Privacy & Compliance Specialist

📋 Description

• Assist in Certn’s privacy compliance initiatives across the UK and EMEA, adhering to both UK GDPR and EU GDPR regulations.

• Facilitate the complete process of data subject access requests, deletion requests, and other related privacy rights inquiries.

• Keep privacy documentation up to date, including Records of Processing Activities, DPIA materials, cross-border transfer documentation, and records concerning special category data like criminal records and biometrics.

• Manage responses where Certn functions as a processor, in line with customer directives, relevant data processing agreements, and internal escalation protocols.

• Aid in ensuring Certn’s compliance framework for specific criminal record disclosure services, such as DBS, Disclosure Scotland, and AccessNI requirements.

• Assist in maintaining documentation related to umbrella or registered body obligations, eligibility criteria, consent frameworks, and permissible checks based on jurisdiction.

• Develop and sustain guidance for both customers and internal teams regarding compliance requirements specific to screening.

• Address client inquiries regarding data handling practices, lawful bases for processing, and regulatory requirements associated with screening.

• Contribute to RFPs, due diligence questionnaires, and compliance-related requests from customers using sanctioned materials and guidance.

• Help coordinate data incidents reported by clients involving Certn's processing, escalating complex or high-risk issues as necessary.

• Support regional assessments of personal data incidents and breaches, including intake, fact-gathering, documentation, escalation, and follow-up actions.

• Collaborate with the Privacy, Legal, Security, and Operations teams to assist in containment and regulatory notification analysis as per UK GDPR and EU GDPR.

• Help maintain regional breach response materials and procedural documentation.

• Aid in the creation and delivery of data protection and compliance training tailored for UK/EMEA operations.

• Develop and maintain internal guidance materials for teams managing criminal records, biometric data, and other sensitive information.

• Assist with external audits and accreditations, including ISO 27001, ISO 9001, and PBSA-related activities.

• Support internal compliance audits, sub-processor compliance documentation, regulatory tracking, and process enhancements.

⛳️ Requirements

• Prior experience in data protection, privacy, regulatory compliance, legal operations, risk, audit, or a related area.

• Practical experience and familiarity with UK/EU GDPR, privacy rights requests, compliance documentation, or data protection processes.

• Excellent written and verbal communication skills, capable of clearly articulating privacy and compliance concepts to both technical and non-technical audiences.

• Strong attention to detail, organizational skills, documentation capabilities, and thorough follow-through.

• Good judgment in handling sensitive information, identifying risks, and appropriately escalating issues.

• Experience in supporting DSARs, deletion requests, privacy rights inquiries, or data breach response initiatives.

• Ability to work collaboratively across functions with Legal, Security, Operations, Customer, Product, and Go-to-Market teams.

• Comfort in a fast-paced, high-growth technology environment where priorities may shift and processes are continually evolving.

• Post-secondary education in law, business, compliance, privacy, public policy, or a related field, or equivalent practical experience.

🏝️ Benefits

• Private health and dental insurance

• Benefits commence on the 1st of the month following the start date

• Flex Allowance: £325 per year

• Professional Development: £650 per year

• Work From Home Stipend: £325 to facilitate your home office setup as necessary

• Digital Nomad Policy

• Pension through Aviva