Senior Data Protection Expert

Description

Position Summary: We are seeking a Senior Data Protection Expert to ensure regulatory compliance, manage risks, and coordinate cross-functionally on data governance. Key Responsibilities: 1. Privacy Management System design and maintenance 2. Integration of privacy by design/default into technology projects 3. Collaboration with technology and business teams on data privacy and AI At **GRUPO PROEDUCA**, we seek a **Senior Data Protection Expert** to ensure compliance with the GDPR, LOPDGDD, and international standards. The role encompasses data governance, compliance processes, risk management, and cross-functional coordination across multiple departments. #### **What will your responsibilities be?** * **Governance and regulatory framework:** Design and maintenance of the Privacy Management System, policies, procedures, roles (RACI), and metrics (KPIs/KRIs). * **Record of Processing Activities (ROPA):** Development, validation of legal bases, balancing tests (LIA), and criteria for data minimization and retention. * **Data Protection Impact Assessments (DPIAs):** Full execution of risk analysis, treatment plans, and integration of *privacy by design/default* into projects and the technology lifecycle. * **Third-party management:** Review and negotiation of data processing agreements, sub-processor arrangements, technical/organizational measures, and contractual oversight in collaboration with Legal and Procurement. * **International data transfers:** Conducting Transfer Impact Assessments (TIAs), use of Standard Contractual Clauses (SCCs), and definition of safeguards (pseudonymization, encryption, localization). * **Personal data breach management:** Coordination with Security, impact assessment, notification to supervisory authorities and affected individuals, and full traceability documentation. * **Data subject rights:** End-to-end management of the rights exercise cycle, verification, statutory deadlines, substantiated responses, and evidence collection. * **Audits and metrics:** Planning of internal/external audits, alignment with ISO 27701 / NIST Privacy Framework, and preparation of executive reports. * **Regulatory liaison:** Preparing responses to authorities, monitoring regulatory developments, and translating regulatory changes into operational actions. * **Training and awareness:** Design and delivery of targeted awareness programs per department, including effectiveness evaluation. * **Cross-functional coordination:** Collaboration with technology and business teams to ensure privacy in personal data use cases and AI models, reinforcing the principle of *accountability*. #### **What are we looking for?** * **Experience:** 2–5 years in consulting or in-house roles, with hands-on experience in DPIAs, Article 28 contracts, international transfers, breach handling, and data subject rights exercises. * **Education:** Law degree; Master’s in Data Protection, New Technologies, or Compliance. Certifications such as DPD under the AEPD-DPD Scheme and exposure to ISO 27701/27001 are highly valued. * **Languages:** English B2 #### **What do we offer?** * Permanent contract * Full-time employment with 50% remote work. * Location: Madrid (Pozuelo de Alarcón). * Working hours: Monday–Thursday 9:00–18:15, Friday 9:00–14:00 (1-hour flexible window between start and end time). * Flexible compensation plan (health insurance, gourmet card, childcare vouchers, transport vouchers). * Up to 80% discount on UNIR’s training offerings. *The EDUCATIONAL GROUP is firmly committed to equal opportunities and diversity, thereby creating an environment free from all forms of discrimination.* **\#LI\-DZ1**