Operational Compliance Specialist

HighlightTA

Operational Compliance Specialist at Certn focusing on EMEA privacy compliance and regulatory requirements. Responsible for managing subprocessors, data retention, and client privacy communications.

Posted 6/25/2026full-timeRemote • 🇬🇧 United KingdomMid-LevelSenior💰 £28,880 - £36,100 per yearWebsite

About the role

Key responsibilities & impact

Maintain the subprocessor register; manage the end-to-end process for reviewing, onboarding, and notifying clients of subprocessor changes in line with contractual and regulatory obligations.
Administer data retention schedules - tracking retention periods by data category and jurisdiction, coordinating deletion and archiving activities, and maintaining supporting documentation.
Support access control compliance, including maintaining records of data access permissions and assisting with periodic access reviews.
Own the end-to-end Data Subject Access Request (DSAR) intake process ensuring accurate request tracking, seamless coordination across internal stakeholders, and timely fulfillment in compliance with regulatory requirements and response deadlines.
Support the privacy office in monitoring and testing activities and audits, notably by ensuring proper documentation and tracking of the controls and related findings.
Ensure that compliance documentation remains up-to-date and support the management and handling of any relevant registries of processing activities and risks assessments.
Act as a first point of contact for client and applicant compliance queries relating to privacy and EMEA regulatory matters, triaging straightforward requests independently and escalating complex or legally sensitive issues to Senior Counsel as appropriate.
Prepare and issue subprocessor update notices and other privacy-related client communications.
Maintain client-specific compliance records relating to data processing agreements and privacy obligations.
Track EMEA jurisdiction-specific reporting requirements and filing deadlines; coordinate preparation in support of the Senior Counsel, Privacy and Senior Compliance Officer.
Maintain the EMEA compliance calendar and assist with regulatory correspondence.
Support credentialing and onboarding/offboarding compliance processes for EMEA clients and vendors.
Apply a working knowledge of regulated criminal-record screening across the UK disclosure regimes (DBS, Disclosure Scotland, and AccessNI), including the distinct check levels available under each and the eligibility rules that govern which level a given role qualifies for.
Understand Certn's obligations when acting as, or supporting clients who rely on, a registered body, umbrella body, or responsible organisation, including the duty to confirm role eligibility, verify applicant identity, and handle disclosure results in line with each agency's code of practice.
Audit screening files for eligibility accuracy and procedural compliance, and prepare first-line responses to client and regulator inquiries about how a check was scoped, processed, and stored, escalating substantive legal questions to the Senior Counsel, Privacy and Senior Compliance Officer.
Apply the data-protection rules that sit alongside the disclosure regimes, including the handling, retention, and secure destruction of criminal-record data as criminal offence data under UK GDPR and the Data Protection Act 2018.
Maintain process documentation for privacy and EMEA compliance workflows
Act as a liaison to Operations for privacy-adjacent process design and workflow improvements
Triage and manage Jira tickets relating to privacy and EMEA compliance matters

Requirements

What you’ll need

Post-secondary education in a related field or an equivalent combination of education and professional experience.
Practical working knowledge of GDPR and data subject rights processes, including experience engaging with regulatory or quasi-governmental bodies such as the ICO, a privacy commissioner, or equivalent authority.
Highly organized with exceptional attention to detail and the ability to manage multiple priorities, deadlines, and regulatory requirements across different jurisdictions.
Excellent written and verbal communication skills.
Ability to maintain discretion and confidentiality at all times.
Comfortable working across compliance, operations, and client-facing functions
Professional privacy certification through the International Association of Privacy Professionals (IAPP), such as CIPT or CIPP/E, is considered a strong asset.
Comfortable using AI tools (e.g., Claude) to support day-to-day tasks such as drafting communications, summarising regulatory guidance, and improving workflow efficiency

Benefits

Comp & perks

20 days of annual leave to start, plus up to 3 additional Performance Days
Company-paid benefits
Remote-friendly and supportive flexible remote arrangements
Work-from-home allowance
Professional development budget
And a few more goodies!

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GDPRdata subject rights processesdata retention schedulesaccess control complianceData Subject Access Request (DSAR)criminal-record screeningdata protection rulescompliance documentationregulatory correspondenceprocess documentation

Soft Skills

highly organizedattention to detailability to manage multiple prioritiesexcellent written communicationexcellent verbal communicationdiscretionconfidentialityclient-facing skillsliaison skillsworkflow improvement

Certifications

CIPTCIPP/EInternational Association of Privacy Professionals (IAPP)