Lead Senior Legal Counsel (MENA) SAP

This role is based in Cairo, Egypt.

PURPOSE AND OBJECTIVES

When processing personal data as part of its business operations, SAP must comply with the requirements of the EU's General Data Protection Regulation (GDPR), Egypt's Data Protection Law No. 151 of 2020, UAE's Federal Decree-Law No. 45 of 2021, Saudi Arabia's PDPL (Personal Data Protection Law), and other applicable data protection and privacy laws in the countries where SAP operates.

To support the local SAP entities in meeting their data protection and privacy compliance obligations, SAP has established a global network of Data Protection and Privacy professionals. This network consists of local Data Protection Officers (DPOs) and Data Protection and Privacy Coordinators (DPPCs) that report to the management of the SAP entities by which they are hired and to SAP's global Data Protection & Privacy team, reporting to SAP's Group Data Protection Officer.

We are looking for an experienced Lead Senior Legal Counsel to serve as the local Data Protection Officer (DPO) for Egypt and as Data Protection and Privacy Coordinator (DPPC) for Arabian countries including the UAE and Saudi Arabia, responsible for leading data protection compliance strategy across the assigned country responsibility.

EXPECTATIONS AND TASKS

The role is responsible for ensuring SAP's compliance with Egypt's data protection regulations, GDPR, and data protection laws across assigned Arabian countries. This role involves collaborating closely with the global data protection and privacy team, local business units, senior management, and external regulatory authorities to manage data protection risks and drive data protection and privacy awareness across the organization.

Key Responsibilities:

Regulatory Compliance & Strategy:

• Ensure compliance with Egypt's Data Protection Law No. 151 of 2020, UAE Federal Decree-Law No. 45 of 2021, Saudi Arabia's Personal Data Protection Law, GDPR, and other relevant regulations.
• Develop and implement comprehensive data protection compliance strategy for Egypt and assigned Arabian countries.
• Monitor, interpret, and assess changes in data protection legislation, regulations, and industry standards across all assigned jurisdictions.
• Provide timely updates, guidance, and legal opinions on regulatory developments and best practices.
• Conduct regular gap analyses and support implementation of remediation measures.

Strategic Advice:

• Provide legal and compliance advice on data protection issues and conduct Data Protection Impact Assessments (DPIAs) for new projects, initiatives, and emerging technologies, including AI/ML applications.
• Represent SAP's Group Data Protection Officer within the assigned region and serve as principal point of contact for supervisory authorities.
• Lead the development, implementation, and maintenance of regional data protection and privacy policies, standards, and procedures aligned with global requirements.
• Assist local Chief Finance Officers in fulfilling their GDPR and local data protection responsibilities and dedicated legal entity processes.

Compliance Monitoring, Risk Management:

• Establish and monitor compliance with data protection policies, procedures, and regulatory requirements across all assigned entities.
• Manage data breach response protocols and support incident investigations, including supervisory authority notifications and data subject communications.
• Support resolution of supervisory authority requests, escalations, and regulatory inquiries.

Awareness, Training & Organizational Development:

• Conduct targeted data protection and privacy training programs for various organizational levels, including C-suite, management, and operational teams.
• Develop and maintain data protection awareness materials and communications.
• Champion a data protection culture across all business units and ensure employees understand their roles and responsibilities.
• Strengthen and expand SAP's global data protection community within the assigned region.

Regional Coordination & Harmonization:

• Harmonize data protection documentation, processes, and compliance approaches across Egypt and assigned Arabian countries in alignment with global DPP standards.
• Coordinate data protection initiatives and ensure consistency in implementation across multiple jurisdictions.
• Build and maintain collaborative relationships with local and regional stakeholders, including government authorities, industry partners, and external legal counsel.

EDUCATION AND QUALIFICATIONS / SKILLS AND COMPETENCIES

Required skills

• University degree in Law with specialization in data protection, privacy, or information technology law
• Minimum 10 years of professional experience as a Data Protection Officer, Chief Privacy Officer, or in a senior legal/compliance role focused on data protection
• Thorough knowledge and practical experience with GDPR and other global data protection regulations
• Demonstrated expertise in Egypt's Data Protection Law No. 151 of 2020 and/or UAE/Saudi Arabian data protection frameworks
• Professional experience in managing cross-jurisdictional compliance initiatives
• Strong project management capabilities with ability to lead complex, multi-stakeholder initiatives
• Exceptional written and oral presentation skills with ability to communicate complex legal and technical concepts to non-specialist audiences
• Strong communication skills at all organizational levels, including C-suite executives
• Ability to build and maintain relationships with internal and external stakeholders, including regulatory authorities