beyond.

Key Responsibilities

In this role, you will work closely with Product and Tech, Operations Legal, Compliance, and Information Security functions to develop and monitor policies and standards applicable to the business and in compliance with the GDPR and other relevant privacy regulations globally. You will also be pivotal in ensuring that the BHFS program globally adheres to the highest standards of privacy compliance and will manage a small team of privacy professionals in the delivery of the BHFS program. 

Duties include: 

• Implement measures and a privacy governance framework to manage data use in compliance with the GDPR and other relevant local privacy regulations, including developing templates for data collection, assisting with data mapping, data protection impact assessments and vendor and outsourced service provider reviews.

• Oversee the privacy program, monitor privacy maturity framework (NIST) and make recommendations for control improvements and enhancements. 

• Serve as the primary point of contact and liaison for the Irish DPC, the UK ICO, other EEA Data Protection Authorities and US state regulators on all data protection related matters. 

• Be accountable for all filing and reporting requirements under GDPR and with relevant local regulators. 

• Collaborate with global Privacy Officers and teams at Booking Holdings and across the Booking Holdings brands and participate in cross-brand privacy initiatives and projects, including Data Protection Officer Network

• Horizon scan and monitor changes to local privacy laws and ensure that the BHFS privacy framework globally remains fit for purpose and compliant. 

• Develop and monitor policies and standards to ensure privacy compliance.

• Develop and deliver privacy training to the BHFS board and committees and to various business functions. 

• Develop strategies and initiatives to ensure engagement with key internal and external stakeholders on all privacy developments. 

• Coordinate with internal and external audit on data privacy audits. 

• Collaborate with the Information Security function(s) to maintain records of all data assets and exports, and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to data subject access requests (DSARs).

• Provide advice where a DPIA has been carried out, make recommendations to senior management and monitor its performance;

• Promote a culture of data protection and compliance across all units of the organisation and its partner entities

Knowledge Skills & Abilities

• 10 plus years of relevant experience 
• Experience working in a regulated industry with complex cross jurisdictional structures.
• Proven record of reporting and engagement with boards, C Suite Executive and external regulatory organisations.
• Strong knowledge of EU data privacy and data protection regulation, and a good understanding of other major privacy frameworks, including the US, and evolving legislation worldwide, especially in the digital sector.  
• Sufficient knowledge of information technology and data management systems required.  
• Ability to manage, undertake large, complex, long-term projects, and implement strategic improvements, develop alternative methods to complete them, and implement solutions.  
• Ability to use independent judgment and discretion in decision-making when making the majority of decisions. 
• Detail-oriented with the ability to handle confidential and sensitive information.approach needed to recommend and implement strategic improvements on a range of data privacy and data protection issues.  
• Ability to handle confidential and sensitive information with the appropriate discretion. 
• Ability to work effectively in a multi-functional, multi-cultural environment and withAble to work effectively in a multi-functional, multi-cultural environment and be open to change and the challenges that arise in a dynamic environment
• Strong interpersonal skills and the ability to interact skilfully and confidently with internal partners and colleagues to develop ideas, find opportunities, and influence outcomes.
• Excellent verbal and written communication skills.
• A sense of urgency in solving inquiries and requests to ensure timely resolution and an ability to work effectively under pressure.
• Willingness toSome travel as will be required. 

Personal Attributes

• A role model for the Legal and Privacy Team, promoting a culture of data protection and compliance.

• Open to change and adaptable to the challenges of a dynamic environment.

• A sense of urgency in resolving inquiries and requests to ensure timely resolution.

• Ability to work effectively under pressure.