Nora Reháková, MBA, LL.M., LL.M
Senior Data Protection Officer, Privacy & Data Protection Legal Expert, ISO/EIC 27001 Consultant
Prague
Summary
Nora Reháková is an independent Data Privacy, Data Protection and AI Ethics Advisor. Previously she was the EU Data Protection Officer at Organon, a global pharmaceutical company focused on women's health. As DPO, she was responsible for developing and maintaining Organon's Privacy Program in conformity with the GDPR, ePrivacy and other related regulations. Prior to joining Organon, she worked as a global DPO and Legal Advisor for Showmax, a SVOD company and direct competitor to Netflix. Before joining Showmax, she worked for MSD in Strategy and Planning. Currently she provides GDPR advisory services in multiple fields to broaden her experience in building privacy programs across sectors, such as in IT, pharmaceutical industry, 3D printer manufacturing or FMCG.
Overview
18
18
years of professional experience
6
6
years of post-secondary education
10
10
Certifications
Work History
Data Protection Instructor
Purpose and Means
5 2024 - Current
- Providing courses (CIPP E/US, CIPM, CIPT) as part of the Purpose and Means team, the Official IAPP Training Partner.
Privacy, Data Protection, AI Governance and AI Ethics Consultant
Privacy Choices
2024.01 - Current
- Providing project based consultancy services to clients from the fields of IT, Media and Entertainment, 3D Printer Manufacturers, and Life Sciences
- Main focus on privacy and data protection compliance, and automation in the areas of data subject rights and consent management.
Director, EU Data Protection Officer, Global Privacy Office
Organon
2021.11 - 2023.12
- Designated Data Protection Officer for the group of EU legal entities
- Point of contact with EU residents, supervisory authorities, and internal colleagues and stakeholders
- Advising and providing recommendations to Company stakeholders regarding GDPR and ePrivacy Directive compliance
- Fostering a data privacy and protection culture within the Company and help to implement essential elements of the GDPR, such as the principles of data processing, data subjects' rights, establish records of processing activities, support secure processing, and assessing data breach notification
- Advising on data protection impact assessment ("DPIA"), whether the conclusions of such DPIA are in compliance with GDPR, and on technical and organizational measures to mitigate risks identified by the DPIA
- Maintaining the record of processing operations
- Ensuring all queries from data subjects are addressed within legal timeframes
- Following up with changes in law and timely issue recommendations to ensure compliance
- Leading privacy compliance activities in markets in cooperation with local and functional Privacy Stewards.
Legal Advisor
Showmax Engineering
2019.07 - 2021.10
- Managing contractual agenda, including negotiation with vendors and legal documents drafting including SLAs and Partnership Agreements
- Ensuring compliance with local regulatory framework and EU laws and regulations to the extent applicable for the company
- Monitoring any changes in legislation, assessment of possible impact on company activities
- Providing full and quality day-to-day legal advice and support in all company operations including back office, product development and marketing campaigns
- Coordinating and managing all company issues related to legal compliance and privacy compliance together with other respective teams.
Data Protection Officer
Showmax
2018.03 - 2021.10
- Data Privacy work in technical internet/mobile product-driven environment in video entertainment industry
- Defining and fully implementing Showmax GDPR roadmap, partnering with relevant counterparts to ensure that strong privacy-by-design processes are built into our online video streaming services worldwide
- Responsible for overseeing European Data Protection, report directly to the Showmax General Counsel and Chief Technical Officer
- Serving as the primary public and internal interface on privacy for Showmax
- Work consisted of developing and implementing compliance strategies in close cooperation with Engineering and Legal teams
- Ensuring up to date data mapping (data inventory) and legitimate cross-border data transfers, third parties management (DPAs), coordination of notification efforts, review and validation of platform new releases before roll-out in the Europe and Africa regions, conducting data privacy impact assessments (DPIA), drafting of internal policies and guidelines, drafting and conducting data protection trainings to enhance data privacy friendly company culture, managing DSR requests.
Privacy and Data Protection Consultancy
Self Employed
2018.01 - 2021.10
- Providing project based consultancy services to clients from media, IT, 3D Printing, and FMCG fields.
Senior Strategy Outreach Business Analyst
MSD
2015.06 - 2017.09
- Responsible at MSD for submitting projects under the project calls published under HORIZON 2020 and IMI (Innovative Medicines Initiative) programs
- Responsible for strategic partnerships projects with United Nation Global Compact and LES (Licencing Executives Society)
- Co-chair of the internal company wide convention called MSD Innovation Summit
- Identifying and forming partnerships with external parties, including but not limited to the EU academic scene, SMEs and startups.
