GDPR / EU Data Protection Specialist (CIPP/E) — Gap Analysis, DPA & RoPA for an AdTech SaaS
Worldwide
About the engagement We are an ad-fraud-detection SaaS company (AdTech) with offices in Tokyo (HQ), New York, and Lisbon (Portugal). Because of our EU establishment in Lisbon, we are directly subject to the GDPR. We process ad click/impression data, IP addresses, user agents, device identifiers (IDFA/GAID), and cookie data — some of which constitutes personal / pseudonymous data under the GDPR. We are looking for a freelance privacy specialist to run an initial GDPR & data-protection assessment (Phase 1), with a clear path to follow-on work. Phase 1 deliverables (initial scope) 1. Gap analysis — our current Privacy Policy & Terms of Service vs. GDPR (and Japan's APPI) requirements, prioritized. 2. Compliance checklist — need / current status for DPA, RoPA (GDPR Art. 30), DPIA, SCCs, cookie consent, and DSR (data subject request) handling. 3. Best-practice recommendations — the standard setup for a comparable SaaS / AdTech company. Required qualifications - CIPP/E (IAPP) certification, or a bar qualification in an EU member state1 - Demonstrated GDPR work in SaaS / AdTech / data-broker contexts - Experience drafting DPAs (Data Processing Agreements) - Experience preparing RoPAs (GDPR Art. 30) - ePrivacy / cookie-consent implementation experience (incl. CMP configuration) - Deliverables written in English Nice to have - Familiarity with the EU–Japan mutual adequacy decision Engagement & budget - This is a spot engagement. We are first gathering proposals to size the work — please share your fixed price and estimated effort for Phase 1 (as a rough guide we anticipate US$2,000–$8,000, or hourly US$150–$240/h, but we welcome your own assessment). - Phase 2 (PP/ToS redrafting, DPA templates, subprocessor list, cross-border transfer scheme, DSR workflows) to be decided after Phase 1. To apply, please answer the screening questions below. --- 1. Do you hold CIPP/E or an EU bar qualification? Please state which, and the issuing body. 2. Briefly describe one SaaS / AdTech GDPR engagement you led, focusing on DPA and/or RoPA work. 3. Can you provide a redacted sample of your work (DPA, RoPA, or gap-analysis report)? 4. What is your estimated effort and fixed price to deliver the three Phase 1 deliverables? 5. What is your availability, and what timezone are you in? Can you overlap with Japan business hours (JST)?
- Less than 30 hrs/weekHourly
- 3-6 monthsDuration
- IntermediateExperience Level
$150.00
-
$240.00
Hourly- Remote Job
- Ongoing projectProject Type
Skills and Expertise
Activity on this job
- Proposals:20 to 50
- Last viewed by client:6 days ago
- Interviewing:7
- Invites sent:4
- Unanswered invites:0
About the client
- JapanMinato-Ku8:19 PM
- $320K total spent117 hires, 17 active
- 7,829 hours
Explore similar jobs on Upwork
How it works
Create your free profileHighlight your skills and experience, show your portfolio, and set your ideal pay rate.
Work the way you wantApply for jobs, create easy-to-by projects, or access exclusive opportunities that come to you.
Get paid securelyFrom contract to payment, we help you work safely and get paid securely.
About Upwork
- 4.9/5(Average rating of clients by professionals)
- G2 2021#1 freelance platform
- 49,000+Signed contract every week
- $2.3BFreelancers earned on Upwork in 2020
Find the best freelance jobs
Growing your career is as easy as creating a free profile and finding work like this that fits your skills.
Trusted by