29 Privacy Officer jobs in the United Kingdom

Compliance - Data Privacy Compliance Officer - APAC
Location
London
Business Area
Legal, Compliance, and Risk
Ref #
10044689
**Description & Requirements**
Bloomberg's Legal & Compliance Department plays a critical role in supporting our businesses and operations around the world. We move quickly and thoughtfully to help address a variety of complex legal issues that arise across the Company's various businesses. Our team is made up of talented and hardworking professionals who think creatively and work collaboratively in an open environment to deliver results, drive innovation, and solve difficult problems. Diversity and inclusion are essential to our success, and we strive to maintain an environment where our employees are empowered to make an impact. We also recognise the value of diversity and inclusion in cultivating a supportive workplace and the importance of giving back to our communities as evidenced by our award-winning pro bono program.
The Data Privacy Compliance team within Bloomberg's Legal & Compliance Department works closely with the Data Privacy Legal team, business and engineering stakeholders to ensure compliance with current/developing privacy rules and regulations, implement global training and communication programs and monitor privacy risk across the business. The Data Privacy Compliance team also leads privacy product reviews and Data Privacy Impact Assessments, manages responses to data subject rights requests, drafts internal policies and coordinates regional privacy-related regulatory filings.
**What's the role?**
Based in our London Office, this will be a phenomenal opportunity to work as a Privacy Compliance expert. Your focus will be on data privacy matters - including GDPR, UK. privacy laws, and other global privacy requirements - ensuring Bloomberg meets its legal, regulatory, and reputational responsibility. You will cover Bloomberg's diverse businesses, including our Media, Financial Products, and Data businesses, as well as support our internal teams including Engineering and HR. You are ultimately responsible for protecting the personal data of our users, clients, employees and other third parties.
**We'll trust you to:**
+ Provide data privacy compliance advice to the business and support functions to ensure compliance with data privacy regulatory and Company requirements and standards
+ Advise and support our Data Privacy Officer(s)
+ Be actively involved in product development and product review, including developing data privacy compliance mechanisms for new products and services
+ Respond to third-party questionnaires and inquiries
+ Assist to implement and maintain the Company's Global Data Privacy Compliance Program, including policies and procedures
+ Prepare and delivery data privacy training addressing employee needs and compliance requirements as well as enhancing employee awareness and knowledge of data privacy requirements and sensitivities
+ Implement appropriate data privacy compliance controls and tools, including working with compliance technology support and other internal functions to make improvements and address any gaps identified
**You'll need to have:**
+ 5-7 years* of data privacy legal and/or compliance experience at a law firm, in-house and/or in the government
+ *Please note we use years of experience as a guide, but we certainly will consider applications from all candidates who are able to demonstrate the skills necessary for the role
+ Ability to work independently and effectively manage and prioritise multiple projects simultaneously
+ A passion and ability to advise and influence senior business people on data privacy matters
+ Subject matter expertise in data privacy laws, rules, regulations, and industry standards
+ Experience in drafting policies, procedures and manuals as well as preparing reports for internal management and responses to regulatory and data subject inquiries
+ Experience responding to regulator and customer inquiries
+ Ability to collaborate effectively with security and risk professionals, engineers, software developers, product development, Human Resources, and other teams
+ Strong communication and belief in privacy as a key business differentiator and core value
+ Excellent presentation and negotiation skills and the ability to thrive in an open office environment and as part of a fast-paced team
+ Attention to detail and excellent organisational skills
**We'd love to see:**
+ Experience working with regulated financial institutions, software and other technology companies
+ Experience in APAC Data Privacy
+ A real passion for being part of a global in-house team and contributing to team knowledge
+ Track record of operating successfully
+ In-house experience or a client secondment
+ Law degree preferred, but not required
**Does this sound like you?**
Apply if you think we're a good match. We'll get in touch to let you know what the next steps are.
Bloomberg is an equal opportunity employer and we value diversity at our company. We do not discriminate on the basis of age, ancestry, color, gender identity or expression, genetic predisposition or carrier status, marital status, national or ethnic origin, race, religion or belief, sex, sexual orientation, sexual and other reproductive health decisions, parental or caring status, physical or mental disability, pregnancy or parental leave, protected veteran status, status as a victim of domestic violence, or any other classification protected by applicable law.
Bloomberg is a disability inclusive employer. Please let us know if you require any reasonable adjustments to be made for the recruitment process. If you would prefer to discuss this confidentially, please email