Board Member
Missing Children Czech Republic
2011.08 - 2017.06
- Establishing Czech branch of an international NGO called Missing Children Europe headquartered in Brussels
- Helping to find lost children, helping children and their parents in crisis situation, 24/7 emergency call center.
Head of Department
Realitní dům
2006.03 - 2008.10
- Real estate agency - management member
- Leading the team of 25 assistants, HR, estate advertisement and promotion, finding new partners, acquisitions&developer projects, project management, financial services (related to real estate field)
- Providing support for real estate brokers, preparing the legal documentation etc.
Education
Master's degree - Advanced Master in Privacy, Cybersecurity And Data Management
Maastricht University Faculty of Law
Maastricht, Netherlands 2021.05 - 2023.05
Master's degree - IP Law and Management
University of Strasbourg
Strasbourg, France 2016.01 - 2017.04
Master of Business Administration (MBA) - Management
CESMA Business School
Prague, Czech Republic 2010.01 - 2012.04
Certificate - IP Law
Center for International Intellectual Property Studies - CEIPI
2016.01 - 2016.04
Skills
Consulting/Monitoring/Auditing
Vendor Management
Contract Negotiation
Training, Policies and Procedures
Privacy Incidents/Data Breaches
Records of Processing Activities (ROPAs)
Team management
Strategic Management
Websites
Certification
IT and Information Security, Praha CODING School, 07/2024, PRESENT
Languages
Czech
Proficient
C2
English
Advanced
C1
German
Elementary
A2
Volunteer Experience
Missing Children Czech Republic, Deputy Director, AUGUST 2011, JUNE 2017
Projects
Missing Children Czech Republic, AUGUST 2011 IP Business Academy, JULY 2023
Timeline
Privacy, Data Protection, AI Governance and AI Ethics Consultant
Privacy Choices
2024.01 - Current
Director, EU Data Protection Officer, Global Privacy Office
Organon
2021.11 - 2023.12
Master's degree - Advanced Master in Privacy, Cybersecurity And Data Management
Maastricht University Faculty of Law
2021.05 - 2023.05
Legal Advisor
Showmax Engineering
2019.07 - 2021.10
Data Protection Officer
Showmax
2018.03 - 2021.10
Privacy and Data Protection Consultancy
Self Employed
2018.01 - 2021.10
Master's degree - IP Law and Management
University of Strasbourg
2016.01 - 2017.04
Certificate - IP Law
Center for International Intellectual Property Studies - CEIPI
2016.01 - 2016.04
Senior Strategy Outreach Business Analyst
MSD
2015.06 - 2017.09
Board Member
Missing Children Czech Republic
2011.08 - 2017.06
Master of Business Administration (MBA) - Management
CESMA Business School
2010.01 - 2012.04
Head of Department
Realitní dům
2006.03 - 2008.10
Data Protection Instructor
Purpose and Means
5 2024 - Current
IT and Information Security, Praha CODING School, 07/2024, PRESENT
ISO 27001 Lead Auditor, TAYLLOR & COX, 06/2024, 06/2027
Certified Information Privacy Professional - United States (CIPP/US), IAPP - International Association of Privacy Professionals, 05/2024, 05/2026
Privacy, Tech & AI Bootcamp, AI, Tech & Privacy Academy, 02/2024, PRESENT
Certified Information Privacy Technologist (CIPT), IAPP - International Association of Privacy Professionals, 08/2019, 08/2021
GDPR IT Security Lead Implementer, TAYLLOR & COX, 09/2018, PRESENT
Certified Privacy Professional CIPP/E, IAPP - International Association of Privacy Professionals, 03/2018, 03/2020
Certified Data Protection Officer, TAYLLOR & COX, 02/2018, PRESENT
Certified Information Privacy Manager (CIPM), IAPP - International Association of Privacy Professionals, 05/2021, 05/2023
IELTS Academic, British Council, 03/2021, 03/2023, C9BDK-AFU4D-FBGHL
Similar Profiles
Jake RickmanJake Rickman
Social Services Intern at Ohio Means JobsSocial Services Intern at Ohio Means Jobs
Thomas MeansThomas Means
Chief Executive Officer at Means Advisory GroupChief Executive Officer at Means Advisory Group
Jedidia ElliottJedidia Elliott
Student at Means SchoolStudent at Means School