Skip Navigation

Data Privacy Senior Specialist

Job ID 21007452 London, United Kingdom

Our professionals balance analytical skills, deep market insight and independence to deliver solid, defensible analysis and practical advice to our clients. As an organization, we value the diverse backgrounds and perspectives that enable us to think globally. We create transparency in an opaque world, and we encourage our people to do the same. That means when you join our team, you’ll become part of a supportive and collaborative work environment that empowers you to excel. If you’re ready to share your perspective with the world, then you can make a real impact here. This is the Kroll difference.

At Kroll, your work will help protect, restore and maximize value for our clients. Join us and together we’ll maximize the value of your career.


  • End to end management of Data Subject Requests (DSR’s), including:
    • Processing client, employee, or third party DSR’s in accordance with firm policies and applicable laws and regulations and maintaining and updating related procedures
    • Tracking and logging of all DSR’s on the workflow system and ensuring DSR’s are completed within firm and regulatory timelines.
    • Utilizing various firm systems and liaising with business stakeholders, including HR, in order to gather all relevant personal data.
    • Reviewing and assessing personal data content, identifying and redacting privileged, confidential and non-personal data, and applying relevant GDPR and member state law and codes of practice, to ensure (where applicable) exemptions or redactions have been correctly applied, including working with external legal counsel when necessary.
  • Manage, monitor and maintain internal policies and procedures related to data privacy, including but not limited to website/cookie policies, cross border transfers, and privacy by design.
  • Assist in managing the response to privacy incidents, under the guidance of the Data Protection Officer and in collaboration with the Global Privacy Team, technology, legal, and business stakeholders, and monitor and track resulting remediation action plans.
  • Respond to data subject and third-party queries or complaints that come into the privacy team mailbox.
  • Identify, assess, manage, and report data privacy risk issues as part of the firm’s wider privacy risk management program, and working with stakeholder groups to address and mitigate any identified gaps.
  • Support business stakeholders in ensuring appropriate contractual arrangements are in place with clients and vendors
  • Develop in collaboration with the Data Protection Officer bespoke training and awareness initiatives
  • Engaging with different stakeholders across multiple disciplines and mind-sets, from to Legal, Compliance, Information Security and IT, adapting flexibly as required.
  • Engaging stakeholders to fully understand parameters, risks and key areas of concern where these are in conflict with the CPO’s/ DPO’s preferred direction of travel or the firm’s risk tolerance
  • Advising on risk-based decisions involving regulatory, reputational and financial risk and acting with a high degree of integrity and with autonomy.


  • Excellent understanding of the GDPR, the UK Data Protection Act 2018, PECR and, related privacy regulations in EU member states
  • Minimum 2-3 years in a legal, compliance, risk, audit, or similar function
  • Experience working in a large organisation with complex infrastructures and technological environments. Understanding of data processing operations, including business applications and data use
  • Experience carrying out privacy risk assessments for digital services, ideally with knowledge of a range of formal risk methodologies applicable to web-based services / cloud services.
  • Intermediate to advanced Microsoft Office skills including Word and Excel. SharePoint experience a plus. Relativity or similar experience a plus.
  • CIPM and/or CIPP/E certification preferred but not required. Willingness to obtain within one year (International Association of Privacy Professionals)
  • Excellent communication and teamwork skills to represent diverse communities.
  • Experience in reviewing privacy-related contractual arrangements and data processing addendums
  • Experience in developing and providing training and awareness initiatives
  • Experience in tracking cross border data transfers and conducting transfer impact assessments a plus
  • Knowledge of CCPA/CPRA and/or APAC privacy laws a plus

In order to be considered for a position at Kroll, you must formally apply via 

Kroll is committed to equal opportunity and diversity, and recruits people based on merit.




OR Match jobs with LinkedIn

Any information we receive from LinkedIn is determined by LinkedIn and your privacy settings thereon. Kroll is not responsible for the privacy practices of any non-Kroll operated websites. We will process any data we receive in accordance with our privacy policy.


Looking for remote roles? Click here.

Featured Jobs