Data Privacy Manager


Beijing, CN

Job Family:  Legal
Country/Region:  China

Job Summary / Purpose

We are seeking a highly motivated Data Privacy Manager to join our APAC Coloplast Business Ethics & Data Privacy team to work on cutting edge data issues in the medical device/supply industry. This position will be based in Beijing and will provide subject matter expertise on a wide range of data and privacy matters. This role requires 5+ years of direct experience with a focus on complex data and privacy-related matters. You will also be a member of our Global Business Ethics & Compliance team, where you will work with compliance colleagues from around the world in designing and aligning our global and local privacy activities.

The Data Privacy Manager is responsible for the implementation and governance of an adequate Coloplast data protection compliance programme within the APAC region in close collaboration with the Group Data Privacy Officer and to ensure compliance with relevant legislation and industry best practice within the area of acquiring, storing, and using personal data. He/she identifies, assesses, and manages data protection-related risks within region APAC and advises the business proactively on prioritisation and mitigation. In the role, he/she independently initiates and leads Region APAC data protection projects – including the development of regional procedures and adequate data protection training programmes.


The Data Privacy Manager communicates externally with third parties (e.g. distributors/business partners/authorities) and internally on alignment with data privacy principles, and he/she prepares and presents reports and management information to local management and Group Business Ethics, Compliance and Data Privacy on the level of risk related to data protection as well as status and progress of data protection initiatives.


Essential Duties / Responsibilities

Ad 1: Strategic interaction with executive management and other senior leadership and external stakeholders

Continues, advises, and coordinates Coloplast’s data protection compliance framework in the APAC Region Ensure governance of an adequate Coloplast data protection compliance programme to ensure compliance with relevant legislation and industry best practice within the area of acquiring, storing and using personal data - Identify, assess and manage data protection related risks regionally and advise proactively on prioritisation and mitigation at corporate level.

Prepare reports and management information to local management and Group Business Ethics, Compliance and Data Privacy on the status, progress performance and level of risk related to data protection.

Contribute with input from own area of responsibility to the Corporate Business Ethics & Data Privacy function’s setting of strategy and action plans to support Coloplast’s agenda and strategic goals.

Participate in privacy committees in various applicable associations (e.g. AdvaMed China) and contribute to proposals for new data privacy regulation and legislation (including updates on Codes)


Ad 2: Strategic and tactical interaction with global organisation and with external parties.

Supports the Regional Compliance Officer and Global Data Protection Officer, respectively, in strengthening Coloplast’s compliance and global data protection efforts.

Designs, implements, and maintains an adequate incident response and data breach notification procedure as required and in line with Coloplast’s policies, standards, and procedures.

Monitors and communicates relevant regulatory developments in the region and manage communication with government bodies on data privacy issues.

Coordinates and provides guidance, assessments, training, and monitoring of the compliance and data protection control environments within the business units.

Coordinate internal and external data protection activities in cooperation with other Information governance stakeholders (Management, IT Security, Legal, QA and Risk Office.

Leads the design, creation, coordination, and implementation of regional procedures and training addressing privacy issues in APAC while serving on and supported by a global team.

Assists compliance and works with legal team members on advising senior leadership on data policy issues and in connection with compliance matters for data and privacy laws and regulations, specifically PIPL, but also other Chinese and regional data privacy laws as well as cross-border rules.

Conduct internal and external data privacy audits, reviews, impact and readiness assessments and develop or facilitate adequate mitigation plans for specific units in cooperation with country/site/regional/business/staff functions managers and the Senior Business Ethics Audit and Investigation Manager

Involvement on regional roll-out of new products and services to provide guidance regional regulatory requirements, go-to market guidance to ensure compliance with data privacy requirements.


Ad 3: Daily organisational interaction and responsibility for compliance and data protection matters.

Advise region APAC management teams, leaders and managers on data privacy issues and identify and innovate resilient, durable and business efficient data protection solutions and processes.

Serve as point of contact for external interaction related to data protection, incl. submission of registrations to applicable Data Protection agencies/authorities

Participate in investigations into complaints and breaches relating to personal data and undertake reporting/remedial action.

Handling and negotiating Data Processing Agreements and other data protection agreements/contract clauses with external parties.


Job Qualifications

A minimum of a Bachelor’s degree and a strong interest in business metrics and operations.

 Minimum of 5 years professional experience on data protection compliance with a legal, compliance, risk management, audit or consulting background (ideally with a few years having been in the role of a privacy officer).

Good knowledge of data protection requirements in APAC, with detailed knowledge of PIPL and breach notification requirements, and GDPR, including cross-border data transfer requirements.

Experience to advise on privacy and data security law and compliance efforts, including the organization and coordination of privacy assessments, corporate policies and processes.


In-depth knowledge of IT, web, and mobile ecosystems and their privacy and data use implications and risks.

 Ability to maintain strong working relationships with demanding internal and external clients.

 Strong analytical capabilities and judgment.

 Ability to make decisions and pivot quickly and fluidly, thinking practically and being solution oriented.

 A practical and proactive problem-solver who possesses strong business acumen and is confident, mature and calm.

 Excellent time management skills with the ability to prioritize and multitask and work under shifting deadlines in a fast-paced environment.

 Ability to work independently and in a team environment with both the local and global Compliance and Legal teams and the information security teams.



Excellent written and verbal communication skills, in both Chinese and English.

Skillful use of MS Office software, e.g. Outlook, Word, Excel, PowerPoint.

Preferred Qualifications

Prior corporate experience

A law degree or background in compliance, risk or audit.

Certified Information Privacy Professional (CIPP), such as CIPP/a, CIPP/e, CIPM, CIPT, CISP/ CISSP, EXIN-DPO, CDPSE or other relevant privacy related certifications.



Pursuing an ambitious growth agenda, Coloplast develops and markets products and services that make life easier for people with intimate healthcare needs. Employing about 14.000 people and with products available in more than 143 countries, we are one of the world´s leading medical device companies. We are constantly growing our business and always looking for new ways to move forward – we explore, learn and look for new ways of doing things.


Coloplast is committed to being an inclusive organization, where people bring their differences to work each day, fulfil their potential and have a strong sense of belonging because – and not despite – of their differences. We therefore encourage all qualified candidates to apply regardless of gender, age, race, nationality, ethnicity, sexual orientation, religious belief or physical ability.


Visit us on

Watch the film. Follow us on LinkedIn. Like us on Facebook.