As a Chief Ethics & Compliance Officer, I have built a career centered on leading compliance and privacy programs in the automotive, pharmaceutical, and consumer sectors. With both a strategic and practical approach, I have implemented programs across 25 countries and over 120 organizations. My experience includes key leadership roles at MSD and Schering-Plough, where I developed unique expertise in managing ethics on a global scale. I hold degrees in Law and Business Administration, an MBA, and certifications in compliance and privacy. Currently, I serve on the Board of Directors of ASCOM, committed to fostering a culture of integrity in business.
As CECO, I have led the implementation of an integrated compliance management system across 25 countries and over 120 organizations globally at Antolin.
I served as Director of Compliance and Business Practices since 2006, strengthening corporate integrity and transparency.
Bachelor’s Degree in Law and Business Administration, MBA, Master’s Degree in Compliance, and European certifications in compliance and privacy.
I contribute to the development of the compliance culture in Spain as a board member at ASCOM.
I have participated in numerous conferences and round tables, sharing knowledge on compliance and privacy.
Regional Director of Compliance and Privacy at MSD, managing ethical policies and practices in the pharmaceutical sector.
Over the past seven years, I have led a comprehensive transformation project that laid the groundwork for a robust compliance culture within a multinational organization. I initiated the development from scratch, creating a Global Compliance Division that evolved from an immature structure into a solid, certified system, incorporating UNE 19601, ISO 37001, and ISO 37301. This established an internationally recognized foundation for ethical management.
Additionally, I implemented a hybrid governance model where centralized structures were effectively integrated with regional and local networks through a Compliance Committee and Regional Guardians. This approach enabled decentralized risk management, empowering local managers and directors to make informed decisions about specific risks, thereby enhancing operational accountability.
To standardize risk management, I introduced an automated model through SAP GRC, which allowed for the monitoring and analysis of over 4,000 risks worldwide. This tool provided us with detailed heat maps and dashboards, significantly improving our response capabilities to emerging threats.
The whistleblowing channel was also a key element in the transformation. I centralized and strengthened it with a new protocol (CIVR), increasing efficiency and transparency in handling various types of reports, including anonymous and external ones.
As the Data Protection Officer (DPO), I designed a global privacy management system aligned with GDPR. I implemented Binding Corporate Rules (BCR) and developed a global channel for managing data breaches, ensuring privacy by design in all our operations.
Finally, I launched a compliance education program that reached over 30,000 employees worldwide, featuring both in-person training and e-learnings, complemented by an extensive awareness campaign with over 240 pieces of content. This effort not only increased awareness but also consolidated an organizational culture based on integrity.
Comprehensive advice and support in the implementation and optimization of compliance systems, aligned with international regulations and the specific needs of each company, ensuring an ethical and safe environment.
Development of privacy programs compliant with GDPR, BCR, and other regulations, focused on protecting personal data and building trust with clients and employees.
Training programs for employees and executives, with awareness materials designed to promote understanding and knowledge of compliance, privacy, and ethical best practices in the business environment.
Risk assessments and compliance system audits, identifying areas for improvement and developing strategies to mitigate legal and regulatory vulnerabilities.
Creation and review of codes of conduct, policies, and procedures tailored to the specifics of the industry, corporate culture, and applicable regulations in each organization to ensure their effectiveness.
Advisory services to incorporate compliance practices into the company’s operational and business processes, ensuring that regulations are naturally and efficiently adhered to in daily activities.
I am a professional passionate about protecting organizations and individuals from potential contingencies. With over 30 years of experience in compliance, privacy, and global risk management, I have led global programs that ensure sustainability and regulatory compliance. My pragmatic and effective approach has allowed me to launch projects from scratch, always with the firm conviction that success in compliance is achieved when everyone takes responsibility, under the principle that ‘WE ARE ALL COMPLIANCE’.
Since its inception, ethics, integrity, honesty, and full compliance with all applicable laws have guided Grupo Antolin's commitment…
Read more
The analysis of the first hundred days of the Compliance Officer was the subject of a presentation by an expert like José Manuel Garcelán at the IECOM virtual seminar…
Read more
Personal information is as valuable, if not more valuable, than tangible objects. We must treat data as a precious material and secure it with that mindset…
Read more
2024 © José Manuel Garcelán - Aviso Legal - Política de Cookies - Política de Privacidad