Data Protection Officer for H&M Group

We are a family of brands — H&M, COS, Weekday, & Other Stories, H&M Home, ARKET, Afound – driven by our desire to make great design available to everyone in a sustainable way. Together we offer fashion, design, and services, that enable people to be inspired and to express their own personal style, making it easier to live in a more circular way.
We aim to be the best employer around, looking after and caring for all our colleagues. When you start a career with us, there's no limit to where it can take you. We will trust you with great responsibility from the start, encourage an entrepreneurial spirit and reward a passionate mindset. Welcome to a dynamic workplace where you contribute by being yourself.

Job Description
Would you like to be responsible for monitoring compliance with privacy legislation applicable to H&M Group, such as GDPR? If this sounds appealing, Data Protection Officer for H&M Group ought to be your next challenge.
As Data Protection Officer (DPO) for H&M Group your main responsibility is in one of the ten delivery areas owned by Corporate Governance: The Privacy Governance area.
The Corporate Governance team work seamlessly across all delivery areas. The DPO role will work and interact mainly with the delivery areas Internal audit, Internal control, Policy and Risk.
Based on your background, skills, and wish to learn new areas, you will be working in other areas as well: Governance network, Growth governance support, Listing governance, Governance analytics, and Internal processes.
You will both be the formal DPO for the legal entity "H & M Hennes & Mauritz GBC AB" where a the most significant privacy processing activities in H&M Group are made. In addition, you will be the overall DPO for H&M Group, giving guidance and support to formal DPO:s for the other legal entities.
The key stakeholder for you to work with is the Data Privacy Office which is part of Group Legal where strategic and operational work related to privacy is done.
You will monitor, audit and report on risk and compliance through:
Follow up and report on general compliance applicable data protection legislation as well as H&M Group Data Privacy Policy, Guidelines, and Instructions.
Report on privacy risks and compliance status to the company management and board.
Be consulted, review, and monitor the execution of the subset of internal controls which are related to personal data/privacy.
Audit personal data processing activities based on risk for the individuals.

You will cooperate with the Data Privacy Office regarding their Data Privacy Framework through:
Give input to and approve relevant Privacy Notices and Cookie Notices.
Give input to and approve standard templates for Data Processing Agreements.
Give input to and approve the division on internal controllership or processor within the H&M Group.
Give input to and approve the set routine for conducting Data Privacy Transfer Assessments and Data Privacy Impact Assessments.
Give input to and approve the process for fulfilling Data Subject Rights.
Give input to and approve training material published for a larger audience.

You will be consulted in Data Privacy Impact Assessments that the company is responsible for, and you will be participating and representing the data subjects in internal decision-making forums.
With respect to privacy breaches, you will be:
Consulted in information-related incidents and security investigations which may have a privacy aspect.
Review potential Data Breaches to determine what should be reported to the authorities and/or data subjects.

You will be the appointed contact for both authorities and data subjects for questions, complaints and audits related to data privacy.


We are looking for a self-motivated person with a can-do attitude and a curious mindset. You interact in a humble manner with the Group's best as your ultimate priority, embracing all our seven values in everything you do (see www.hmgroup.com/about-us/our-values); you are pragmatic and easily build and extend your network within the entire organisation. You are efficient, driven, and have exceptional integrity, and easily build trust. You are accurate, have a diplomatic, and structured approach as well as a straightforward way of communicating and can present and communicate findings to many recipients tailored to their different contexts. You are a true team player and thrive in a fast-paced environment.
To be successful in this role you have:
University law degree or proved several years of experience working with Privacy, Risk & Issue management
Minimum 3 years of experience in Privacy, Risk & Issue management.
Experience from Internal audit and/or Internal control and/or External audit
Fluent in English (both verbal and written)
Experience from cross-functional collaborations
Ability and efficiency, in creating condensed and visually appealing summaries and presentations of information assets.



In addition to matching, we value:
Experienced user of Office tools, especially Excel, and PowerPoint.
Experience from leading teams and individuals, including staff responsibility, in line with H&M Leadership Expectations and the H&M Values

We are a small team and frequently talk about ways to manage our workload and minimise stress to ensure that we have long-term endurance and have a good life/work balance.
Additional information
This is a full-time permanent contract, based at the head office in Marievik/Liljeholmen in Stockholm.
If you feel that your experience, skills and ambitions are right for this role, please send your resume in English
At H&M Group we strive to have a fair and inclusive recruitment process. Why kindly ask you to not attach cover letter in your application as they often contain information that can easily trigger unintentional biases.
We look forward to receiving your application!
H&M Group is committed to creating a Diverse & Inclusive environment and we are actively looking for qualified candidates irrespective of race, gender, gender identity, sexual orientation, ethnicity, religion, national origin, disability or age.