Data Privacy Manager; Europe

Position: Data Privacy Manager (Europe)
Location: Town of Belgium

Lloyd’s is the world’s leading insurance and reinsurance marketplace. We share the collective intelligence and risk sharing expertise of the market’s brightest minds, working together for a braver world.

Our shared values: we are brave; we are stronger together; we do the right thing; guide what we do and how we act. If you share our values and our passion to build a future that’s more sustainable, resilient and inclusive, you’ll find a home at Lloyd’s – build a braver future with us.

Lloyd’s Europe (also known as Lloyd’s Insurance Company) is seeking to recruit a Data Privacy Manager(Europe) based within the EU ideally within one of our regional office Belgium, Netherlands, Ireland or Sweden.

As part of the Corporate & Legal (C&L) team and the Data Protection Centre of Excellence (DPCE), the Data Privacy Manager Europe supports the Deputy CEO/General Counsel’s reporting line and LIC staff, including the colleagues in the EU branches, in ensuring that personal data is processed in compliance with applicable data protection laws and internal procedures.
** Principal Accountabilities
*** Own and continuously evolve the company’s data protection framework by defining, maintaining, and embedding GDPR-by-design principles across policies, procedures, and guidance, ensuring consistent implementation and alignment with regulatory expectations and business strategy.
* Act  as  a  senior  data  protection  advisor  to  business  leadership,  European  Offices,  and  key stakeholders by independently resolving complex privacy matters, providing authoritative guidance on GDPR interpretation, and driving a strong and sustainable data protection culture across the organisation.
* Lead  and  govern  the  Data  Protection  Champion  network,  setting  expectations  and  priorities, chairing  Quarterly  Data  Protection  Forums,  overseeing  the  quality  and  completeness  of  the  4-monthly assessment done in One Trust,
* Act as the accountable system owner for One Trust, with responsibility for governance, data quality, user access, and ongoing optimisation of the tool.
* Own the coordination and tracking of privacy audit remediation, proactively monitoring progress, challenging business owners where actions are delayed or insufficient, and providing management-level reporting on closure status and residual risk.
* Lead the drafting, review, and approval of non-contractual and contractual privacy documentation, including  Privacy  Notices,  and  provide  senior-level  input  on  privacy-related  clauses  in  supplier, outsourcing and intra-group agreements, including international data transfer arrangements.
* Provide subject-matter leadership on international data transfers, including defining the approach to Transfer Impact Assessments (TIAs), reviewing high-risk transfers, and advising the business on risk-based mitigation measures in line with evolving regulatory guidance.
* Own  and  monitor  operational  privacy  risk  management,  including  validating  data  protection  risk assessments within the RCSA Corestream, challenging inputs from Data Protection Champions, and escalating material risks to appropriate governance forums.
* Lead  and  have  the  operational  oversight,  coordination,  and  quality  assurance  of  Data  Subject Access Requests (DSAR’s) and other data subject rights requests and keeping the DSSR register updated
** Skills Knowledge and Experience
*** In-depth knowledge of GDPR and data protection principles, with the ability to interpret regulatory requirements independently and apply them pragmatically across complex business and operational scenarios.
* Working knowledge of core data protection processes, including DPIAs and DTIAs, with the ability to assess risk, challenge assumptions, and ensure appropriate documentation and mitigation measures are in place.
* Clear understanding of data-subject rights obligations and workflows, including the ability to advise on complex or sensitive requests and ensure compliant handling across the organisation.
* Solid knowledge of GDPR-related contracting requirements, including privacy clauses, data-processing  agreements,  and  international …