Privacy & AI Compliance Specialist United Kingdom

Bloomreach is building the world’s premier agentic platform for personalization. We’re revolutionizing how businesses connect with their customers, building and deploying AI agents to personalize the entire customer journey. We’re taking autonomous search mainstream, making product discovery more intuitive and conversational for customers, and more profitable for businesses. We’re making conversational shopping a reality, connecting every shopper with tailored guidance and product expertise — available on demand, at every touchpoint in their journey. We’re designing the future of autonomous marketing, taking the work out of workflows, and reclaiming the creative, strategic, and customer-first work marketers were always meant to do. And we’re building all of that on the intelligence of a single AI engine — Loomi AI — so that personalization isn’t only autonomous…it’s also consistent. From retail to financial services, hospitality to gaming, businesses use Bloomreach to drive higher growth and lasting loyalty. We power personalization for more than 1,400 global brands, including American Eagle, Sonepar, and Pandora.

The Role

We’re looking for a legally grounded, detail-oriented Privacy & AI Compliance Specialist to join our Legal team. This role is designed for a hands-on subject matter expert who enjoys applying privacy and AI compliance requirements in real-world, product-driven environments. You’ll work closely with internal stakeholders to ensure Bloomreach’s products, vendor relationships, and internal processes meet applicable privacy and AI regulatory obligations—while remaining practical, scalable, and business-aligned.

What You’ll Do

• Embed privacy into product development
• Partner with product and engineering teams to assess new features and roadmaps for privacy and AI-related risk
• Support privacy-by-design and responsible AI principles from ideation through launch
• Advise on global privacy and AI compliance
• Provide practical guidance on GDPR, UK GDPR, CCPA, and other global data protection frameworks
• Support compliance with emerging AI regulations, including the EU AI Act and evolving U.S. AI laws
• Oversee vendors and third parties
• Conduct privacy and AI compliance assessments for vendors, particularly those handling sensitive data or AI-driven systems
• Identify risks, recommend mitigation strategies, and support accountability across third-party relationships
• Support audits and governance programs
• Maintain data maps and Records of Processing Activities (RoPAs) using data mapping tools
• Assist with internal and external audits, including documentation, evidence collection, and audit readiness
• Support privacy incident response and ongoing governance initiatives
• Support data subject rights and requests
• Assist with intake, assessment, and response to data subject requests (e.g., access, deletion, objection) in accordance with GDPR and other applicable privacy laws
• Coordinate with internal stakeholders to ensure accurate, timely, and compliant responses
• Monitor regulatory developments
• Stay current on changes in privacy and AI regulations and enforcement trends
• Assess impacts on Bloomreach products and operations and communicate actionable recommendations to stakeholders
• Collaborate cross-functionally
• Work closely with legal, compliance, security, product, marketing, and engineering teams
• Translate complex legal and technical requirements into pragmatic, business-aligned solutions

What You Bring

• 3+ years of experience in privacy, data protection, or compliance roles, ideally within a SaaS, technology, or product-focused organization
• Strong working knowledge of EU data protection laws, including GDPR and UK GDPR; familiarity with global privacy frameworks such as CCPA is a plus
• Familiarity with the EU AI Act or other emerging AI regulatory frameworks
• Ability to interpret regulatory requirements and translate them into clear, actionable guidance for business and technical teams
• Strong analytical and organizational skills, with a pragmatic, risk-based approach to compliance
• Clear and precise written and verbal communication skills, comfortable engaging with both legal and non-legal stakeholders
• Experience working cross-functionally in fast-paced, international environments

Nice to Have

• Practical experience supporting AI governance, algorithmic risk assessments, or responsible AI initiatives
• Experience using privacy management or data mapping tools (e.g., RoPA maintenance)
• Experience supporting privacy, compliance, or security audits
• Relevant certifications such as CIPP/E, CIPM, or other IAPP credentials

Your Success at Bloomreach

• Within 30 days: You’ll gain a strong understanding of Bloomreach’s products, workflows, privacy culture, and compliance tools
• Within 90 days: You’ll independently review product features and vendor integrations for privacy and AI-related risks
• Within 180 days: You’ll proactively drive improvements by scaling privacy processes, enhancing data mapping, and strengthening our overall compliance posture

Why You’ll Love Working at Bloomreach

• High-impact work: Help shape privacy and AI compliance for a platform trusted by leading global enterprises
• Growth mindset: Access learning budgets, professional development programs, and a strong coaching culture
• Freedom with responsibility: We value autonomy, ownership, and results—without unnecessary bureaucracy
• Inclusive and flexible culture: Work remotely with Bloomreach hubs around the world, supported by a culture that prioritises well-being and personal growth