Privacy Program Manager

As a Privacy Program Manager at New Relic, your key responsibilities include providing expert privacy advice to diverse teams, supporting data subject requests, and leading privacy training sessions. You'll also work on developing and refining privacy policies and assist in data privacy impact assessments for projects. Engaging with data protection authorities and addressing privacy incidents will be crucial parts of your daily tasks, ensuring compliance with regulations such as the GDPR.

Candidates for the Privacy Program Manager role at New Relic should have a minimum of three years of relevant experience in privacy, data protection, or security law. Deep knowledge of the General Data Protection Regulation (GDPR) is essential, as is strong communication skills for collaborating with business teams. While an IAPP certification, like CIPP/E, is desirable, what matters most is your ability to foster strong relationships and manage multiple projects in a high-energy environment.

At New Relic, the Privacy Program Manager plays a pivotal role in fostering a strong culture of privacy by providing guidance across various business areas. The role involves developing privacy training and awareness sessions that educate all employees about data protection principles, thereby ensuring that privacy becomes ingrained in the company's operations from the ground up.

New Relic prides itself on offering a flexible workforce model that includes fully remote, hybrid, or office-based arrangements. As a Privacy Program Manager, you will be part of a supportive team that values diversity and promotes an inclusive atmosphere. The fast-paced environment will keep you engaged and challenged, giving you the opportunity to make significant contributions to the company's privacy initiatives.

The recruitment process at New Relic involves verifying candidates' identity and eligibility to work while complying with applicable laws. New Relic considers all qualified applicants, including those with arrest and conviction records. A criminal background check is required given the sensitive nature of data management in this role. Throughout the process, inclusivity and diversity are top priorities, ensuring that all candidates are evaluated based on their qualifications.

When addressing compliance with GDPR, I focus on understanding the specific requirements and obligations set forth by the regulation. In previous roles, I developed privacy impact assessments and implemented frameworks to ensure that personal data is processed lawfully. I also conducted regular training sessions to educate employees about data protection practices, fostering a culture of privacy within the organization.

In my past roles, I have handled various data subject requests by first ensuring that we had proper verification of the requestor's identity. I then coordinated with different departments to gather the necessary data while adhering to our internal policies and legal guidelines. My goal was always to respond within the stipulated timeframe while keeping the individual informed throughout the process.

To communicate effectively with non-technical teams, I break down complex privacy concepts into relatable terms. I use real-life examples and case studies to illustrate potential privacy risks and their implications. Additionally, I focus on engaging discussions and interactive training sessions that allow team members to ask questions and share their concerns, fostering a collaborative approach to privacy awareness.

I actively subscribe to reputable sources of information, including privacy-focused newsletters, legal updates, and webinars from organizations such as the International Association of Privacy Professionals (IAPP). Networking with other privacy professionals also provides me with insights into best practices and regulatory changes, ensuring that I stay informed and can adapt our strategies accordingly.

Training is crucial in a successful privacy program because it empowers employees with the knowledge they need to protect personal data effectively. By educating staff on the importance of privacy and their specific responsibilities, organizations can cultivate a culture of accountability. Regular training sessions and updates ensure that everyone remains aware of their role in compliance efforts and the potential consequences of data breaches.

During my last position, we faced a potential data breach involving unauthorized access to user information. I immediately coordinated with the IT team to assess the situation and gather facts. Once we confirmed the breach, I led the incident response by notifying affected parties and collaborating with legal to ensure compliance with regulatory obligations. The experience underscored the importance of a clear incident response plan.

In fast-paced environments, prioritizing tasks effectively is key to managing multiple projects. I rely on a combination of deadlines, stakeholder impact, and overall project importance to guide my prioritization. Using project management tools also helps me stay organized and communicate deadlines clearly with my team, enabling us to work together efficiently without compromising on quality or compliance.

My approach to conducting privacy impact assessments involves identifying the data processing operations being carried out and assessing their risks to individuals' privacy. I collaborate closely with project teams to understand the project’s scope, goals, and data interactions. I then document the findings in a thorough report, offering recommendations to mitigate risks, and ensure compliance with privacy regulations.

Advocating for privacy within an organization requires a strategic approach. I actively engage with various business units to understand their needs and challenges concerning privacy. By providing tailored, clear guidance and demonstrating the benefits of robust privacy practices, I can effectively advocate for greater awareness and compliance, fostering a culture where privacy is prioritized by all employees.

One of the biggest challenges in privacy compliance is keeping up with the constantly evolving legal landscape. Regulations like GDPR continuously change, and it requires ongoing education and adaptation. Additionally, ensuring that all employees understand and implement privacy requirements poses challenges, as it requires regular training and communication to maintain a culture of compliance.