**Job Description :**
The primary responsibility of the **Technology Data Privacy Legal Counsel** is, in conjunction with the Senior Data Privacy Director and other members of the Data Privacy team, to help Diageo leverage data as a strategic and commercial asset. This role provides strategic guidance on new technologies; advising business users and key partners within Digital & Technology.
The Technology Data Privacy Legal Counsel will have deep working knowledge of fast-developing technologies in the context of data privacy, as well as an ability to deliver commercially-minded advice on the implementation of new technologies within Diageo's ecosystem. The successful person will operate at a strategic and operational level, requiring an ability for pro-active strategic thinking to identify creative solutions to challenges and high levels of credibility to deliver complex messages in a nuanced, clear and persuasive manner. They will use their legal understanding to ensure the business is well advised of the options open to it: explaining legal concepts in plain English; adapting advice to the specific audience; working autonomously and taking initiative.
They will need good interpersonal and influencing skills; being flexible in their approach to supporting different priorities and be confident to support with presentations and training sessions on data privacy and protection implications of new technologies / potential data uses, to diverse audiences. They will partner with market representatives from legal, Data & Technology teams, Global Data Privacy & Operations, to ensure that consumer data privacy standards are implemented effectively globally.
The successful candidate will work as part of the Data Privacy team, establishing and maintaining the following capabilities:
**Support the establishment and maintenance of a fit-for-purpose data privacy capability within Diageo Digital & Technology team and the global privacy function.**
The Technology Data Privacy Counsel will work with others to ensure appropriate policies, frameworks, processes and procedures are in place globally regarding the collection, use, storage and management of data within Diageo's Digital & Technology teams. This will include working with the Senior Data Privacy Director towards the right organisation and capabilities to:
(i) enable Diageo's digital transformation;
(ii) ensure compliance with relevant laws, regulations, guidance and best-practice;
(iii) establish a global approach to building data savvy capability within and throughout Diageo, including training and assessment (as needed); and
(iv) further building data privacy capabilities to shape and align with Diageo's commercial, brand and digital transformation agenda, and to ensure Diageo has a fit-for-purpose data compliance environment globally.
**Shaping the future**
The Technology Data Privacy Legal Counsel will be results-driven to assist in ongoing development of the following within the Digital & Technology function: (i) data management to facilitate compliant and secure collection and processing of data; (ii) the normalisation of data usage and data sharing; and (iii) making informed decisions on how to improve future business outcomes. The role will also include working to ensure that Diageo has a strong reputation amongst key stakeholders (e.g., employees, customers, consumers and regulators) for being responsible custodians of data.
**Effective Cost Management**
Ensure delivery of cost-effective legal support in context of business objectives and current risk environment; responsible for end-to-end legal spend and seek to eliminate unnecessary costs by optimising use of internal and external legal resources.
**Key Responsibilities:**
+ Advise on legal and reputational matters within Digital & Technology.
+ Work closely with the data team on key data projects, ensuring the legal advice reflects the specific technologies and how they work.
+ Deliver training on new and / or developing technologies in the context of data privacy, across various business units.
+ Conduct horizon scanning for regulatory updates and policy shifts, especially in relation to data privacy, data governance and developing technologies (including AI/ML and PET); communicating this legal research to a range of senior partners.
+ Draft and advise on complex data protection-related documentation, including documentation relating to data transfers and privacy impact assessments for technology use-cases.
+ Engaging in the drafting, negotiating and reviewing of DPAs and / or DP clauses in key strategic technology-related contracts.
+ Lead complex privacy reviews and negotiations in the technology space, as they relate to data. Liaise with multiple business functions as appropriate.
The successful candidate will have the unique opportunity to shape their role within this function. You will have the benefit of working across multiple interesting and innovative projects and in a supportive and collaborative working environment.
**Experience:**
+ Qualified Lawyer in an EU member-state or the UK, or deep and wide-ranging experience in global technology data privacy matters.
+ Ability to assess new technologies comfortably.
+ Significant experience advising on, and understanding of, data privacy and protection in the context of new and developing technologies, including in relation to AI/ML, PET and the ability to understand differences between specific technological implementations.
+ Significant experience in big data, data lakes and data governance in big data programmes.
+ Demonstrable interest in understanding how technology works to deliver highly effective data privacy advice.
+ 5+ years of legal practice in data privacy, gained in-house, or in a law firm.
+ In-depth knowledge of global protection and privacy laws and best practices within a technology context.
+ Successful management of partners at all levels, resulting in strong and positive outcomes.
+ The ability to deal well with ambiguity, complexity and working within a fast-paced, entrepreneurial and matrixed environment.
+ Deep personal accountability for great performance.
**Working with Us**
Flexibility is key to success. From part-time and compressed hours to different locations our people work flexibly in ways to suit them. Talk to us about what flexibility means to you and we'll work together so that you're supported from day one.
We recognise and value performance, offering our people a highly competitive Rewards and Benefits package.
Our purpose is to celebrate life, every day, everywhere. And creating an inclusive culture, where everyone feels valued and that they can belong, is a crucial part of this.
We embrace diversity in the broadest possible sense. This means that you'll be welcomed and celebrated for who you are just by being you. You'll be part of and help build and champion an inclusive culture that celebrates people of different gender, ethnicity, ability, age, sexual orientation, social class, educational backgrounds, experiences and more.
Our ambition is to create the best performing, most trusted and respected consumer products companies in the world. Join us and help transform our business as we take our brands to the next level and build new ones as part of shaping the next generation of celebrations for consumers around the world!
Feel inspired? Then this may be the opportunity for you!
_If you require a reasonable adjustment, please ensure that you capture this information when you submit your application._
**Worker Type :**
Regular
**Primary Location:**
1HQ
**Additional Locations :**
Amsterdam
**Job Posting Start Date :**
2024-07-15
With over 200 brands sold in more than 180 countries, we're the world's leading premium drinks company. Every day, over 30,000 talented people come together at Diageo to create the magic behind our much-loved brands. From iconic names to innovative newcomers - the brands we're building are rooted in culture and local communities. Our ambition is to be one of the best performing, most trusted and most respected consumer products companies in the world.
Our founders, such as Arthur Guinness, John Walker, and Charles Tanqueray, were visionary entrepreneurs whose brilliant minds helped shape the alcohol industry. And through our people, their legacy lives on. Join us, and you'll collaborate with talented people from all corners of the world. Together, you'll innovate and push boundaries, shaping a more inclusive and sustainable future that we can all be proud of.
With diversity at our core, we celebrate our people's unique passions, commitments and specialist skills. Because when varied voices, mindsets, and personalities come together, great ideas are born. In our supportive culture, your voice will be heard and you'll be empowered to be you. Just bring your ambition, curiosity and ideas, and we'll celebrate your work and help you reach your fullest potential.
**DRINKiQ**
What's your DRINKiQ? Take our quiz to understand how alcohol is made and explore the effects of drinking. You can discover everything you need to know at DRINKiQ (

