Personio is looking for a Privacy Operations Manager to own and run the operational engine of our privacy compliance programme. Reporting to the Head of Product & Privacy Legal, you will be responsible for the day‑to‑day delivery of our EU GDPR obligations — including our records of processing, breach incident process and data subject requests, and the implementation of our privacy‑management systems, as well as embedding privacy‑by‑design practices across the business. This is a hands‑on operational role working closely with Security, our DPO, Engineering, and HR teams to keep Personio compliant, audit‑ready, and ahead of regulatory change.
This role requires 3 days per week in the office and is based in London or Dublin.
Join us to make a significant impact on the next phase of our scaling journey, together.
What You’ll Do
- Own and maintain our Record of Processing Activities (RoPA) and data inventory, ensuring they are accurate, current, and audit‑ready.
- Manage our end‑to‑end Data Subject Rights (DSR) process, coordinating timely fulfilment across teams and maintaining clear documentation against deadlines.
- Coordinate Data Protection Impact Assessments (DPIAs) working with technical teams to identify privacy risks and document outcomes.
- Configure, maintain, and develop our privacy‑management platform (e.g. OneTrust / Kertos / DataGrail or equivalent), building automated workflows for DSR handling, consent management, and DPIA intake.
- Run Personio’s privacy training and awareness programme, developing content for colleagues across functions and ensuring data protection obligations are understood and followed.
- Manage the vendor review process and sub‑processor register — including assessing AI‑related data protection risks in vendor systems — working from legal‑approved templates and maintaining accurate public‑facing disclosures in line with customer commitments.
- Track regulatory developments and monitor divergences between EU GDPR and UK GDPR — including ICO and EDPB guidance — flagging material changes to legal counsel and keeping programme documentation current.
What You’ll Need To Succeed
- 4+ years of experience in privacy operations or data protection compliance, preferably within a SaaS or technology company.
- Deep, working knowledge of EU GDPR – you understand the Regulation itself, can apply it to operational scenarios, and are familiar with EDPB guidance.
- Hands‑on experience implementing, configuring and administering a privacy‑management platform and you have built workflows and maintained data maps, not just used these tools as an end user.
- Comfortable using AI‑powered tools to support privacy operations – such as DSR triage, data scanning and documentation – and applying them responsibly and in line with data protection principles.
- Strong project‑management skills, translating privacy requirements into clear and practical guidance for non‑legal colleagues.
- Ability to prioritise and organise workload according to regulatory risk, applying consistent triage criteria to distinguish operational tasks from those requiring legal escalation.
- Hold or be working towards a CIPP/E certification (IAPP); CIPM and German language skills are a valuable advantage.
Benefits
Personio is an equal opportunities employer, committed to building an integrative culture where everyone feels welcomed and supported. We embrace uniqueness and understand that our diverse, values‑driven culture makes us stronger. We are proud to have an inclusive workplace environment that will foster your development no matter your gender, civil status, family status, sexual orientation, religion, age, disability, education level, or race.
At Personio, we value in‑person collaboration while also offering flexibility. This role is office‑based, with 3 days per week required in your contracted office location. The remaining days can be worked from home or in the office if you prefer. In addition, you’ll have 20 Flex Days per year to work remotely from other locations.
- Competitive reward package – reevaluated each year – that includes salary, benefits, and pre‑IPO equity.
- 28 days of paid vacation, plus an additional day after 2 and 4 years.
- Impact Day – make an impact on the environment and society with one fully paid day.
- Generous family leave, child support, mental health support and sabbatical opportunities.
- Regular cultural initiatives and events such as local Summer Sessions and year‑end celebrations. Healthy snacks, drinks, and a weekly catered lunch.
