Global Privacy and Data Protection Specialist

Dentons is designed to be different. We are driven to always be the firm of the future, to challenge the status quo, and to provide holistic business solutions to our clients in new and innovative ways. We are the lightbulb moments. The bold ideas. We are the world's largest global law firm, with 12,000+ people across 80+ countries. Driven by the diverse perspectives of our people, our clients, and our communities, we combine local knowledge with global insight.

We are looking for a Global Privacy and Data Protection Specialist to join our global privacy team.  This role reports to the Global Senior Data Protection Specialist and is ideal for a professional with hands-on experience in privacy operations, stakeholder support and emerging technologies.  While the role involves a high degree of autonomy, it operates under the guidance of senior privacy leadership to ensure alignment with global strategy and escalation of complex matters as needed.  The successful candidate will support a broad range of global compliance activities across all regions, collaborating with cross-functional teams to embed privacy-by-design into projects, manage data subject rights and incidents, and optimize the use of privacy tools like OneTrust.

Key Responsibilities

Privacy Operations & Governance

• Support the evolution of the global privacy program, including all relevant monitoring activities, in alignment with GDPR and other international data protection frameworks.
• Conduct and advise on DPIAs, vendor risk assessments, and manage Records of Processing Activities (RoPAs).
• Draft, review, maintain and harmonise privacy documentation, including internal procedures, notices, guidance, and training materials.
• Maintain and oversee the privacy risk register, coordinating with stakeholders the implementation of mitigation plans.

Privacy Advisory & Business Support

• Respond to day-to-day privacy queries and provide practical, risk-based privacy advice to internal teams (e.g., marketing, HR, IT, procurement) ensuring timely, accurate and business-relevant advice.
• Support client-facing teams with privacy-related contract terms reviews (e.g. DPAs, SCCs), other privacy questions and due diligence.
• Manage routine and moderately complex privacy queries independently, escalating high-risk or novel issues to senior privacy leadership as appropriate.

Privacy Tech & OneTrust (OT)

• Act as a central contact for OT: oversee implementation, ongoing management, reporting and quality control.
• Define and review workflows and processes, perform audits to identify and correct data gaps, errors or discrepancies (e.g. vendor names, documents, data processing details etc.).
• Develop and maintain user guidelines, manage access permissions, add vendors, processing activities, entities etc, and train users on OT functionality and best practices, including assessments, RoPAs, vendor risk, and incident tracking.
• Collaborate with InfoSec/IT teams to align privacy tech workflows with security controls within OT.  

Incident Management

• Support the coordination, investigation and documentation of privacy incidents and breaches.
• Conduct root cause analyses, facilitate stakeholder engagement, and support regulatory reporting.
• Maintain and enhance the incident and breach logs; track metrics to support internal and regulatory reporting and continuous improvement.

Data Subject Rights & Compliance Requests

• Act as the initial point of intake for data subject access and rights requests received centrally; route requests to appropriate owners, track completion, and maintain oversight of the process to ensure compliance.
• Support development and automation of Data Subject Rights’ workflows.
• Manage DSARs and related rights requests in compliance with global privacy laws. Coordinate with Regions, IT, Legal, and other business stakeholders to gather data and prepare responses for globally owned requests, ensuring proper documentation.
• Maintain the data subject request log and ensure timely, accurate response in line with regulatory requirements.

Global Collaboration

• Collaborate with privacy professionals and stakeholders across global regions to align practices, share insights, and support cross-border compliance efforts.
• Support global training, awareness, and onboarding activities as needed.

Innovation & Emerging Technologies

• Collaborate with relevant teams to ensure privacy-by-design in the development and deployment of AI, analytics, and other emerging technologies.
• Contribute to risk assessments for AI and other innovative tech use cases, data sharing, and automation tools.

Analytics, KPIs & Reporting

• Define and maintain key privacy management information (PMI) dashboards and reporting tools, tracking key metrics such as number of DSARs, incident volumes and trends, DPIAs initiated and completed, vendor reviews etc.
• Generate and maintain regular privacy dashboards and team reports, providing quarterly insights on performance, trends, and compliance health.
• Support regulatory audits and internal reporting with accurate metrics and documentation.

Training & Awareness

• Coordinate and deliver privacy training and awareness initiatives across the Firm, ensuring global relevance and compliance with local regulations.
• Develop, update, and manage training materials tailored for different roles and risk levels (e.g., onboarding, IT, marketing, procurement) observing localization requirements as applicable.
• Monitor completion of mandatory privacy training and track participation metrics across regions.
• Assess training needs by engaging stakeholders, reviewing incidents/metrics, and staying current on regulatory requirements and organizational changes.
• Support the onboarding and upskilling of new privacy team members, especially in relation to internal tools and systems (e.g., OneTrust).
• Maintain documentation of training and awareness schedules, records, and compliance reporting.

Experience & Knowledge

• 3–5 years in privacy and data protection that can be evidenced through work experience, preferably in a global law firm or other global or regulated environment.
• Strong understanding of the GDPR and other data protection laws, able to balance compliance with business enablement.  Knowledge of global privacy frameworks or exposure to them preferable.
• Hands-on experience with OneTrust or equivalent privacy management platforms/tools.
• Proven experience in the provision of privacy advice, guidance, data protection compliance processes, including vendor assessments, incident management, DPIAs, and cross-functional privacy support.
• Exposure to privacy issues related to AI, data analytics, or other emerging technologies is a strong advantage.
• Privacy certification (e.g. CIPP/E, CIPM, or other IAPP, GDPR or DPA 2018) preferred.

Skills & Attributes

• Ability to deliver practical, pragmatic and creative privacy solutions.
• Strong analytical skills and experience using metrics to drive improvement.
• Excellent communication and stakeholder skills, both written and verbal, with an ability to explain complex privacy and data protection issues to lay audiences, to negotiate and to influence others.
• Comfortable working with cross-functional teams across legal, tech, security, fee earners and operations, able to interact positively at all levels and a good team player.
• High attention to detail, methodical approach to work with a strong focus on accuracy.
• Proactive, well-organised and resilient under pressure.
• Self-motivated and committed to continuous learning and development.

Desirable Competencies

• Experience supporting or leading ISO 27001/27701 alignment efforts.
• Understanding of AI ethics and data governance frameworks.
• Experient in privacy audit support and l compliance monitoring.
• Familiarity with programme or project management in a compliance or legal setting.

Remuneration and benefits package will reflect the successful candidates experience and country where hired.