The Data Privacy Senior Analyst is responsible for providing governance and oversight, risk management and controls leadership across the enterprise for all activities associated with Privacy. This individual will have responsibility for covering privacy related capabilities and requirements including: compliance with the Citi Global Privacy Policy, identification and management of operational risks associated with Privacy and working across the enterprise to ensure that effective controls and monitoring are in place to reduce risk. This role will ensure that the business is compliant with the Global Privacy Policy, Standards, and Procedures and the applicable laws rules, and regulatory requirements.
**Responsibilities:**
+ Support the enterprise privacy governance framework activities for the 1LOD (First Line of Defense) Businesses and Functions
+ Assess, evaluate, and validate controls through processes and tools such as the MCA and KRIs as appropriate for data privacy risk
+ Monitor key privacy risk indicators
+ Support the preparation and facilitation of enterprise privacy oversight forums
+ Perform trend analysis on metrics and Issues to identify emerging risks
+ Support the implementation of global, regional and local Data Privacy, regulatory and risk and control projects
+ Support periodic reviews of data privacy processes and controls and validate changes as a result of such reviews
+ Track and review deviations and risk acceptances when raised and at the time of renewal to assess the need for deviations and ascertain that the business has implemented and documented effective compensating controls
+ Follow Escalation Policy and procedures to ensure effective escalation and socialization of material risk events and issues across businesses for any Data Privacy related items
+ Escalate material risk events and issues appropriately
+ Assist in creation of Issues/CAPs related to Data Privacy as needed. Track and escalate as necessary
+ Data Privacy audit support - support the IMPaCT team on request responses
**Qualifications:**
+ Demonstrates Data Privacy, Data Privacy Operations, Information Security or Cyber related risk management or minimum two years in an Internal Audit, Risk Management, or Control Management related role
+ Working knowledge of Data Privacy Compliance laws, rules, regulations, risks, and appropriate controls. Additionally, familiarity with privacy related technology considerations such as cookies, mobile devices, biometrics and geolocation data is desired
+ Strong project management skills
+ Optimizes work processes by knowing the most effective and efficient processes to get things done, with a focus on continuous improvement
+ Ability to anticipate and balance the needs of multiple stakeholders, while monitoring tight deadlines or unexpected requirement changes
+ Ability to communicate effectively
+ Risk-based thinking and analytical mindset
+ Ability to build rapport and work closely with stakeholders
+ Up-to-date understanding of key Data Privacy risk and control concepts, tools and trends
+ Proficient in the use of basic Microsoft applications (Word, Excel, PowerPoint)
---
**Job Family Group:**
Controls Governance & Oversight
---
**Job Family:**
Assessment & Design
---
**Time Type:**
Full time
---
**Most Relevant Skills**
Analytical Thinking, Business Insights, Communication, Constructive Debate, Controls Lifecycle, Issue Management, Process Design, Program Management, Risk Management, Stakeholder Management.
---
**Other Relevant Skills**
For complementary skills, please see above and/or contact the recruiter.
---
_Citi is an equal opportunity employer, and qualified candidates will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, status as a protected veteran, or any other characteristic protected by law._
_If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review_ _Accessibility at Citi ( _._
_View Citi's_ _EEO Policy Statement ( _and the_ _Know Your Rights ( _poster._
Citi is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

