Data Privacy Manager (Europe)
Role details
Job location
Tech stack
Job description
As part of the Corporate & Legal (C&L) team and the Data Protection Centre of Excellence (DPCE), the Data Privacy Manager Europe supports the Deputy CEO/General Counsel's reporting line and LIC staff, including the colleagues in the EU branches, in ensuring that personal data is processed in compliance with applicable data protection laws and internal procedures. Principal Accountabilities * Own and continuously evolve the company's data protection framework by defining, maintaining, and embedding GDPR-by-design principles across policies, procedures, and guidance, ensuring consistent implementation and alignment with regulatory expectations and business strategy.
-
Act as a senior data protection advisor to business leadership, European Offices, and key stakeholders by independently resolving complex privacy matters, providing authoritative guidance on GDPR interpretation, and driving a strong and sustainable data protection culture across the organisation.
-
Lead and govern the Data Protection Champion network, setting expectations and priorities, chairing Quarterly Data Protection Forums, overseeing the quality and completeness of the 4-monthly assessment done in One Trust,
-
Act as the accountable system owner for One Trust, with responsibility for governance, data quality, user access, and ongoing optimisation of the tool.
-
Own the coordination and tracking of privacy audit remediation, proactively monitoring progress, challenging business owners where actions are delayed or insufficient, and providing management-level reporting on closure status and residual risk.
-
Lead the drafting, review, and approval of non-contractual and contractual privacy documentation, including Privacy Notices, and provide senior-level input on privacy-related clauses in supplier, outsourcing and intra-group agreements, including international data transfer arrangements.
-
Provide subject-matter leadership on international data transfers, including defining the approach to Transfer Impact Assessments (TIAs), reviewing high-risk transfers, and advising the business on risk-based mitigation measures in line with evolving regulatory guidance.
-
Own and monitor operational privacy risk management, including validating data protection risk assessments within the RCSA Corestream, challenging inputs from Data Protection Champions, and escalating material risks to appropriate governance forums.
-
Lead and have the operational oversight, coordination, and quality assurance of Data Subject Access Requests (DSAR's) and other data subject rights requests and keeping the DSSR register updated
Requirements
In-depth knowledge of GDPR and data protection principles, with the ability to interpret regulatory requirements independently and apply them pragmatically across complex business and operational scenarios.
-
Working knowledge of core data protection processes, including DPIAs and DTIAs, with the ability to assess risk, challenge assumptions, and ensure appropriate documentation and mitigation measures are in place.
-
Clear understanding of data-subject rights obligations and workflows, including the ability to advise on complex or sensitive requests and ensure compliant handling across the organisation.
-
Solid knowledge of GDPR-related contracting requirements, including privacy clauses, data-processing agreements, and international transfer mechanisms, with the ability to provide informed guidance on risk and compliance implications.
-
Good understanding of information technologies and data-security concepts, including emerging technologies such as AI, and their impact on data-protection risk, governance, and regulatory compliance.
-
Excellent written and spoken English, with the ability to communicate complex concepts clearly to senior and non-technical audiences; additional European languages considered beneficial
-
Extensive experience operating in a data protection, privacy or information governance function within the EU/EEA, with demonstrated application of GDPR and related regulatory frameworks in complex organisational environments.
-
Proven ability to operate at company level, applying privacy expertise to influence strategy, manage risk, and support business-critical initiatives across multiple functions or jurisdictions.
-
Hands-on and strategic experience with privacy management tools (e.g. One Trust or equivalent), including embedding such tools into business processes, driving adoption, and improving data protection maturity.
-
Demonstrated experience leading or significantly contributing to transformation, change or capability-building initiatives within a privacy or compliance context.
-
Organisational and delivery capability, demonstrating a structured, outcome-focused working style, prioritising competing demands independently, and taking ownership for deliverables while recognising when escalation or alignment is required.
-
Advanced cross-functional awareness and collaboration skills, with the ability to navigate different business perspectives (e.g. legal, risk, IT, operations, HR), reconcile competing priorities, and drive coherent outcomes across teams.
Diversity and inclusion are a focus for us - Lloyd's aim is to build a diverse, inclusive environment that reflects the global markets we work in. One where everyone is treated with dignity and respect to achieve their full potential. In practice, this means we are positive and inclusive about making workplace adjustments, we offer regular health and wellbeing programmes, diversity and inclusion training, employee networks, mentoring and volunteering opportunities as well as investment into your professional development. You can read more about diversity and inclusion on our
