Privacy Operations Analyst

The Role:

As a Privacy Operations Analyst at TravelPerk, you will be instrumental in building, simplifying, and scaling our privacy program while driving our privacy operations strategy. You’ll streamline the complexities of privacy, AI, cybersecurity, and data governance regulation into practical, actionable guidelines that ensure effective risk management and continuous improvement of our privacy program. You will leverage cutting-edge technology to create user-friendly automated workflows that drive innovation and maintain product development velocity, all while ensuring the protection of personal data and regulatory compliance.

Additionally, you will have the opportunity to help shape and develop a world class privacy function. You will report to the Legal Manager, Privacy and also collaborate closely with the Privacy Counsel & DPO.

Location: Barcelona / Berlin 

What will you be doing?

• Assist in the development and execution of policies, procedures, and controls to ensure compliance with GDPR, CCPA, EU AI Act, and other relevant regulations. Review and update the ROPA to reflect evolving requirements.
• Work with Data, Engineering, and Security teams to implement privacy governance protocols, acquire governance tools, and integrate privacy-enhancing technologies (PET).
• Develop and automate privacy processes, including Data Protection Impact Assessments (DPIAs), consent lifecycle management, and adherence to data retention policies. Respond efficiently to data subject requests and coordinate responses to privacy and AI incidents.
• Track and report privacy metrics, trends, and risks. Develop and implement training, communication strategies, and resources like TravelPerk’s Trust Center to share privacy knowledge and strengthen the privacy culture within and outside the organization.

What capabilities will help you succeed?

You’ll have a solid background in privacy, data protection, and risk management, combined with a passion for developing innovative solutions to implement privacy requirements effectively in a fast-paced, technology-driven organisation.  

During our interview process, we’ll also look for your ability to demonstrate specific competencies which derive from TravelPerk’s values, as outlined in the table below. The winning candidate will have particularly brilliant responses ready in relation to the Seven Star Service attributes.

Impact over Effort

• Prioritization: You regularly review your workload and manage to concentrate your efforts on the most impactful matters for TravelPerk's mission and Vision. You're realistic, and don't overpromise.
• Organization: You focus on the big wins and own your workflow.
• Creativity: You continually communicate great ideas, valuing ambition over ease of implementation. In seemingly intractable situations, you can find resolution pathways.

7* Service 

Proactivity:

• • You anticipate customer needs and find ways to accelerate business growth.
  • You always prioritize the needs of our clients and customers, moving at speed.
  • You can sustain delivery in a hyper-speed working environment while maintaining your wellbeing.

Accountability:

• • You act as an owner, taking an active role in project reviews.
  • You propose ways for TK to be more effective in the future without apportioning blame.

Innovation:

• • You do things differently and love innovation in problem-solving and process delivery.
  • You think about the future and continuously seek innovative solutions.

We Are a Team

• Collaboration: You encourage innovation within teamwork and challenge the status quo among your working group. You work to understand the needs and expectations of progressive in-house teams' customers.
• Honesty: You share your failures with your team to humanise failure, coach, and increase awareness. You communicate transparently—up, down, and across—and form relationships that emphasise directness with people in your workplace.
• Communication: You enter conversations with a flexible and open mind, being open to listening to and understanding other people's points of view rather than simply getting your message across.

Be a Good Person

• Continual Growth: You are ambitious to level up yourself and hold the people around you accountable. You constantly seek new opportunities and don't just wait for things to happen.
• Curiosity: Your curiosity drives you to explore and improve processes and products, recognising that sometimes this may mean removing or cancelling a process. You share your influences and inspirations with your peers, fostering collaboration and cooperation within the team.
• Integrity: You build trust-based relationships with all TravelPerk stakeholders and always give credit where it's due

What will the role entail?

• Assist in implementing and maintaining TravelPerk’s global privacy and AI governance programs, including policies, procedures, and controls to ensure compliance with GDPR, CCPA, EU AI Act, and other relevant regulations.
• Maintain and improve the Privacy team’s technology tooling stack, ensuring efficiency and alignment with our mission to demystify privacy requirements.
• Oversee consent lifecycle management processes to ensure proper consent practices.
• Develop and implement communication strategies and training initiatives to foster a culture of privacy protection within TravelPerk.
• Support data governance protocols, collaborating with the Data, Engineering, and Security teams to acquire the right governance tools.
• Develop and automate workflows for privacy processes, including Data Protection Impact Assessments (DPIA) procedures, to streamline our program and support TravelPerk's mission of connecting people in real life in the most enjoyable and sustainable way possible.
• Ensure adherence to data retention and deletion policies.
• Respond to data subject requests (DSRs) efficiently and securely.
• Coordinate responses to privacy and AI incidents and breaches, minimizing risks and ensuring timely resolution.
• Track, analyze, and report meaningful privacy metrics, patterns, and trends to guide decision-making.
• Maintain and update privacy and AI risk registers regularly, ensuring accurate tracking of risks.
• Collaborate with Security, Engineering, and other departments to integrate privacy by design into product development, business operations, and marketing activities, and assist in the implementation and upkeep of privacy-enhancing technologies (PET).
• Ensure privacy guidelines, and other knowledge resources are clear, practical, up-to-date, and aligned with the latest regulatory updates in collaboration with the Privacy Counsel and Data Protection Officer.
• Create and maintain privacy products and resources, such as our Trust Center, to effectively share privacy knowledge with both internal and external customers.
• Review and update ROPA (Record of Processing Activities) to ensure compliance with evolving regulations.
• Conduct vendor due diligence and review Data Processing Agreements (DPA) with TravelPerk's suppliers to ensure third-party compliance with privacy requirements.