**Are you looking for a career move that will put you at the heart of a global financial institution?**
By Joining Citi, you will become part of a global organisation whose mission is to serve as a trusted partner to our clients by responsibly providing financial services that enable growth and economic progress.
**The role:**
Serves as a Privacy and Responsible Information Management Compliance risk officer for Independent Compliance Risk Management (ICRM) responsible for establishing internal strategies, policies, procedures, processes, and programs to prevent violations of law, rule, or regulation and design and deliver a risk management framework that maintains risk levels within the firm's risk appetite and protect the franchise. In addition, engages with the broader ICRM teams, in order to partner to develop and apply CRM program solutions that meet business and customer needs in a manner consistent with the Citi program framework.
**Responsibilities:**
+ Assisting with the design, development, delivery and maintenance of best-in-class Privacy and Records Management Compliance programs, policies and practices for ICRM.
+ Regularly reviewing and updating privacy and records management policies aligned with relevant data protection laws (e.g., GDPR) to determine impacts to the business.
+ Providing support to ICRM regarding privacy and records management matters.
+ Assist with relevant compliance risk assessments.
+ Preparing reports to disseminate pertinent information to ICRM partners and lines of business to oversee privacy and records management risks.
+ Leveraging data to conduct monitoring to identify potential privacy and records management risks and non-compliance issues and taking appropriate action.
+ Providing credible challenge of existing control environment across businesses and functions aligned with relevant privacy and records laws.
+ Identifying data sources, collating data, and developing and/or enhancing current reporting metrics to demonstrate the oversight of compliance and risks aligned to relevant privacy and records laws.
+ Monitoring adherence to Citi's Compliance Risk Policies and measuring compliance risk through a robust control framework and ensuring that reviews are conducted consistently across each entity on a regular basis to confirm that controls identified are operating effectively.
+ Performing analyses of comparative data, preparing and presenting regional and global reports related to compliance risk assessments, and monitoring of compliance related issues.
+ Partnering, collaborating and working with other areas within Citi, as necessary.
+ Keeping abreast of regulatory changes, new regulations and internal policy changes in order to further identify new key risk areas.
+ Additional duties as assigned.
**Qualifications:**
+ Substantial relevant experience
+ Compliance, risk, privacy or records experience is an advantage
+ Expertise of Privacy and Data Compliance risks and typologies
+ Good understanding of data privacy and records laws and regulations including GDPR et al
+ Strong analytical skills to assess privacy and records risks and to develop mitigation strategies
+ Advanced Microsoft Office skills, including Excel, PowerPoint, and Word
+ Knowledge of banking products and services etc.
+ Must be a self-starter, flexible, innovative and adaptive
+ Highly motivated, strong attention to detail, team oriented, organized
+ Strong presentation skills with the ability to articulate complex problems and solutions through concise and clear messaging
+ Ability to work collaboratively with regional and global partners in other functional units; ability to navigate a complex organization;
**What we can offer you:**
We work hard to have a positive financial and social impact on the communities we serve. In turn, we put our employees first and provide the best-in-class benefits they need to be well, live well and save well.
By joining Citi Belfast, you will not only be part of a business casual workplace with a hybrid working model (up to 2 days working at home per week), but also receive a competitive base salary (which is annually reviewed), and enjoy a whole host of additional benefits such as:
+ Generous holiday allowance starting at 27 days plus bank holidays; increasing with tenure
+ A discretional annual performance related bonus
+ Private medical insurance packages to suit your personal circumstances
+ Employee Assistance Program
+ Pension Plan
+ Paid Parental Leave
+ Special discounts for employees, family, and friends
+ Access to an array of learning and development resources
Alongside these benefits Citi is committed to ensuring our workplace is where everyone feels comfortable coming to work as their whole self every day. We want the best talent around the world to be energized to join us, motivated to stay, and empowered to thrive.
**Sounds like Citi has everything you need? Then apply to discover the true extent of your capabilities.**
---
**Job Family Group:**
Compliance
---
**Job Family:**
Compliance Risk Management
---
**Time Type:**
Full time
---
Citi is an equal opportunity and affirmative action employer.
Qualified applicants will receive consideration without regard to their race, color, religion, sex, sexual orientation, gender identity, national origin, disability, or status as a protected veteran.
Citigroup Inc. and its subsidiaries ("Citi") invite all qualified interested applicants to apply for career opportunities. If you are a person with a disability and need a reasonable accommodation to use our search tools and/or apply for a career opportunity review **Accessibility at Citi ( .
View the "EEO is the Law ( " poster. View the EEO is the Law Supplement ( .
View the EEO Policy Statement ( .
View the Pay Transparency Posting ( is an equal opportunity and affirmative action employer.
Minority/Female/Veteran/Individuals with Disabilities/Sexual Orientation/Gender Identity.

