Privacy Analyst Data Protection Office

You will navigate the most dynamic regulatory landscape. You will work at the intersection of established privacy laws (GDPR, UK GDPR) and emerging regulations like the EU AI Act. This role offers the chance to tackle complex, high‑stakes compliance challenges that require deep analytical thinking and creative problem‑solving. Be a pioneer in AI Governance. You will be at the forefront of one of the most rapidly evolving areas of technology law. By conducting AI assessments, you will help shape how the company navigates the EU AI Act and ensures the responsible deployment of AI technologies. Expand your impact beyond borders. While based in our European Data Protection Office, your scope will be truly global. You will not only champion European compliance but also support critical projects in North America and contribute to our global processes, giving you a rare opportunity to master privacy requirements across multiple jurisdictions simultaneously.

Responsibilities

• Lead the execution of Data Protection Impact Assessments (DPIAs) for projects in the UK and Europe, while also providing critical support to North American initiatives and our global assessment framework.
• Conduct specialized compliance reviews for artificial intelligence initiatives, identifying risks related to bias, transparency, and data minimization.
• Serve as a primary point of contact for business teams in Dunton, providing day‑to‑day guidance on privacy‑by‑design principles and data protection requirements.
• Evaluate and negotiate the terms of data processing agreements and SCCs, supporting vendor management processes.
• Support data breach response activities when necessary.

Qualifications

• Advising on the execution of appropriate IT security measures to safeguard personal data.
• Strong knowledge of privacy documentation (e.g., DPIAs, privacy notices, contracts).
• Excellent communication skills—able to simplify complex topics for diverse audiences.
• Strong leadership and interpersonal skills to influence and mentor across teams.
• Experience analyzing technical processes or complex business workflows to identify privacy risks.
• Ability to quickly grasp and apply global regulatory frameworks.
• Experience and ability to operate in a fast‑paced environment in large, matrixed, multinational organizations.

Required Experience

• A Bachelor’s degree in a relevant field or equivalent professional experience.
• Three or more years of experience in data privacy, compliance, or risk management.
• A deep, working knowledge of the General Data Protection Regulation (GDPR) and the UK GDPR.
• Experience analyzing technical processes or complex business workflows to identify privacy risks.
• CIPP/E (Certified Information Privacy Professional/Europe) certification; CIPP/US or CIPM is a plus.
• Experience working on cross‑border privacy projects or supporting compliance efforts in multiple geographies (e.g., EU and US).
• Direct experience conducting assessments for AI, machine learning, or automated decision‑making systems.
• Preferable to have experience using OneTrust or similar privacy management software to manage DPIAs and risk registers.

Additional Information

The Company is committed to diversity and equality of opportunity for all and is opposed to any form of less favourable treatment or harassment on the grounds of race, religion or belief, sex, marriage and civil partnership, pregnancy and maternity, age, sexual orientation, gender reassignment or disability. This position is based in Dunton, and it is expected the successful candidate will be able to attend the Dunton office for typically 4 days a week and remain flexible on the days they are required to attend the office according to business requirements.