Going, going, gone...

Looks like this career opportunity is no longer available. We may have filled the position or it was taken down for other reasons. We know this isn’t what you were hoping for but we have great new opportunities opening all the time.

Start a new search now!

Data Privacy Counsel

  • Financial and Legal Services
  • Hong Kong Special Administrative Region of China
  • Cathay Pacific

Reports to: Senior Data Privacy Counsel and Data Protection Officer

Department: Group Legal and Compliance

In this role, you will be part of a team which supports the Data Protection Officer of Cathay Pacific Group in ensuring compliance with the Hong Kong Personal Data (Privacy) Ordinance (PDPO), the EU General Data Protection Regulation (GDPR), and other relevant data protection laws and in implementing and managing compliance with Cathay Pacific Group’s data privacy policies. You will assist the DPO in ensuring compliance across all the countries in which the Cathay Pacific Group operates.

This is a great opportunity for a driven, motivated and hard-working individual to be part of a team with responsibility for a global data privacy compliance program and its implementation in practice. This role will give the successful candidate the opportunity to work in a fast-moving and cutting-edge field, within an exciting and multifaceted business.

The successful candidate will work out of Cathay Pacific’s offices in Hong Kong, and will work closely with a wide range of Cathay Pacific Group business units, including IT, Digital, and People.

Key Responsibilities

  • to support the DPO in monitoring compliance with GDPR, PDPO and other relevant data protection laws, including assignment of responsibilities, awareness-raising and assisting with the training of relevant staff, including those involved in processing operations;
  • to inform and advise the Cathay Pacific Group of its obligations and any risks under relevant data protection laws;
  • to develop, implement, manage and monitor internal policies and compliant processes for data protection, including with regards to collection, accuracy, retention, use, security, transparency, access and correction of personal data (including employee personal data);
  • to advise on data protection compliance audits and impact assessments, including advising on when they are required, what methodology to follow, outsourcing, safeguards, whether or not the data protection impact assessment has been correctly carried out, and whether its conclusions are in compliance with relevant data protection laws;
  • working closely with Digital and IT, to maintain and update Cathay Pacific Group’s register of processing operations which provides an overview of all personal data processing operations being carried out;
  • to coordinate, in relation to the above responsibilities and data protection generally, with other key teams within Cathay Pacific Group, including IT, People and Digital;
  • with the DPO, to act as liaison and contact point between the Cathay Pacific Group and relevant data protection authorities;
  • with the DPO, to act as contact point for data subjects with regard to all issues related to processing of their personal data and to the exercise of their rights;
  • to act as intermediary between relevant stakeholders (e.g. supervisory authorities, data subjects, and Cathay Pacific Group BUs);
  • with the DPO, to report and to work closely with senior management on important data protection compliance issues and risks to identify solutions and to express an opinion as to the best path forward to address such issues and problems that best meets the needs of the Cathay Pacific Group; and
  • with the DPO, to report at various Steering Committee meetings to keep senior management abreast of changes to data protection laws.


  • A good knowledge of Hong Kong and European data protection laws and practices, an in-depth understanding of the GDPR, and a good understanding of how these regimes relate to both customer and employee personal data.
  • a 5+ year PQE data protection lawyer with experience gained in a reputable law firm.  In-house experience in an organization that has substantial personal data operations is preferred.
  • Experience of promoting a data protection culture in a large organization, and dealing with issues relating to both customer and employee data, is an advantage.
  • High proficiency in office applications (including Word, PowerPoint, Excel and Sharepoint).
  • Fluent spoken and written English.  Good spoken and written Cantonese and Mandarin is an advantage.
  • Excellent communication and presentation skills and able to interact with Senior Management with polished interpersonal skills.
  • Able to work and solve problems independently with minimum supervision. High attention to detail, and able to see and understand the bigger picture.
  • Extremely well organized and good at planning and managing his/her time as well as others.
  • Ability to work flexibly and on multiple tasks.
  • Mature and has a high sense of responsibility and accountability for their work.
  • Able to work with minimal supervision and guidance.
  • Excellent team player and able to work with people at all levels across the organization.

Key Competencies

  • Setting Direction
  • Leading and Engaging Teams
  • Driving Business Performance and Change
  • Developing and Recognising Others

Application deadline: 25 September 2019

Cathay Pacific is an Equal Opportunities Employer. Personal data provided by job applicants will be used strictly in accordance with our personal data policy and for recruitment purposes only. Candidates not notified within eight weeks may consider their application unsuccessful. All related information will be kept in our file for up to 24 months. A copy of our Personal Information Collection Statement will be provided upon request by contacting our Data Protection Officer.