About our team
RX Global aims to create unforgettable experiences for attendees and exhibitors through organising events. Innovation, creativity, and collaboration drive the company to offer exceptional services to clients.
About the role
The Head of Privacy and Data Protection supports the Chief Privacy Officer in developing and maintaining the Privacy Centre of Excellence. This global role ensures alignment between privacy compliance and business objectives across Europe, the Middle East and Africa, Asia-Pacific, and the Americas.
Key responsibilities include providing leadership to a team of privacy subject matter experts (SMEs), managing the Global Rights Centre, overseeing both the Privacy Risk and Governance Programme and the Privacy Awareness and Training Programme, reviewing privacy assessments and notices, and ensuring that privacy processes and operations are effective, compliant, and thoroughly documented.
The position requires strong commercial awareness and involves close collaboration with senior leaders including the Chief Financial Officer, Chief Technology Officer, Chief Operating Officer, Chief Information Security Officer, legal counsel, and business unit risk owners.
Responsibilities
+ Collaborate with the RX Chief Privacy Officer to maintain the global privacy strategy and programme aligned with legal and commercial needs.
+ Conduct final reviews of Data Protection Impact Assessments and ensure consistent application of safeguards across global operations.
+ Deliver timely, well-researched privacy advice and training to support business decisions and compliance with global laws and internal policies.
+ Lead the RX Privacy Risk and Governance Programme to ensure effective privacy risk management and accountability.
+ Mentor and train privacy subject matter experts to deliver accurate, practical, and timely guidance to the business.
+ Ensure efficient handling of rights requests through the Global Rights Centre and identify trends or issues for escalation and resolution.
+ Lead the design and delivery of the RX Privacy Training and Awareness Programme, ensuring engaging, accessible training and guidance to build a strong culture of privacy awareness.
+ Maintain and regularly update privacy assessment tools and compliance packs with clear, inclusive guidance.
Requirements
+ Extensive working knowledge and real-world experience in data protection and privacy law in a commercial, data led environment (ideally of a FTSE 500 / S&P company).
+ Proven ability to embed a culture of privacy and data protection in a commercial business.
+ Experience in designing and implementing privacy programmes, privacy risk and governance programmes, and privacy training and awareness programmes.
+ Experience applying privacy principles in marketing, sales, e-commerce, and digital platforms.
+ Strong skills in interpreting privacy legislation and translating it into practical business solutions.
+ Recognised privacy certifications (e.g. CIPP or equivalent) are highly valued as is a degree in law, information technology, business administration, or a related field.
+ A visible advocate for the business, demonstrating exceptional communication, collaboration, and stakeholder engagement skills, coupled with a proactive 'can-do' attitude and an enthusiasm that motivates and inspires others.
+ Strong organisational and time management skills with the ability to multi-task and / or pivot to meet tight deadlines depending upon legislative risk and commercial need.
+ Excels in working in a global team, with a willingness to accept and share knowledge, including undertaking additional training as required.
+ Fluency in English is required, along with a secondary language in either French, German, Japanese, Mandarin, Portuguese or Spanish.
+ Flexibility and willingness to travel globally if needed.
Work in a way that works for you
We promote a healthy work/life balance across the organisation. We offer an appealing working prospect for our people. With numerous wellbeing initiatives, shared parental leave, study assistance and sabbaticals, we will help you meet your immediate responsibilities and your long-term goals.
Working for you
Working flexible hours - flexing the times when you work in the day to help you fit everything in and work when you are the most productive
About the Business
RX is a global leader in events and exhibitions, leveraging industry expertise, data, and technology to build businesses for individuals, communities, and organisations. With a presence in 25 countries across 41 industry sectors, RX hosts approximately 350 events annually. RX is committed to creating an inclusive work environment for all our people. RX empowers businesses to thrive by leveraging data-driven insights and digital solutions. RX is part of RELX, a global provider of information-based analytics and decision tools for professional and business customers. For more information, visit are committed to providing a fair and accessible hiring process. If you have a disability or other need that requires accommodation or adjustment, please let us know by completing our Applicant Request Support Form or please contact 1- .
Criminals may pose as recruiters asking for money or personal information. We never request money or banking details from job applicants. Learn more about spotting and avoiding scams here .
Please read our Candidate Privacy Policy .
We are an equal opportunity employer: qualified applicants are considered for and treated during employment without regard to race, color, creed, religion, sex, national origin, citizenship status, disability status, protected veteran status, age, marital status, sexual orientation, gender identity, genetic information, or any other characteristic protected by law.
USA Job Seekers:
EEO Know Your Rights .
RELX is a global provider of information-based analytics and decision tools for professional and business customers, enabling them to make better decisions, get better results and be more productive.
Our purpose is to benefit society by developing products that help researchers advance scientific knowledge; doctors and nurses improve the lives of patients; lawyers promote the rule of law and achieve justice and fair results for their clients; businesses and governments prevent fraud; consumers access financial services and get fair prices on insurance; and customers learn about markets and complete transactions.
Our purpose guides our actions beyond the products that we develop. It defines us as a company. Every day across RELX our employees are inspired to undertake initiatives that make unique contributions to society and the communities in which we operate.

Dentons is designed to be different. We are driven to always be the firm of the future, to challenge the status quo, and to provide holistic business solutions to our clients in new and innovative ways. We are the lightbulb moments. The bold ideas. We are the world's largest global law firm, with 12,000+ people across 80+ countries. Driven by the diverse perspectives of our people, our clients, and our communities, we combine local knowledge with global insight.

We are looking for a Global Privacy and Data Protection Specialist to join our global privacy team.  This role reports to the Global Senior Data Protection Specialist and is ideal for a professional with hands-on experience in privacy operations, stakeholder support and emerging technologies.  While the role involves a high degree of autonomy, it operates under the guidance of senior privacy leadership to ensure alignment with global strategy and escalation of complex matters as needed.  The successful candidate will support a broad range of global compliance activities across all regions, collaborating with cross-functional teams to embed privacy-by-design into projects, manage data subject rights and incidents, and optimize the use of privacy tools like OneTrust.

