Agoda is one of the world’s leading online hotel and accommodation booking platforms.
Founded in Asia and part of Booking Holdings Inc., Agoda offers travelers a fast, easy way to book hundreds of thousands of properties in almost every country on earth. In every department – from legal to product – Agoda provides an environment rich with creativity, collaboration, and experimentation allowing you to thrive in and to grow both yourself and Agoda.
Based in our Bangkok office and reporting to Agoda’s Data Governance Officer – who also sits in Agoda’s Legal Department – you will be part of an experienced team responsible for growing Agoda’s privacy program and providing legal advice on predominantly data privacy matters but also with some scope to work on other legal matters.
We'll Trust You To:
- Grow, manage and facilitate Agoda’s privacy program including:
- Managing Agoda’s record of processing activities
- Facilitate a privacy education program and conduct in person training to employees and Agoda departments in conjunction with Agoda’s IT Security and Legal Compliance teams as necessary. Raise internal privacy awareness across Agoda.
- Contribute and provide comments on draft data privacy and cybersecurity laws
- Systematically monitor data privacy developments worldwide with a particular interest in APAC, EU and US
- Conduct self-audits on the privacy program as part of Group compliance requirements
- Carry out privacy impact assessments using in-house tools developed under GDPR including managing the vendor onboarding process for privacy and advising on/mitigating risk
- Updating internal and external privacy policies as required
- Provide legal advice on data privacy matters including:
- Under GDPR, the Singapore PDP Act and other privacy and cybersecurity laws globally
- Advise the business on consumer privacy issues
- Administer a privacy external facing inbox and resolving issues as required
- Advise on potential data incidents in compliance with the law and internal policies
- Facilitate Agoda’s policy on receiving law enforcement requests for personal data
- Advise and work on data sharing initiatives
- From a privacy perspective – vet, advise and provide practical recommendations on any relevant business initiatives across Marketing, Product etc which involve personal data
- Review, draft and amend data privacy and security clauses in contracts or preparing data processing agreements, as part of external contract review or internal templates and modifying data privacy template clauses as required with vendors and other business partners
- Frequently work with other members of the legal department, compliance and IT Security teams to streamline cross department coordination on privacy related matters
- Reviewing of third party privacy statements as required
- Provide legal advice on non-privacy related legal matters
- As required to support the legal department and business including in commercial, corporate and regulatory areas of law. May include contract review, negotiation etc
You'll need To Have:
- Degree in law, licensed to practice
- A data privacy qualification, CIPP or equivalent or at least willing to obtain one shortly after joining the company
- A strong passion for data privacy and facilitating a privacy program
- 2+ years of legal experience preferably at a law firm and in-house legal experience
- Good knowledge of data privacy and cybersecurity laws in APAC, EU and beyond
- Strong communication, presentation and negotiation skills and the ability to thrive in an open office environment. Presentation skills will be important for in person privacy training
- Strong contract drafting skills
We'd Love To See:
- Track record of delivering good results in data privacy
- An ability to translate complicated privacy and cybersecurity laws practically in business terms
- In-house experience or a client secondment
- Good experience in other non-privacy areas of law, specifically in commercial and regulatory matters.