Job title: Local Privacy Officer KSA & Gulf Countries

Location : Riyadh

% of travel expected: 5%

Job type: Permanent, full time.

About the job

Job purpose:

Your responsibility in this role will be to lead the implementation of Sanofi Privacy strategy within KSA and the Gulf markets. You will design and monitor the risk-based execution of the privacy strategy, actively monitor local privacy regulations/enforcements, ensure Privacy by design of our key business and digital initiatives.

In this role you will act as a leading officer and expert on Data Privacy, promote and maintain a culture of privacy in the workplace of Sanofi.  You will drive Privacy as a competitive advantage and a key success factor of our digital transformation & data democratization, allowing Sanofi to accelerate the use of personal data to generate deeper insights for our business.

This is a full-time role with approx. 5% travel required.

Key accountability:

Reporting to our Privacy Officer for Key Markets, you will be part of Key Markets Privacy Leadership team. This role will have accountability across KSA and all Gulf Markets with an initial priority on KSA as the statutory DPO.

You will

  • Appoint and manage a network of Privacy Champions in the relevant local departments (People and Culture, Commercial, Medical…)

  • Establish and chair the KSA privacy council, consisting of appointed Privacy Champions. Through this council, design, secure sponsorship of and deliver the action plan for Privacy;

  • Ensure privacy by design principles are effectively implemented within local business and digital initiatives, applying a risk-based and data subject centric approach. You own the records of processing activities (ROPA) and validate the Personal Data Protection Assessments (PDPAs)

  • Maintain a personal data register for the Kingdom of Saudi Arabia and other Gulf countries (where appropriate), and ensure relevant and proactive actions in order to comply with local privacy laws. These duties will require an effective privacy maturity of key stakeholders to meet privacy laws requirements, among which the security of personal data processing, the right understanding & wording of the purpose and the identification of the appropriate lawful basis.

  • Actively monitor local privacy regulations/enforcements, and implement local adaptations of global procedures when required, including embedding data privacy into systems, processes and services;

  • Contribute to internal position papers, represent Sanofi in industry advocacy efforts with Trade associations and Data Protection Regulators and ensure compliance of third party services providers with privacy requirements;

  • Report the status of the implementation of the privacy program to KSA and Gulf Countries leadership through established KPIs;

  • Partner with the Functional Privacy Officers in ensuring Global initiatives are compliant with local practices and regulations, escalating showstoppers and offering local resolutions;

  • Independently Review Data Protection Impact Assessments (DPIAs) for high-risk data processing activities and notify (where necessary) of data breaches;

  • Actively contribute to Sanofi Global Privacy Training strategy in ensuring Materials designed centrally are fit for purpose, review translations, and establish the relevant priority audience;

  • Organize ad hoc education sessions in line with local training needs;

  • Oversee Individual Rights Requests, ensuring Data subject rights are upheld in line with regulatory requirements and Sanofi’s commitments to privacy;

  • Coordinate the management, assessment, and resolution of local data breaches, ensuring timely notification to data subjects and Data Protection Authorities.

  • Oversee the effective closure of action plans originating from external and internal audits

Key Working Relationships


  • Direct local privacy champions with clear expected outcomes in line with the local action;

  • As the voice of privacy rights of employees, act with integrity and independence with regards to resolutions of potential conflicts;

  • Establish credibility and influence local senior stakeholders such as General management, Digital, HR, R&D, Commercial;

  • Confident in escalating project risks and issues to senior leaders individually and collectively,


  • As the voice of privacy rights of external Data Subjects (candidates, HealthCare Practitioners, consumers, patients), act with integrity and independence with regards to resolutions of potential conflicts;

  • As the main point of contact of local Data Protection Authorities, establish an active relationship in line with Sanofi commitments;

  • Represent Sanofi within local Privacy and trade associations;

About you

Master or bachelor’s degree (law or computer sciences is an advantage)

  • CIPP/E, CIPM or similar privacy qualification is mandatory

  • In-depth knowledge of privacy and data protection laws, with particular knowledge of the Saudi Personal Data Protection Law

  • Experience working in highly regulated environments, preferably in project and/or compliance management

  • Experience working in an international environment and proven leadership experience

  • Multi-stakeholder management based on influence rather than formal relationships

  • Excellent communication, negotiation, writing and advisory skills

  • Strong business acumen in Healthcare/Life science sector

  • Ability to balance legal/company requirements and business enablement using a Risk based approach

  • Willingness to travel