Medtronic Data Protection and Privacy Consultant (m/f) in Heerlen, Netherlands

Data Protection and Privacy Consultant (m/f)


Heerlen, Limburg, Netherlands

Requisition #:


Post Date:

Sep 07, 2017


The position can be basedin either Heerlen (the Netherlands) orFridley (Minnesota, USA), with other locations nearby allowing commute to either base 2-3 days a week.

Careers that Change Lives

The Data Protection and Privacy Consultant (“Consultant”) provides leadership and direct support for the strategy, design, development, implementation, and ongoing management of Medtronic’s Global Data Protection and Privacy Program activities that address and support US and OUS legal and regulatory requirements. In collaboration with the Senior Director, this seasoned professional actively engages with privacy professionals within the team as well as regional and business unit personnel and leaders to provide privacy expertise, direct support, and influence management for operational execution and compliance with US and OUS based legal, regulatory and business data protection and privacy requirements.

In alignment with the Global Data Protection and Privacy Program policies, standards and requirements, this position focuses on a wide range of business operations activities, practices and standards to meet US and OUS privacy regulatory requirements such as HIPAA, PIPEDA, US Patriot Act, Breach Notification laws, EU 95/46, GDPR, regional and country specific laws throughout globe, ISO and other standards bodies and international standards.

The Data Protection and Privacy team operates as a high functioning team within a relatively flat team structure. Members of this team are innovative, highly flexible; enthusiastic collaborators; results orientated; independent; actively engaged; and able to influence without direct authority.

A Day in the Life

In collaboration with data protection and privacy leadership, the broader team, and the business, the Consultant closely aligns with multiple partner stakeholders and the global data protection professionals to design, execute, and execute standards and practices for effective data protection and privacy across Medtronic. Key responsibilities include:

  • Lead by example to model a culture of ethics and integrity; exercise sound judgment and courage as a trusted advisor to the business and to the team;

  • Provide data protection and privacy program and requirements subject matter expertise as key resource and point of contact to regional, business, partner functions, and other key stakeholders;

  • Conduct and evaluate privacy impact assessment (PIA) activities and/or business consulting for new product development, material changes to existing products, third party vendor privacy assessments and business consultation requests as required by the PIA standards and procedures. Analyze results of assessments to identify trends and patterns that can be used to improve review efficiencies, existing processes, and standards:

  • Lead or direct region or business level privacy assessments that results in program enhancement, mitigation and remediation activities as appropriate;

  • Lead or direct the development and implementation of regional or business unit corrective action for identified privacy incidents or breaches; provide routine remediation status reporting for management and governance oversight;

  • Collaborate with business resources and leadership and other key stakeholders to implement new legal and regulatory requirements relating to data protection and privacy impacting Medtronic businesses. Provide communication and guidance to regional and business leads personnel for implementation of identified requirements. Design and implement effectiveness testing for high risk implementation activities as appropriate;

  • Design, direct and execute data protection and privacy operational compliance monitoring activities in collaboration and coordination with the organization's security, compliance, audit, risk management and other related corporate functions as appropriate;

  • Develop and implement business level data protection and privacy policies, standards and procedures, as required. Ensure routine review and approvals thorough the Data Protection and Privacy Office as required;

  • Provide subject matter expertise for development and implementation of role based data protection and privacy training as required. Coordinate module review with the Data Protection and Privacy Office as necessary to confirm alignment of content and approach with the broader data protection and privacy training and awareness program;

  • Collaborate with the legal team to develop and provide business access to model data protection and privacy documents such as confidentiality notices, consents, authorization forms, contract language, business associate agreements and other related required documents; coordinate with DPP Program team for model document review, approval, maintenance and exception procedures for these types of privacy documents;

  • Collaborate with legal and the business privacy leads to design and implement standards and processes for business response to individual rights requests such as data access requests, accounting of disclosures, the right to inspect and copy, restrictions on disclosures, opt-in or opt-out requirements and other related individual rights;

  • Design and implement business unit privacy “Covered Entity”, “Business Associate” or similar privacy related contracting requirements;

  • Lead and execute data protection and privacy efforts for the due diligence and integration of acquisitions within the businesses;

  • Provide input and detail for budget planning, monitoring, and function metrics and reporting as requested;

  • Provide subject matter expertise for the Global Data Protection and Privacy Program in development and implementation of core privacy program elements as requested;

  • Other responsibilities as assigned.

Must Haves

  • 10+ years of privacy experience with a Bachelor’s Degree

  • 8+ years of privacy experience with a Master’s or Advanced degree

  • Knowledge of and experience supporting business understanding and compliance with US privacy laws

  • Experience supporting a data privacy, security or equivalent function directly or indirectly for a large, regulated and matrixed organization

  • Project/program management experience

  • Experience with business operations requirements implementation

  • Experience in supporting cross-functional teams

Your Answer

Is this the position you were waiting for? Then please apply directly via the apply button!

About Medtronic

Together, we can change healthcare worldwide. At Medtronic, we push the limits of what technology, therapies and services can do to help alleviate pain, restore health and extend life.

We challenge ourselves and each other to make tomorrow better than yesterday. It is what makes this an exciting and rewarding place to be.

We want to accelerate and advance our ability to create meaningful innovations - but we will only succeed with the right people on our team.

Let’s work together to address universal healthcare needs and improve patients’ lives.Help us shape the


Founded in 1949 as a medical repair company, we're now among the world's largest medical technology, services and solutions companies, employing more than 89,000 people worldwide, serving physicians, hospitals and patients in over 155 countries. With our European Operations Center for Distribution and Shared Services in Heerlen, the Bakken Research Center in Maastricht, our manufacturing facility in Kerkrade, and the Dutch sales office in Eindhoven, Medtronic Netherlands has more than 1,750 employees.

Whatever your specialty or ambitions, you can make a difference at Medtronic - both in the lives of others and your career. Join us in our commitment to take healthcare Further, Together.