Key Responsibilities

Privacy Operations & Governance

• Support the evolution of the global privacy program, including all relevant monitoring activities, in alignment with GDPR and other international data protection frameworks.
• Conduct and advise on DPIAs, vendor risk assessments, and manage Records of Processing Activities (RoPAs).
• Draft, review, maintain and harmonise privacy documentation, including internal procedures, notices, guidance, and training materials.
• Maintain and oversee the privacy risk register, coordinating with stakeholders the implementation of mitigation plans.

Privacy Advisory & Business Support

• Respond to day-to-day privacy queries and provide practical, risk-based privacy advice to internal teams (e.g., marketing, HR, IT, procurement) ensuring timely, accurate and business-relevant advice.
• Support client-facing teams with privacy-related contract terms reviews (e.g. DPAs, SCCs), other privacy questions and due diligence.
• Manage routine and moderately complex privacy queries independently, escalating high-risk or novel issues to senior privacy leadership as appropriate.

Privacy Tech & OneTrust (OT)

• Act as a central contact for OT: oversee implementation, ongoing management, reporting and quality control.
• Define and review workflows and processes, perform audits to identify and correct data gaps, errors or discrepancies (e.g. vendor names, documents, data processing details etc.).
• Develop and maintain user guidelines, manage access permissions, add vendors, processing activities, entities etc, and train users on OT functionality and best practices, including assessments, RoPAs, vendor risk, and incident tracking.
• Collaborate with InfoSec/IT teams to align privacy tech workflows with security controls within OT.  

Incident Management

• Support the coordination, investigation and documentation of privacy incidents and breaches.
• Conduct root cause analyses, facilitate stakeholder engagement, and support regulatory reporting.
• Maintain and enhance the incident and breach logs; track metrics to support internal and regulatory reporting and continuous improvement.

Data Subject Rights & Compliance Requests

• Act as the initial point of intake for data subject access and rights requests received centrally; route requests to appropriate owners, track completion, and maintain oversight of the process to ensure compliance.
• Support development and automation of Data Subject Rights’ workflows.
• Manage DSARs and related rights requests in compliance with global privacy laws. Coordinate with Regions, IT, Legal, and other business stakeholders to gather data and prepare responses for globally owned requests, ensuring proper documentation.
• Maintain the data subject request log and ensure timely, accurate response in line with regulatory requirements.

Global Collaboration

• Collaborate with privacy professionals and stakeholders across global regions to align practices, share insights, and support cross-border compliance efforts.
• Support global training, awareness, and onboarding activities as needed.

Innovation & Emerging Technologies

• Collaborate with relevant teams to ensure privacy-by-design in the development and deployment of AI, analytics, and other emerging technologies.
• Contribute to risk assessments for AI and other innovative tech use cases, data sharing, and automation tools.

Analytics, KPIs & Reporting

• Define and maintain key privacy management information (PMI) dashboards and reporting tools, tracking key metrics such as number of DSARs, incident volumes and trends, DPIAs initiated and completed, vendor reviews etc.
• Generate and maintain regular privacy dashboards and team reports, providing quarterly insights on performance, trends, and compliance health.
• Support regulatory audits and internal reporting with accurate metrics and documentation.

Training & Awareness

• Coordinate and deliver privacy training and awareness initiatives across the Firm, ensuring global relevance and compliance with local regulations.
• Develop, update, and manage training materials tailored for different roles and risk levels (e.g., onboarding, IT, marketing, procurement) observing localization requirements as applicable.
• Monitor completion of mandatory privacy training and track participation metrics across regions.
• Assess training needs by engaging stakeholders, reviewing incidents/metrics, and staying current on regulatory requirements and organizational changes.
• Support the onboarding and upskilling of new privacy team members, especially in relation to internal tools and systems (e.g., OneTrust).
• Maintain documentation of training and awareness schedules, records, and compliance reporting.

Requirements

Experience & Knowledge

• 3–5 years in privacy and data protection that can be evidenced through work experience, preferably in a global law firm or other global or regulated environment.
• Strong understanding of the GDPR and other data protection laws, able to balance compliance with business enablement.  Knowledge of global privacy frameworks or exposure to them preferable.
• Hands-on experience with OneTrust or equivalent privacy management platforms/tools.
• Proven experience in the provision of privacy advice, guidance, data protection compliance processes, including vendor assessments, incident management, DPIAs, and cross-functional privacy support.
• Exposure to privacy issues related to AI, data analytics, or other emerging technologies is a strong advantage.
• Privacy certification (e.g. CIPP/E, CIPM, or other IAPP, GDPR or DPA 2018) preferred.

Skills & Attributes

• Ability to deliver practical, pragmatic and creative privacy solutions.
• Strong analytical skills and experience using metrics to drive improvement.
• Excellent communication and stakeholder skills, both written and verbal, with an ability to explain complex privacy and data protection issues to lay audiences, to negotiate and to influence others.
• Comfortable working with cross-functional teams across legal, tech, security, fee earners and operations, able to interact positively at all levels and a good team player.
• High attention to detail, methodical approach to work with a strong focus on accuracy.
• Proactive, well-organised and resilient under pressure.
• Self-motivated and committed to continuous learning and development.

