Data Privacy Officer

Job Description:

We are seeking a highly experienced and proactive Global Data Privacy Officer (DPO) to lead our internal data protection strategy. This key role will ensure that our organization processes personal data of customers, employees, and partners in compliance with global regulations, including EU GDPR, UK GDPR, Brazilian LGPD, and other emerging international laws. The ideal candidate will be a subject matter expert in data rights, providing strategic guidance to senior leadership, managing high-stakes DSAR requests, and fostering a robust, privacy-first culture.

• Serve as the primary point of contact for data protection authorities and lead the organization’s response to data protection inquiries and investigations.
• Monitor global privacy law changes, interpret their implications, and implement necessary updates to internal data processing activities.
• Develop, implement, and maintain internal data privacy policies, procedures, and data governance frameworks across all operational regions.
• Maintain comprehensive Records of Processing Activities (RoPA).

• Own and manage the end-to-end DSAR process, ensuring timely and compliant responses to data access, rectification, erasure, and portability requests globally.
• Develop robust, scalable processes to identify, locate, and process sensitive data across various organizational systems.
• Evaluate complex data requests, ensuring the protection of individuals' rights while balancing third-party confidentiality.

• Oversee Data Protection Impact Assessments (DPIAs) for high-risk processing, new products, and vendor technologies.
• Collaborate with IT/Security teams to ensure technical safeguards (encryption, data minimization) are implemented by design.
• Conduct audits to proactively address compliance vulnerabilities.

• Lead the investigation and management of data breaches, ensuring effective response and containment.
• Coordinate notifications to regulatory authorities and affected individuals within legal timelines.

• Foster a proactive data protection culture through employee training and awareness programs.
• Act as a "privacy evangelist," providing actionable guidance to HR, Marketing, and Engineering teams.

Please note this job description is not designed to cover or contain a comprehensive listing of activities, duties or responsibilities that are required of the employee for this job. Functions, duties, responsibilities, and activities may change at any time with or without notice.

•  7+ years of dedicated data privacy experience, with at least 3 years in a senior or global role managing complex privacy programs.
• Global Knowledge: Deep understanding of GDPR (EU & UK), with experience in Brazilian LGPD, CCPA/CPRA, or other international laws.
• DSAR Expert: Proven track record of managing complex DSAR requests, including in-depth data mapping, redacting, and navigating legal exceptions.
•  Demonstrated ability to work independently, report to top management, and challenge data processing activities without conflict of interest.
•  Bachelor’s degree in Law, IT, or related field. A Master's degree is preferred.
•  IAPP Certifications (CIPP/E, CIPM, or CIPT) are highly desirable.
•  Fluency in English is required; Italian or French is a strong advantage given the locations.

• Strategic Thinking: Ability to translate complex regulations into practical business requirements.
• Communication: Exceptional verbal and written communication skills to educate staff and interact with stakeholders at all levels.
• Problem-Solving: Strong analytical skills to assess privacy risks and implement mitigating controls.

EEO Statement

Abercrombie & Kent is an equal opportunity employer. We celebrate diversity and are committed to creating an inclusive environment for all employees.