Summary

The DPO will act as the independent guardian of personal data privacy within Coins EU. They will monitor compliance, advise on data protection risks, liaise with supervisory authorities, and serve as the point of contact for data subjects.

Key Responsibilities

1. GDPR Compliance Oversight
2. Monitor internal compliance with GDPR and national data protection laws
3. Advise on data protection impact assessments (DPIAs), data transfers, and privacy-by-design practices
4. Ensure documentation of processing activities (RoPA) is up to date and accurate
5. Stakeholder Engagement
6. Serve as the primary point of contact for EU data protection supervisory authorities
7. Support the organization in handling user requests (access, erasure, portability, etc.)
8. Coordinate with Compliance, Legal, Product, Engineering, and Support teams
9.  Risk Management & Privacy Governance
10. Review vendor contracts and ensure GDPR-compliant data processing agreements are in place
11. Advise on lawful bases for processing, consent, and cross-border data transfers (e.g., AWS Japan hosting)
12. Monitor compliance with special category data (e.g., biometric data) processing
13.  Training & Awareness
14. Conduct internal training on data protection principles and GDPR responsibilities
15. Raise awareness among leadership and staff regarding privacy obligations and best practices

Required Qualifications

1. Based in the EU with the ability to liaise with EU supervisory authorities
2. Proven experience as a DPO or in a senior privacy or compliance role
3. Deep knowledge of the GDPR, EU data protection law, and data subject rights
4. Familiarity with privacy risks in digital finance, crypto exchanges, or fintech
5. Understanding of cross-border data transfers and third-party risk
6. Fluency in English (written and spoken); additional EU languages (i.e. Polish) is highly preferred
7. Strong communication and ethical leadership skills
9. Desirable Qualifications
10. Legal degree or CIPP/E, CIPM, or similar certification
11. Experience working with or for national data protection authorities
12. Understanding of anti-money laundering (AML) frameworks and their intersection with data retention
13.  Independence and Resources
14. In line with GDPR Article 38, the DPO will:
15. Operate independently and not receive instructions regarding the exercise of their tasks
16. Report to the highest management level of Coins EU
17. Be provided with adequate resources to fulfill their duties

Skills

• Analytical Thinking
• Compliance Knowledge
• Risk Analysis