MeiraGTx logo

Manager, Data Privacy

MeiraGTx
Full-time
On-site
London, United Kingdom
Data Science
Your mission

Purpose of Job


The Data Privacy Manager is responsible for the day‑to‑day management and continuous improvement of MeiraGTx’s global data privacy program across clinical trials and corporate operations. The role provides practical, risk‑based privacy guidance to business stakeholders and supports the Data Protection Officer and senior leadership in ensuring compliance with global data protection laws.
Job Description

Key Responsibilities


Privacy Program Management
  • Manage and operate MeiraGTx’s global data privacy program, ensuring policies, standards, and controls are implemented effectively across clinical and corporate functions.
  • Embed privacy by design and privacy by default principles into business processes, systems, and projects.
  • Support continuous improvement of privacy processes through monitoring, issue tracking, and remediation activities.
 
Advisory & Stakeholder Support
  • Act as the primary privacy point of contact for business stakeholders, providing pragmatic guidance on data protection risks and compliance obligations.
  • Partner closely with Legal, IT, Security, Clinical Operations, and HR to support compliant data processing activities.
  • Provide subject‑matter expertise on privacy considerations related to new initiatives, vendors, technologies, and systems.
 
Regulatory Compliance
  • Support compliance with applicable global data protection laws and regulations, including UK GDPR, EU GDPR, HIPAA, CCPA/CPRA, and other relevant regional requirements.
  • Assist the Data Protection Officer in maintaining regulatory readiness and responding to supervisory authority inquiries or audits.
  • Monitor regulatory developments and assess their impact on MeiraGTx’s operations
 
Risk Assessments & Documentation
  • Lead and coordinate Data Protection Impact Assessments (DPIAs) and privacy risk assessments for clinical trials, systems, and third‑party engagements.
  • Maintain Records of Processing Activities (RoPA) and other required privacy documentation.
  • Draft, review, and negotiate data protection provisions in commercial contracts and Clincial Trial Agreements.
  • Identify and implement relevant data transfer mechanisms with vendors, as appropriate.
  • Draft and agree Data Sharing Agreements as necccessary.
 
Data Subject Rights & Incident Management
  • Oversee the intake, assessment, and response to data subject rights requests in line with regulatory timelines.
  • Coordinate the management of data privacy incidents, including investigation, documentation, and remediation, in collaboration with Legal, IT, and Security teams. 
 
Training & Awareness
  • Develop and deliver privacy training and awareness initiatives tailored to different business functions.
  • Promote a culture of privacy awareness and accountability across the organization.

Key Performance Indicators

  • Effective operation and continuous improvement of the Data Privacy Program. 
  • Timely completion of DPIAs and regulatory deliverables. 
  • Compliance with applicable data protection laws and internal policies. 
  • Quality, reach and effectiveness of training, guidance, and stakeholder engagement. 
  • Timely and compliant handling of data subject requests and incidentsDescribe Expectations.

Key Job Competencies


Privacy & Risk Judgement: Applies regulatory requirements pragmatically to business scenarios.
Stakeholder influence: Builds trust and credibility across functions without direct authority.
Execution Focus: Manages multiple priorities and delivers high quality outputs in a regulated environment.
Communication: Explains complex privacy concepts clearly to non-specialists audiences. 
Professional and integrity: Demonstrates sound judgement, discretion and resilience. 


Experience and Qualifications

  • Bachelor’s degree in Law, Compliance, Information Security, Risk, or a related field (or equivalent experience). 
  • Typically 4–6 years’ experience in data privacy, compliance, legal, or risk management roles. 
  • Strong working knowledge of GDPR and experience supporting privacy compliance in a multijurisdictional, life‑sciences or regulated environment. 
  • Experience with clinical trials, healthcare data, or sensitive personal data is strongly preferred. 
  • Privacy certification (e.g., CIPP/E, CIPP/US, CIPM) is desirable but not mandatory.
About us

MeiraGTx is a clinical-stage gene therapy company focused on developing potentially curative treatments for patients living with serious diseases. We currently have six programs in clinical development including three ocular indications, a salivary gland condition, and a Parkinson’s disease program. Our initial focus on diseases of the eye, salivary gland and central nervous system is based on the significant unmet medical need coupled with the high potential gene therapy has to provide meaningful clinical benefit in these areas. With headquarters in New York and London, our global footprint provides us the opportunity to partner with leading institutions around the world, allowing us to deepen our understanding of diseases and their progression.

Our team was built with deep expertise in gene therapy development, allowing us to efficiently advance our programs from preclinical to clinical development. Our core capabilities in viral vector design and optimization and gene therapy manufacturing give us a differentiated approach to developing gene therapies. Additionally, we are developing proprietary technology to potentially enable innovative gene therapy treatments whose expression can be turned on and off with an easily administered small molecule. We believe temporal control of gene therapy products has the potential to transform the gene therapy landscape.

Our state-of-the-art manufacturing facility, completed in early 2018, was designed to meet global regulatory requirements, including the current good manufacturing practices (cGMP) required by the Medicines and Healthcare products Regulatory Agency (MHRA) in the UK and the U.S. Food and Drug Administration (FDA). The 29,000-square foot facility has the flexibility and capacity to produce sufficient product for all our clinical trials and will scale to commercial capacity.