Data Privacy Director, Europe

As a data privacy director, you will lead Greystar’s European privacy and data protection strategy while also taking an active, hands‑on role in its day‑to‑day implementation. You will develop, implement, and operationalise policies, procedures, and controls to ensure ongoing compliance with applicable European and national data protection laws.

Working closely with senior leadership, business teams, and external counsel, you will embed privacy requirements into business operations, support regulatory and commercial decision‑making, and ensure the EU privacy programme remains aligned with both business objectives and regulatory expectations.

Key Role Responsibilities

• Define and oversee the organization’s data protection strategy, ensuring compliance with the principles of lawfulness, fairness, transparency, purpose limitation, data minimisation, accuracy, storage limitation, and integrity and confidentiality.
• Establish, maintain, and govern records of personal data processing activities, including data mapping of data flows, categories of personal data and data subjects, purposes of processing, lawful bases, recipients, international transfers, retention periods, and applied technical and organisational measures.
• Monitor and ensure compliance with GDPR and related EU data and information protection laws across all processing activities, including the implementation and effectiveness of appropriate technical and organisational measures.
• Advise and report to senior management and business functions on data protection obligations, including privacy by design and by default, lawful bases for processing, and the use of personal data in new products, services, and technologies.
• Oversee data protection impact assessments for processing operations likely to result in high risk to the rights and freedoms of data subjects, ensuring risks are identified, assessed, mitigated, and documented.
• Lead on the advice on and response to any European data protection breach (working with the current DPO and external lawyers as necessary) and take responsibility for reporting to the business.
• Have an active role in the review of contracts/agreements to ensure appropriate data processing terms are embedded in contracts/agreements and other legal acts involving the processing of personal data, in line with GDPR requirements.
• Take responsibility for horizon scanning data protection and privacy legislative and regulatory developments and lead data protection awareness, training, and internal communication programs, promoting a culture of data protection and ensuring employees and relevant stakeholders understand their responsibilities regarding the processing of personal data and the handling of personal data breaches.
• Update and develop new policies, procedures, and guidance documents as needed across markets, divisions, and functional areas.
• Provide input on vendor strategy, working with legal on review of contract terms related to privacy.
• Oversee data protection registrations and regulatory engagement, including maintaining required registrations and managing communication with European supervisory authorities such as the UK Information Commissioner’s Office.
• Support Information Technology and Information Security to ensure that a robust data security programme is maintained and the privacy implications of information management and oversight are addressed.
• Share a pro‑active view on data changes driven by legislation and the impact to the team through a commercial lens.
• Educate and provide guidance on consent management (e.g., cookie management and marketing preferences).
• Participate in projects, acquisitions and transactions and the EU risk committee and represent the data privacy function.
• Manage outside counsel and third‑party consulting firms on discreet projects.
• Own the European data protection budget, ensure costs are budgeted appropriately and measured on a routine basis to manage budget.
• Keep abreast of current changes in technology, processes, and standards within the industry and area(s) of responsibility by attending internal and external training classes.

Role Scope

The role will report to the Senior Director, Risk & Compliance Europe (based in the Netherlands) with a dotted line to the US‑based DPO. The role will work closely with the US‑based privacy team and current DPO, European senior management team members and have significant frequent interaction with a range of internal Greystar teams such as Investment, Development, Operations, Legal, HR, Procurement, ICT, Cyber and InfoSec teams. The role is a liaison for European privacy regulators. The role’s remit is European, based in our London office, but some travelling may be required. After a successful probation period you may become DPO for Greystar’s European business, including Student Roost.

Knowledge & Qualifications

• Degree‑level qualification in law, information technology, or a related field.
• A relevant postgraduate qualification or recognised data protection or privacy certification (such as CIPP/E, CIPP/EU, or equivalent) is desirable.
• A knowledge of related information technology and regulations (such as DORA, NIS2, the ePrivacy Directive or the EU AI Act) as it relates to privacy and data protection risks.

Experience & Skills

• Proven experience in a similar data privacy leadership or DPO role with an international business across multiple jurisdictions.
• Strong understanding of EU data protection laws (such as GDPR).
• An awareness and understanding of upcoming regulatory changes relevant to data protection in Europe.
• Strong technical expertise in manipulation and management of data with ability to quickly learn and operate new tools as required.
• Excellent oral and written communication skills, including strong oral presentation and project management skills.
• Strong interpersonal skills.
• A high degree of credibility, independence, integrity and trust and ability to work effectively and sensitively across multiple geographies and cultures often with senior leaders while managing a high volume of varied projects.
• Sound and practical business judgment and decision making.
• Additional European languages are desirable.

Location

London office, United Kingdom (Europe). Some travelling may be required.