Data Privacy and Classification Officer

The Data Protection & Classification Officer is responsible for implementing, improving and maintaining the organization’s data protection, data governance, and information classification framework. This role ensures that data is handled in accordance with legal, regulatory, and internal security requirements, while enabling secure and efficient business operations. The officer supports head of GRC in collaboration with cybersecurity, legal, compliance, IT, and business units to drive consistent data protection practices across the enterprise.

The Data Privacy and Classification Officer is a professional with extensive expertise in Data Privacy Governance, Risk, and Compliance (GRC), bringing a deep understanding of global data privacy frameworks, regulations, and best practices. With a strong track record in executing compliance programs and embedding data privacy controls within large-scale and multinational environments, this role supports Drees & Sommer’s mission to ensure regulatory compliance, business continuity, and long-term data privacy and information security maturity. Support yearly internal and external assessment and audit programme in alignment with the head of the department. Support the development, implementation, and maintenance of the company’s GRC framework.

Core Responsibilities

1. Data Protection Governance

• Develop, maintain, and enforce policies, standards, and procedures related to data protection and information classification.
• Ensure compliance with relevant regulations (e.g., GDPR, national and international privacy laws) and industry frameworks (ISO/IEC 27001, TISAX, NIST).
• Conduct impact assessments (e.g., DPIAs) and advise on data handling best practices.

2. Information Classification & Handling

• Define and maintain the organization’s data classification scheme and associated handling requirements.
• Coordinate classification of new and existing data assets across systems and business processes.
• Provide guidance and tooling for labelling, tagging, and securing sensitive data.
• Knowledge and experience implementing Data Governance and Compliance with Microsoft Purview.

3. Lifecycle & Data Governance Management

• Support data owners and business units in identifying, mapping, and documenting personal and sensitive datasets.
• Define retention, deletion, and archival requirements aligned with legal and business needs.
• Oversee implementation of data minimization and “privacy-by-design” principles.

4. Monitoring, Reporting & Risk Management

• Monitor compliance with data protection and classification rules.
• Identify, assess, and report data protection risks to relevant stakeholders.
• Support incident response related to data breaches or data loss—including documentation, remediation, and lessons learned.

5. Awareness & Training

• Develop and deliver training programs on data protection, secure handling, and classification requirements.
• Serve as the subject matter expert (SME) for questions related to data governance and classification.

6. Collaboration & Advisory

• Work closely with Cyber Security, Data Governance, Legal, and Compliance teams.
• Provide input for technical solutions such as DLP, access controls, encryption, data discovery, and classification tools.
• Participate in audits and support responses to regulatory inquiries.