Desirable Competencies

• Experience supporting or leading ISO 27001/27701 alignment efforts.
• Understanding of AI ethics and data governance frameworks.
• Experient in privacy audit support and l compliance monitoring.
• Familiarity with programme or project management in a compliance or legal setting.

Benefits

Remuneration and benefits package will reflect the successful candidates experience and country where hired.

Data Trust Privacy Operations - Project Management
Job ID
226994
Posted
16-Jul-2025
Service line
Corporate Segment
Role type
Full-time
Areas of Interest
Legal
Location(s)
London - England - United Kingdom of Great Britain and Northern Ireland, Madrid - Madrid, Comunidad de - Spain
**Data Trust Privacy Operations - Senior Consultant**
**Location: UK or EMEA**
**About the role**
As a CBRE Compliance Senior Consultant, you will support the operational execution of our global privacy program. This role will focus on supporting privacy-related projects and programs, tracking compliance controls, and generating reports to ensure transparency and accountability across the organization. This role may also support the management of data subject requests (DSRs), creation and maintenance of privacy program documentation, and assistance with communications efforts related to privacy awareness.
This job is part of the Legal Compliance job function. This function is responsible for overseeing regulatory compliance that balances business and compliance solutions to inform the company of options and risks. This role reports to CBRE's Data Trust Director.
**What you will be doing:**
+ Support the operational execution of the global privacy program.
+ Manage and support privacy-related projects and programs.
+ Research best practices to conduct complex risk evaluations and track compliance controls related to privacy compliance.
+ Develop standard risk metrics and monitoring techniques.
+ Liaise and communicate with internal and external groups about various risks and opportunities.
+ Schedule and lead privacy risk and control management meetings.
+ Perform key control testing.
+ Coordinate and execute risk awareness training for employees.
+ Apply advanced knowledge to seek and develop new, better methods for accomplishing both individual and department objectives.
+ Contribute to the development and design of new products, processes, standards, and/or operational plans in support of achieving functional goals.
+ Communicate difficult and complex ideas with the ability to influence others to act.
+ Provide guidance and support to more junior team members, through collaborative problem-solving and knowledge sharing and assisting in coordinating and overseeing tasks.
+ Lead by example and model behaviors that are consistent with CBRE RISE values.
**What you will need:**
+ Bachelor's Degree or equivalent preferred.
+ Strong program and project management skills, with a practical understanding of program and project management tools and methodologies.
+ Ability to interpret complex Data Trust Privacy requirements and translate them into actionable operational controls
+ Experience in supporting Data Trust Privacy-related projects and initiatives from planning to execution.
+ Ability to track project progress, identify dependencies, and contribute to timely delivery.
+ Practical experience in implementing and maintaining Data Trust Privacy frameworks.
+ Strong understanding of data governance concepts, including data classification, data lifecycle management, data quality, and data stewardship.
+ Ability to connect Data Trust Privacy requirements with broader data governance strategies.
+ Demonstrated ability to support the operational execution of a global Data Trust Privacy program.
+ Experience in tracking, monitoring, and reporting on Data Trust Privacy controls and metrics.
+ Ability to contribute to the continuous improvement of privacy processes.
+ Experience in analyzing, organizing, and communicating complex work and ideas.
+ Enthusiasm for building and strengthening relationships at all levels across the organization.
+ An innovative mindset around developing and implementing new ways of working and solving unique problems that go beyond existing solutions.
+ In-depth knowledge of Microsoft Office products with advanced PowerPoint skills.
+ Tech curious. Fluent in using current and new digital tools?while being curious to explore emerging ones that will drive efficiency and effectiveness.
+ Expert organizational skills with an advanced inquisitive mindset.
**Working at CBRE**
When you join CBRE you will have the support and resources of a global firm where an entrepreneurial mind-set is encouraged. You'll realize your potential with challenging work, fast-paced assignments, an environment of constant learning and commitment to results. To enable your success, we provide the best tools, training and leaders in the industry.
Our collaborative culture is built on our RISE values and reflects the needs and perspectives of our clients and our people. Our work is guided by our North Star: Creating the real estate solutions of tomorrow, so businesses and people thrive. This informs everything we do-from diversity, equity, and inclusion to sustainability initiatives to workplace safety and wellbeing.
At CBRE, we believe that the more perspectives we have, the more dimensions we see. We welcome people with different backgrounds and experiences across industries to apply for open positions even if you do not match every element of the required skills. To discover more about what it's like to work at CBRE, visit Life at CBRE
**About CBRE**
CBRE Group, Inc. (NYSE:CBRE), a Fortune 500 and S&P 500 company headquartered in Dallas, is the world's largest commercial real estate services and investment firm (based on 2024 revenue). The company has more than 140,000 employees (including Turner & Townsend employees) serving clients in more than 100 countries. CBRE serves a diverse range of clients with an integrated suite of services, including facilities, transaction and project management; property management; investment management; appraisal and valuation; property leasing; strategic consulting; property sales; mortgage services and development services. Please visit our website at Opportunities**
We are an equal opportunities employer and do not discriminate on the grounds of gender, sexual orientation, marital or civil partner status, pregnancy or maternity, gender reassignment, race, colour, nationality, ethnic or national origin, religion or belief, disability or age. For information about accommodations we can make during the recruitment process, please visit: CBRE, we are committed to fostering a culture where everyone feels they belong. We value diverse perspectives and experiences, and we welcome all applications.
CBRE, Inc. is an Equal Opportunity and Affirmative Action Employer (Women/Minorities/Persons with Disabilities/US Veterans)

