Data Protection Manager – Legal Compliance
Germany
Full Time
6 days ago
$65,000 - $90,000 EUR
No Sponsorship
Key skills
CloudCommunication
About this role
Role Overview
- You are responsible for building, maintaining and further developing our Data Protection Management System (DPMS) in accordance with the GDPR, the German Federal Data Protection Act (BDSG) and other relevant requirements (e.g. Patient Data Protection Act (PDSG), SGB V, DiGAV).
- You manage records of processing activities (RoPA), data protection impact assessments (DPIAs) and evaluations of technical and organizational measures (TOMs).
- You ensure the lawful processing of health data in our medical practices and on our digital platforms.
- You develop, implement and monitor our Compliance Management System with a focus on the regulatory framework of the healthcare sector (e.g. MPDG/MDR, HWG, AMG, BÄO, professional codes, anti-corruption regulations in healthcare).
- You ensure sustainable integration of data protection and compliance into business processes — not as a paper exercise, but as day-to-day practice.
- You review, draft and negotiate contracts — in particular data processing agreements (DPAs), joint controller agreements, cooperation agreements, IT contracts and service provider contracts.
- You manage the data protection-related onboarding of our partners and service providers.
- You are the central point of contact for executive management, IT, medical teams, product and HR on all data
- and compliance-related questions.
- You provide advice on the introduction of new digital products and processes and work closely with our external Data Protection Officer and external law firms.
- You design and deliver target-group-appropriate training and awareness measures for our employees in practices, administration and digital teams.
- You establish a lived data protection and compliance culture.
- You identify data protection
- and compliance-relevant risks and derive appropriate measures.
- You support internal and external audits as well as regulatory inquiries and manage reporting and notifications in the event of data protection incidents.
Requirements
- University degree in Law (preferably with a focus on IT/data protection law or medical law), Business Law, Business Informatics with legal specialization, or comparable qualification
- Several years of professional experience in data protection and/or legal compliance — ideally in the healthcare sector, in a hospital/MVZ group, at a digital health provider or in a specialized law firm
- Solid knowledge of the GDPR, the BDSG and healthcare
- and medical-law regulations (e.g. SGB V, PDSG, DiGAV, MPDG/MDR, HWG, professional codes)
- Certification as a Data Protection Officer (e.g. TÜV / udis / GDD) or as a Compliance Officer is an advantage
- Experience in building and operating data protection and/or compliance management systems as well as in contract drafting (DPAs, IT contracts, cooperation agreements)
- Strong digital affinity and understanding of IT and platform architectures, cloud solutions and IT security standards (e.g. ISO 27001, BSI IT baseline protection)
- Independent and structured working style with strong analytical thinking, pragmatic solution orientation and the ability to explain complex issues clearly
- Strong communication and teamwork skills and confident presence in dealings with executive management, authorities and external partners
- German: fluent / business fluent (minimum C1) · English: conversational (minimum B2)
Tech Stack
- Cloud
Benefits
- 30 days vacation
- Company pension plan with 20% employer contribution
- Monthly voucher
- Corporate benefits with well-known brands
- Net salary optimization