Data Privacy Director, Europe

Greystar is a leading, fully integrated global real estate platform offering expertise in property management, investment management, development, and construction services in institutional-quality rental housing. Headquartered in Charleston, South Carolina, Greystar manages and operates over $300 billion of real estate in over 260 markets globally with offices throughout North America, Europe, South America, and the Asia‑Pacific region.

As a data privacy director, you will lead Greystar’s European privacy and data protection strategy while also taking an active, hands‑on role in its day‑to‑day implementation. You will develop, implement, and operationalise policies, procedures, and controls to ensure ongoing compliance with applicable European and national data protection laws.

Key Role Responsibilities:

• Define and oversee the organization’s data protection strategy, ensuring compliance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, and integrity and confidentiality.
• Establish, maintain, and govern records of personal data processing activities, including data mapping of data flows, categories of personal data and data subjects, purposes of processing, lawful bases, recipients, international transfers, retention periods, and applied technical and organisational measures.
• Monitor and ensure compliance with GDPR and related EU data and information protection laws across all processing activities, including the implementation and effectiveness of appropriate technical and organisational measures.
• Advise and report to senior management and business functions on data protection obligations, including privacy by design and by default, lawful bases for processing, and the use of personal data in new products, services, and technologies.
• Oversee data protection impact assessments for processing operations likely to result in high risk to the rights and freedoms of data subjects, ensuring risks are identified, assessed, mitigated, and documented.
• Lead on the advice on and response to any European data protection breach and take responsibility for reporting to the business.
• Have an active role in the review of contracts/agreements to ensure appropriate data processing terms are embedded in contracts/agreements and other legal acts involving the processing of personal data, in line with GDPR requirements.
• Take responsibility for horizon scanning data protection and privacy legislative and regulatory developments and lead data protection awareness, training, and internal communication programs.

Other responsibilities:

• Updating and developing new policies, procedures, and guidance documents as needed across markets, divisions, and functional areas.
• Providing input on vendor strategy, working with legal on review of contract terms related to privacy.
• Oversee data protection registrations and regulatory engagement, including maintaining required registrations and managing communication with European supervisory authorities.
• Support Information Technology and Information Security to ensure that a robust data security programme is maintained.
• Share a pro‑active view on data changes driven by legislation and the impact to the team through a commercial lens.
• Educate and provide guidance on consent management.
• Participate in projects, acquisitions and transactions and represent the data privacy function.
• Managing outside counsel and third‑party consulting firms on discreet projects.
• Owning the European data protection budget, ensuring costs are budgeted appropriately and measured on a routine basis.
• Keep abreast of current changes in technology, processes, and standards within the industry.

Knowledge & Qualifications:

• Degree‑level qualification in law, information technology, or a related field.
• A relevant postgraduate qualification or recognised data protection or privacy certification is desirable.
• A knowledge of related information technology and regulations as it relates to privacy and data protection risks.

Experience & Skills:

• Proven experience in a similar data privacy leadership or DPO role with an international business across multiple jurisdictions.
• Strong understanding of EU data protection laws.
• An awareness and understanding of upcoming regulatory changes relevant to data protection in Europe.
• Strong technical expertise in manipulation and management of data.
• Excellent oral and written communication skills.
• Strong interpersonal skills.
• A high degree of credibility, independence, integrity and trust.
• Sound and practical business judgment and decision making.
• Additional European languages are desirable.