Thera Trust  has an exciting opportunity available for a Data Protection Officer  to join our team based in Grantham.  You will join us on a permanent basis , with full-time and part-time hours available . In return, you will receive a competitive salary of £38,414.20 per annum.

Information:  We operate flexi time and flexible working with occasional travel to Grantham and other Thera locations

Join Thera Trust as our Data Protection Officer

Are you passionate about data privacy and compliance? Do you want to make a meaningful impact in a values-driven organisation that supports people with a learning disability to lead fulfilling lives? Thera Trust is seeking a dedicated and knowledgeable Data Protection Officer to lead our data protection strategy and ensure compliance across the organisation.

Thera is a charitable group of 13 companies which support people with a learning disability with a diverse range of needs.

Thera Trust is the parent of Thera Group and provides central services from its office in Grantham. This enables the companies to focus on delivering high quality support locally.

About the Role

As our Data Protection Officer, you will play a pivotal role in ensuring Thera complies with all relevant data protection laws and regulations including GDPR.

You will lead the development and implementation of information security and data protection policies, provide expert guidance and training to staff across the organisation, conduct supportive audits, and support incident management.

Key Responsibilities

• Ensure compliance with data protection laws and internal policies.
li>Develop and implement data protection policies and procedures.
• Generate and deliver training and guidance to staff on data protection matters.
• Foster a culture of privacy and data responsibility across the organisation.

What We are Looking For

• A degree in a relevant field and a recognised data protection certification.
• In-depth knowledge of GDPR and data security practices.
• Strong communication and analytical skills.
• Proven experience in data protection, compliance, and risk management.

If you have a passion for making a difference to people’s lives, consider a career with Thera Group .

We reserve the right to close this advert before the closing deadline if we interview and offer the right candidate. We are an equal opportunities employer.

This role is exempt from the Rehabilitation of Offenders act 1974. For the purpose of this act, you must declare any convictions or cautions that you have received, including these that would otherwise be spent. This role is subject to a relevant DBS check should you be offered the position.

Thera follows government guidance around vaccines and believe they are an effective way so support everyones safety. We would encourage you to take part in any vaccination programme recommended if you are working in Social Care.

If you have previously transferred over on TUPE terms and conditions, please contact your manager or HR to see how this may affect your terms and conditions

Data Protection Practitioner

We are seeking a skilled and experienced Data Protection Practitioner to join our Information Governance & Access Unit on a 3-month temporary contract. This role is ideal for a professional with a strong background in data protection within a County Council setting, particularly in managing complex Subject Access Requests (SARs) involving social care, adult social care, and special educational needs (SEN) records.

• Location: Stevenage (Remote working with occasional travel)
• Contract Type: Temporary (Full-Time)
• Contract Length: 01 August 2025- 30 November 2025
• Hours: 37 hours per week (Mon-Fri, 09:00-17:00)
• Pay Rate: 19.20 per hour
• DBS Requirement: Yes - Standard Level

Key Responsibilities:

• Process and respond to complex SARs in line with UK GDPR and the Data Protection Act 2018.
• Review, redact, and prepare sensitive records for disclosure, ensuring compliance with legal and ethical standards.
• Collaborate with internal departments to gather and verify relevant information.
• Provide expert advice on data protection matters, especially in relation to social care and education records.
• Maintain accurate records of SAR processing and ensure timely responses.
• Support the Information Governance team with other data protection tasks as required.

Essential Criteria:

• Demonstrable experience working within a County Council or similar local authority.
• Strong understanding of data protection legislation and its application in public sector settings.
• Proven ability to manage and respond to complex SARs.
• Familiarity with handling social care, adult social care, and SEN records.
• Excellent attention to detail and redaction skills.
• Strong communication and stakeholder engagement abilities.
• Ability to work independently in a remote setting.
• A Standard DBS check is required.

Desirable:

• Relevant data protection qualifications (e.g., CIPP/E, BCS Data Protection Practitioner Certificate).
• Experience with local authority case management systems.

If you have the right experience, apply today!

Please be aware this advert will remain open until the vacancy has been filled. Interviews will take place throughout this period, therefore we encourage you to apply early to avoid disappointment.

Tate is acting as an Employment Business in relation to this vacancy.

Tate is committed to promoting equal opportunities. To ensure that every candidate has the best experience with us, we encourage you to let us know if there are any adjustments we can make during the application or interview process. Your comfort and accessibility are our priority, and we are here to support you every step of the way. Additionally, we value and respect your individuality, and we invite you to share your preferred pronouns in your application.