Role Summary
Support the DPO and Data Protection Manager in ensuring operations across EMEA and other global entities comply with GDPR and relevant local data protection laws. This role is key to maintaining strong privacy standards, regulatory compliance, and ethical data handling.
Location & Working Pattern
* Office: Hertfordshire
* Schedule: 3 days per week in-office, 2 days remote
* Travel: Occasional international travel
What You’ll Do
* Privacy Assessments – Manage privacy assessments and maintain templates in OneTrust; act as main contact for reviews for DPIAs, AI Impact Assessments, LIAs, Vendor Assessments, and TIAs.
* Governance & Compliance – Maintain accurate records of processing activities (GDPR Article 30); assist with compliance reviews and identify improvement areas; monitor global privacy law developments and implement best practices.
* Training & Awareness – Design and deliver training sessions tailored to different teams to foster a strong privacy culture.
* Incident & Breach Management – Respond to data incidents, perform risk assessments, and escalate appropriately.
* Policy & Advisory – Keep privacy policies, SOPs, and templates updated with legal changes; provide practical guidance on privacy matters.
* Data Subject Requests – Ensure timely handling of access, deletion, and consent withdrawal requests.
* Collaboration – Contribute to team projects and process improvements to enhance compliance and operational effectiveness.
Experience Required
* Roughly 3–5 years in data protection and privacy compliance, including high-risk data processing.
* Experience with privacy platforms (OneTrust preferred).
* An understanding of AI regulations and governance (e.g., EU AI Act).
* Previous experience in a privacy role within regulated sectors. The Health or Sciences sector is preferred, but not a deal breaker.
* Familiarity with other global data protection laws beyond GDPR is a plus