Data Privacy Steward

Company description

Leo is a communications agency powered by its Human Kind operating system, with the belief that creativity, data and technology work together to transform human behavior and drive prosperity for clients. Part of Publicis Communications, Leo is one of the world's largest agency networks with 85 offices and more than 8,000 employees. The global agency works with some of the world's most valued brands including Aldi, Bank of America, Campbell's, Dunkin, Firestone, Jim Beam, Kellogg's, Nintendo, Tillamook and United Healthcare among others.

The Data Privacy Steward is responsible for supporting the data privacy program activities established by the Global Data Privacy Office (GDPO) and executed through the Global Data Privacy Operations (GDPOps) team. This role leads core data privacy activities within their agency and reports on key metrics to track program status and progress. The position requires coordination across all levels of the business, including (but not limited to) Client Services, Practice teams, and Finance.

The Data Privacy Steward works closely with the GDPOps team and the Data Privacy Program Lead. While this role reports to an agency leader, all work is functionally directed and overseen by the VP, Data Privacy Operations.

• Ensure the Data Privacy Steward appointment is formally announced across the agency.
• Serve as the primary point of contact for all privacy-related questions and issues.
• Support the Data Subject Access Request (DSAR) process—ensuring requests reach the correct departments, searches are completed, and findings are reported. Where applicable, ensure fulfillment of data subject rights (deletion, rectification, etc.).
• Attend all GDPOps-scheduled Data Privacy Steward meetings and contribute to discussions.
• Assist in coordinating local privacy training in partnership with GDPO and GDPOps.

• Support client-facing teams by ensuring timely responses to privacy-related inquiries following the Engagement Workflow.
• Coordinate resolution of client concerns—including questionnaires, assessments, audits, and informal questions—working with GDPOps, GDPO, GSO, and relevant business teams.
• Advocate for the agency’s needs to ensure teams can serve clients effectively and efficiently.

• Complete and maintain the client and services roster using the approved template, updating it as new clients onboard or transition out.
• Train Data Inventory respondents (with GDPOps support) to ensure readiness. Serve as the primary contact for respondent questions, addressing issues directly and escalating to GDPOps as needed.
• Track Data Inventory progress and escalate non-completion to appropriate leadership.

• Maintain an up-to-date roster of proprietary products and product owners.
• Ensure all proprietary products undergo required data privacy compliance assessments.
• Facilitate additional privacy and security reviews when necessary, including Data Privacy Impact Assessments (DPIAs).
• Submit completed DPIAs to GDPO for review and support the implementation of recommended actions.
• Promote Privacy-by-Design practices in product development and records retention.

• Using Personal Data Inventory submissions, maintain a list of all vendors processing personal data and requiring Vendor Due Diligence.
• Gather and maintain vendor contact information.
• Provide vendor details to GDPOps for assessment deployment and follow up with non-responsive vendors as requested.
• For in-scope vendors, coordinate with GSO to ensure required security reviews are completed.

• Solid understanding of fundamental data privacy concepts and familiarity with key global privacy legislation.
• Ability to quickly learn and adapt to new technologies, systems, and tools.

• Strong organizational and program management skills with the ability to manage multiple deadlines and deliverables.
• High attention to detail, analytical thinking, and problem-solving ability.
• Able to influence and drive accountability across teams.