Where will the role take you?

We believe passionately in the importance of growth and development for our team members; and that everyone is entitled to a job from which they derive high levels of personal satisfaction. Talented and driven people are entitled to expect employers to offer an employee value proposition which offers continual levelling up.

This role will provide you with exceptional experience of working in a fast scaling, global tech (and specifically SaaS) business.  You will develop the tools and techniques to deliver internal privacy capability at scale which subverts the expectations of stakeholders regarding privacy law (i.e. that it is bureaucracy) and drives tangible business outcomes - while also reflecting our company’s values of providing seven star service, and not being assholes in how we handle personal data.

In terms of promotions, the next layer up from Privacy Operations Specialist is Senior Privacy Operations Specialist.  We are not hiring in this layer currently, and do not expect to hire “over your head”; instead, we are looking for you to grow and scale capability in your areas of expertise.  To successfully advance to the next tier, it is crucial to focus on two key aspects: establishing a robust supply chain that prioritises privacy-centric insights for product improvement, and adaptability to swiftly address and offer scalable, business-driven solutions in the face of an ever-evolving regulatory landscape.

TravelPerk will offer you as much latitude as you want in order to deliver the best possible outcomes for your customers; and micromanagement/ layers of bureaucracy are not part of that process.  We are committed to equipping you with the necessary resources to establish a world-class data privacy and protection culture. Your efforts will contribute to the growth and prominence of your professional profile as a leading expert in the privacy field. 

Join us as we revolutionize privacy practices in the travel industry and shape the future of data protection!

Essentials

• Experience driving operational initiatives within a global privacy team in a technology environment.
• Experience working with fast-paced engineering/product development teams.
• Solid knowledge of global privacy, cybersecurity and AI regulations, such as GDPR, CCPA, EU AI Act, NIS2, DORA, and other regional laws in those fields.
• Familiarity with privacy and AI frameworks and standards, such as ISO 27701, 23894 and 42001, NIST Privacy and AI Risk Management frameworks, and Privacy by Design (PbD) principles.
• Proficiency in privacy management tools and technologies. Familiarity with data governance tools, consent management platforms, and privacy-enhancing technologies (PETs) is desirable.
• Strong understanding of data management principles, including data discovery, mapping, retention, and deletion.
• Strong analytical skills for assessing privacy risks and experience supporting privacy impact assessments (PIAs) and data protection impact assessments (DPIAs).
• Experience managing privacy-related projects, including coordinating tasks, setting timelines, and ensuring deliverables are met on schedule. Project management certifications or experience with project management methodologies such as Agile or Scrum may be advantageous.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively with cross-functional teams.
• Strong analytical and problem-solving abilities, with a keen attention to detail.
• Relevant privacy certifications, such as Certified Information Privacy Professional (CIPP), Certified Information Privacy Manager (CIPM), or Certified Information Privacy Technologist (CIPT), are desirable.

It is not necessary for you to hold a legal (or any other) degree in order to apply for this position (though of course it is not harmful to your prospects if you do have a degree!). We are interested in your practical abilities, not your “book smarts”.

To all candidates: we encourage individuals who possess a genuine passion for learning and growth, even if they do not meet every requirement listed, to apply for this role. We firmly believe in providing opportunities for motivated individuals to expand their skills and thrive within our team.

Where will the role take you?

At TravelPerk, we believe in the importance of growth and development for our team members, ensuring high levels of personal satisfaction. Talented and driven individuals can expect an employee value proposition that offers continual advancement. In this role, you will gain exceptional experience working in a fast-scaling, global tech (specifically SaaS) business. You'll develop tools and techniques to deliver legal capability at scale, exceeding stakeholder expectations and driving tangible business outcomes.

Promotion opportunities include advancing from Privacy Operations Analyst to Senior Privacy Operations Analyst.  We are not hiring in this layer currently, and do not expect to hire “over your head”; instead, we are looking for you to grow and scale capability in your areas of expertise.  To successfully advance to the next tier, it is crucial to focus on two key aspects: establishing a robust supply chain that prioritises privacy-centric insights for product improvement, and adaptability to swiftly address and offer scalable, business-driven solutions in the face of an ever-evolving regulatory landscape.

We offer you the freedom to achieve the best outcomes for your customers without micromanagement or excessive bureaucracy. Join us as we revolutionise privacy practices in the travel industry and shape the future of data protection!