GDPR Operational Lead

DRAFT role description, to be reviewed before external publishing 
The GDPR Operational Lead plays a central role in ensuring customers experience GDPR compliance as an integrated and reliable part of service delivery. By translating regulatory requirements into day‑to‑day operational controls, the role strengthens customer confidence and long‑term partnerships.

The GDPR Operational role is responsible for ensuring that GDPR requirements are implemented, operated and followed in day‑to‑day service delivery.

The role bridges legal data protection requirements and practical service operations, ensuring that personal data processing within delivered services is compliant, controlled and auditable.

This is an operational role within Service Delivery, working closely with Information Security team, the Data Protection Officer (DPO), account teams and customers.

As our future GDPR Operational Lead, you will:

• Ensuring day‑to‑day compliant processing of personal data within delivered services
• Maintain and operate data handling routines, such as access control, logging, data retention and deletion
• Ensure GDPR considerations are embedded in service onboarding, transition and steady‑state operations
• Acting as SPOC for GDPR questions in Sweden delivery
• Supporting audits and customer assurance
• Coordinating incident handling for personal data breaches
• Maintaining documentation and system inventories relevant to personal data
• Working in close cooperation with Information Security Management (ISM) and DPO

Your profile

You are proactive, structured, and analytical, with a strong sense of responsibility and you are as a person solution oriented. 

You have: 

• Solid experience from IT Service Delivery, Operations or Security 
• Practical understanding of GDPR in an operational context (beyond policy and legal interpretation) 
• Lead and coordinated daily operational GDPR actvities
• Experience working with: 
  • Service management and delivery models
  • Information security controls, privacy incidents and incident response
  • Customer assurance, audits or compliance reviews
  • Operational GDPR activities such as data handling routines, risk assessment or cross-functional coordination
  • Ability to work cross‑functionally and act as a trusted operational advisor

You have experience from managed services, outsourcing or complex IT environments. You have knowledge of and experience with ITIL, ISO/IEC 27001, ISAE, and NIS2-related requirements. You have experience interacting with customers on compliance security topics. 

The role requires background checks, and Swedish citizenship, and potentially also security clearance depending on customer need. 

What is in it for you?

• A business‑critical and visible role with significant trust and responsibility
• The opportunity to influence and develop data privacy work for major customers
• A flexible way of working with possibility to work remotely part time