please send CVs to

Stack

Apply

Upload your CV — we will connect you with the employer directly through our pool.

Description

please send CVs to [handle] JOB DESCRIPTION — DPO (Data Protection Officer) Type of Engagement: Offshore / Outsourced DPO Service Language - Fluent French mandatory ____________________________________ Client Context Client is a SaaS business co-piloting platform designed for French SMEs and small businesses. The platform aggregates and processes sensitive financial data, including accounting, invoicing, cash flow management, banking data via open banking (Powens), legal company identification data (SIREN/SIRET via Infogreffe), and accounting documents through a document management system (DMS). The application is hosted in Europe (Replit Autoscale) and integrates with several third-party service providers, including Stripe, Keycloak, B2BRouter, and Anthropic. Given the large-scale processing of personal and financial data, strict compliance with GDPR requirements is essential. ____________________________________ Main Mission Act as Customer’s outsourced Data Protection Officer (DPO), ensuring ongoing compliance with GDPR and all applicable regulations governing the protection of personal and financial data processed by the platform. ____________________________________ Key Responsibilities Compliance & Governance • Maintain and update the Record of Processing Activities (ROPA) • Conduct and maintain Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including: o Open banking o Invoice OCR processing o AI services (Anthropic/Claude) o Document management systems (DMS) • Draft and maintain privacy policies, Terms of Use, legal notices, and Data Processing Agreements (DPAs) with subcontractors • Manage GDPR data subject rights requests, including: o Access requests o Erasure requests o Data portability requests o Rectification requests Advisory & Support • Advise product and engineering teams on architectural decisions from a privacy-by-design and privacy-by-default perspective • Review and approve new features or integrations from a compliance standpoint (e.g., new banking connectors, AI-enabled features) • Deliver privacy awareness training and guidance to internal teams Incident Management • Lead the data breach notification process, including reporting to the French Data Protection Authority (CNIL) within the required 72-hour timeframe • Coordinate incident response activities with technical teams Regulatory & Vendor Relations • Serve as the designated point of contact with the CNIL • Manage privacy and compliance relationships with key service providers, including: o Stripe o Powens o Keycloak o Anthropic o Replit ____________________________________ Candidate Profile Education & Experience • Master&;s degree (or equivalent, Bac+5) in Law, Digital Law, Data Protection, or a related field • Minimum of 3 years of experience in data protection, ideally within a B2B SaaS or fintech environment • CIPP/E (IAPP) certification or CNIL-certified DPO qualification is highly desirable Technical Skills • Strong knowledge of GDPR and applicable French data protection legislation (French Data Protection Act – Loi Informatique et Libertés) • Familiarity with cloud environments (EU hosting), financial APIs (Open Banking, PSD2), and generative AI systems • Ability to understand and review technical architectures, including: o REST APIs o Webhooks o Object storage o SSO/Keycloak authentication • Knowledge of ISO 27001 principles is a plus Soft Skills • Excellent written French, particularly for drafting regulatory and compliance documentation • Strong attention to detail, autonomy, and ability to work in agile project environments alongside technical teams • Effective communication skills with both legal and non-legal stakeholders ____________________________________ ——— Контакт: [handle] Компания: Commit Сайт: [link] Почта: [email] Регион команды: Worldwide Регион работы: Worldwide #lookfor #needdev #x27

Employer contacts (email/phone/telegram) are hidden from the public preview — send your CV, and we will connect you directly.