Data Privacy Director, Europe in London

ABOUT GREYSTAR

Greystar is a leading, fully integrated global real estate platform offering expertise in property management, investment management, development, and construction services in institutional-quality rental housing. Headquartered in Charleston, South Carolina, Greystar manages and operates over $300 billion of real estate in over 260 markets globally with offices throughout North America, Europe, South America, and the Asia‑Pacific region. Greystar is the largest operator of apartments in the United States, managing more than one million units/beds globally. Across its platforms, Greystar has over $79 billion of assets under management, including approximately $36 billion of development assets and over $30 billion of regulatory assets under management. Greystar was founded by Bob Faith in 1993 to become a provider of world‑class service in the rental residential real estate business.

JOB DESCRIPTION SUMMARY

As a data privacy director, you will lead Greystar’s European privacy and data protection strategy while also taking an active, hands‑on role in its day‑to‑day implementation. You will develop, implement, and operationalise policies, procedures, and controls to ensure ongoing compliance with applicable European and national data protection laws. Working closely with senior leadership, business teams, and external counsel, you will embed privacy requirements into business operations, support regulatory and commercial decision‑making, and ensure the EU privacy programme remains aligned with both business objectives and regulatory expectations.

JOB DESCRIPTION

• Define and oversee the organization’s data protection strategy, ensuring compliance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, and integrity and confidentiality.
• Establish, maintain, and govern records of personal data processing activities, including data mapping of data flows, categories of personal data and data subjects, purposes of processing, lawful bases, recipients, international transfers, retention periods, and applied technical and organisational measures.
• Monitor and ensure compliance with GDPR and related EU data and information protection laws across all processing activities, including the implementation and effectiveness of appropriate technical and organisational measures.
• Advise and report to senior management and business functions on data protection obligations, including privacy by design and by default, lawful bases for processing, and the use of personal data in new products, services, and technologies.
• Oversee data protection impact assessments for processing operations likely to result in high risk to the rights and freedoms of data subjects, ensuring risks are identified, assessed, mitigated, and documented.
• Lead on the advice on and response to any European data protection breach (working with the current DPO and external lawyers as necessary) and take responsibility for reporting to the business.
• Have an active role in the review of contracts/agreements to ensure appropriate data processing terms are embedded in contracts/agreements and other legal acts involving the processing of personal data, in line with GDPR requirements.
• Take responsibility for horizon scanning data protection and privacy legislative and regulatory developments and lead data protection awareness, training, and internal communication programs, promoting a culture of data protection and ensuring employees and relevant stakeholders understand their responsibilities regarding the processing of personal data and the handling of personal data breaches.

• Updating and developing new policies, procedures, and guidance documents as needed across markets, divisions, and functional areas.
• Providing input on vendor strategy, working with legal on review of contract terms related to privacy.
• Oversee data protection registrations and regulatory engagement, including maintaining required registrations and managing communication with European supervisory authorities such as the UK Information Commissioner’s Office.
• Support of Information Technology and Information Security to ensure that a robust data security programme is maintained and the privacy implications of information management and oversight are addressed.
• Share a pro‑active view on data changes driven by legislation and the impact to the team through a commercial lens.
• Educate and provide guidance on consent management (i.e. cookie management and marketing preferences).
• Participate in projects, acquisitions and transactions and the EU risk committee and represent the data privacy function.
• Managing outside counsel and third‑party consulting firms on discreet projects.
• Owning the European data protection budget, ensure costs are budgeted appropriately and measured on a routine basis to manage budget.
• Keeps abreast of current changes in technology, processes, and standards within the industry and area(s) of responsibility by attending internal and external training classes.

The role will report to the Senior Director, Risk & Compliance Europe (based in the Netherlands) with a dotted line to the US‑based DPO. The role will work closely with the US‑based privacy team and current DPO, European senior management team members and have significant frequent interaction with a range of internal Greystar teams such as Investment, Development, Operations, Legal, HR, Procurement and ICT, Cyber and InfoSec teams. Liaison for European privacy regulators. European remit, based in our London office, but some travelling might be required. You may also be required in this role following a successful probation period to become DPO for Greystar’s European business, including Student Roost.

• Degree‑level qualification in law, information technology, or a related field.
• A relevant postgraduate qualification or recognised data protection or privacy certification (such as CIPP/E, CIPP/EU, or equivalent) is desirable.
• A knowledge of related information technology and regulations (such as DORA, NIS2, the ePrivacy Directive or the EU AI Act) as it relates to privacy and data protection risks.

• Proven experience in a similar data privacy leadership or DPO role with an international business across multiple jurisdictions.
• Strong understanding of EU data protection laws (such as GDPR).
• An awareness and understanding of upcoming regulatory changes relevant to data protection in Europe.
• Strong technical expertise in manipulation and management of data with ability to quickly learn and operate new tools as required.
• Excellent oral and written communication skills, including strong oral presentation and project management skills.
• Strong interpersonal skills.
• A high degree of credibility, independence, integrity and trust and ability to work effectively and sensitively across multiple geographies and cultures often with senior leaders while managing a high volume of varied projects.
• Sound and practical business judgment and decision making.
• Additional European languages are desirable.