Privacy by Design Partner Principal, Global Data & Privacy Center of Expertise, Medtronic, Fridley, Minnesota, USA

The Privacy by Design Principal Partner, Corporate COE (“Principal”) provides, in conjunction with the Principal Director and Principal OU Consultant, direct support to assigned business units or functions for the development of Medtronic products, services and solutions by providing Expertise in the field of information privacy at all stages of the development lifecycle, from initial concept to deployment and retirement. This seasoned professional actively engages with regional business unit and business unit staff and leadership to deliver appropriate strategic, transactional, and operational data and privacy work; provide bespoke privacy-by-design work and strategic advice in support of key UO functions or initiatives. The principal will help build privacy enhancement capabilities, including but not limited to technologies and vendors, consent management, anonymization and pseudonymization solutions. The Principal works closely with the Principal and peers in similar roles, as well as the Business Unit Legal Counsel to ensure strategic alignment on data and privacy.

Detailed job description:

In cooperation with the Senior Director and a colleague, this seasoned professional actively engages with regional and business unit staff and leaders to provide strategic privacy expertise, direct support and influence management for operational execution and compliance with US and OUS laws, regulations, regulations. and corporate data protection and privacy requirements. The consultant ensures appropriate triage of transactional and operational data and privacy work for privacy operations and regional data and privacy teams and provides strategic oversight and direction for tailored privacy work and advice from the design. The consultant provides support for the execution and implementation of PbD activities in the assigned operational units. The consultant works closely with a colleague in a similar role, as well as the business unit’s legal counsel to ensure strategic alignment on data and privacy.

The Data and Privacy COE team operates as a high-level team within a relatively flat team structure. The members of this team are innovative, very flexible; enthusiastic employees; results-oriented; independent; actively engaged; and able to influence without direct authority.

a day in the life

Responsibilities may include the following tasks and others may be assigned.

  • Responsibilities may include the following tasks and others may be assigned.
  • Lead by example to model a culture of ethics and integrity, exercise judgment and courage as a trusted advisor to assigned business units.
  • Dedicated “Face” privacy operations of the program for business units or assigned functions and point of contact/key access to the program.
  • Engage with business unit or functional stakeholders to provide tailored privacy-by-design advice and guidance for affected organizational units and ensure accountability for legal/regulatory compliance of data and confidentiality, as well as strategic advice.
  • As projects progress from the initial stage of development to release, advice may include Privacy Impact Assessment (PIA) activities and/or business advice for new product development , significant changes to existing products, third-party vendor privacy assessments, and business consultation requests, as required by the standards. and procedures.
  • Analyze assessment results for the assigned business unit to identify trends and patterns that can be used to improve examination efficiency, existing processes, and standards:
  • Provide subject matter expertise for the Global Data and Privacy COE in the development and implementation of key privacy program elements, as requested, with particular emphasis on developing privacy enhancement capabilities.
  • Lead by example to model a culture of ethics and integrity; exercise judgment and courage as a trusted advisor to assigned organizational units and the broader Medtronic enterprise.
  • Other assigned tasks.


  • Bachelor’s degree with 7+ years of privacy experience, OR 5+ years of privacy experience with an advanced degree.


  • Advanced degree.
  • Strong understanding of privacy principles and privacy operations.
  • Hands-on experience of best practices that span the product development lifecycle (from requirements definition to specification, design, development, quality assurance, implementation, integration, release and support of production).
  • Proven ability to strategically navigate complex privacy issues and identify tangible solutions.
  • Experience working on multiple privacy-focused projects, such as privacy-by-design, privacy-enhancing technologies, data policy management, privacy infrastructure, privacy usability, and/or privacy threat modeling.
  • Ability to learn different technologies and solutions created and/or used by Medtronic and will be able to advise on the specific privacy requirements associated with those technologies and solutions.
  • Experience with privacy impact assessments as well as privacy risk remediation efforts.
  • The ability to communicate (verbally and in writing) complex issues and concepts to a wide range of audiences, from developers and technical engineers to business partners and non-technical executives.
  • Knowledge and experience in understanding and complying with business privacy laws in the United States and outside of the United States.
  • Experience working with design teams including software, mobile apps, IT development and other technology.
  • Experience in the health sector.
  • Experience in directly or indirectly supporting a data privacy, security or equivalent function for a large regulated and matrix organization.
  • CIPP, CHPC or similar certification, or sufficient demonstrated experience and/or formal training in privacy and compliance.
  • Experience in project/program management.
  • Experience implementing business operations requirements.
  • Experience supporting cross-functional teams.
  • Direct or indirect experience with compliance or a similar function.
  • Experience in supporting change management projects.
  • Strong knowledge and experience in program and project management.
  • Experience working with global and/or matrix IT systems, services, operations or other related management environment.
  • Demonstrated skills in cross-functional team execution.
  • Experience in evaluating and defining system specifications, preferably in relation to compliance with data protection and privacy regulations.
  • Proven advocate of appropriate data management systems.
  • Demonstrated influence management skills, exceptional interpersonal and communication skills.
  • Demonstrated experience in building positive relationships with a variety of stakeholders including employees, customers, senior management, external parties/authorities and suppliers.
  • Demonstrated results orientation (adherence to deadlines, financial targets, project objectives, etc.).
  • Strong ability to work collaboratively and in partnership with employees, other leaders, customers and suppliers.
  • Demonstrated ability to work at multiple levels of an organization from VP to non-exempt staff.
  • Demonstrated ability to work in a matrix or virtual organization while achieving goals.
  • Demonstrated ability to manage multiple priorities simultaneously.
  • Demonstrated ability to use excellent decision-making skills.
  • Experience and demonstrated ability to present to a variety of audiences, including the ability to translate technical information.
  • Lean Sigma or Six-Sigma training/experience.
  • Experience in supplier management.
  • Familiarity with FDA and FTC regulations, HIPAA, PIPEDA, US Patriot Act, GDPR, breach notification laws, ISO and other standards bodies and international standards.


  • The physical demands outlined in the Responsibilities section of this job description are representative of those that must be met by an employee to successfully perform the essential functions of this job. Reasonable accommodations may be made to enable people with disabilities to perform essential functions. For Clerical Roles: In performing the duties of this job, the employee must regularly be independently mobile. The employee must also interact with a computer and communicate with peers and colleagues. Contact your manager or local human resources to understand the working conditions and physical demands that may be specific to each role. (ADA-United States of America).
  • Travel:


Together, we can change health care around the world. At Medtronic, we push the boundaries of what technology can do to help relieve pain, restore health and extend life. We challenge ourselves and each other to make tomorrow better than yesterday. This is what makes it an exciting and rewarding place.

Application submission information:

Please apply online Privacy by Design Partner Principal, Global Data & Privacy COE

Abdul J. Gaspar