The Privacy Compliance Specialist supports the IAG Transform DPO and the wider organisation in ensuring compliance with data protection laws (including EU and UK GDPR) and internal IAG Group privacy standards. The role provides expert advice and supports the delivery of privacy governance processes, conducts assessments, and collaborates with business stakeholders across IAG Transform and the IAG Operating Companies (OpCos) to embed privacy principles throughout operational activities.
The role is part of the IAG Transform Legal and Ethics & Compliance team, based in London and Krakow.
The IAG Transform Legal and Ethics & Compliance team is part of the wider IAG Group Legal function with lawyers, ethics & compliance and data privacy experts in London, Madrid, Barcelona, Dublin, New York and Krakow.
responsibilities :
On-going privacy compliance advisory and support to internal stakeholders, including IAG Transform DPO, monitor regulatory developments, promote privacy‑by‑design and privacy-by-default principles in the organisation.
Review and negotiate privacy‑related contractual terms (e.g., DPAs, SCCs, third-party system/network access agreements etc.) and support third‑party privacy risk evaluation.
Conduct DPIAs and privacy risk assessments, manage data subject requests, and support incident/data breach handling.
Maintain and update privacy documentation, including RoPA, policies, procedures, and other data privacy compliance records.
Deliver privacy training and awareness initiatives, develop educational materials, and contribute to knowledge-sharing activities.
Liaison/co-ordination with IAG Legal Department and IAG OpCos privacy teams in relation to jointly delivered projects and activities as required.
Development and enhancement of data privacy contract templates (e.g. DPAs, SCCs), alongside ongoing collaboration with Legal and Ethics & Compliance, Procurement and Technology teams to digitise, innovate and streamline privacy‑related workflows and ways of working.
requirements-expected :
Qualified Lawyer or higher education in cybersecurity, compliance, or a related field.
At least 2 years of experience in a similar data privacy role.
Strong knowledge of EU/UK GDPR and other data protection standards.
Ability to translate legal or regulatory requirements into practical, business‑oriented guidance.
Fluent English written and spoken.
Experience of working with English language and English law contracts.
Highly effective communication and influencing skills.
Negotiating skills.
Strong analytical thinking and ability to work in complex, dynamic environment.
offered :
The chance to enjoy a challenging career in an exciting, fast-moving environment in a dynamic industry.
The opportunity to work in a multi-cultural environment with great offices in many locations. We aim to provide all our people with a work/life balance, as well as the many benefits offered by a global organisation, including health insurance, pension and performance bonuses.
We are an equal opportunities employer and all qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, national origin, disability status, protected veteran status, or any other characteristic protected by law.
