Job Description
About the role
The Data Protection Officer (DPO) is responsible for overseeing and ensuring Swish World Group’s compliance with the General Data Protection Regulation (GDPR) and applicable European data protection laws. Reporting to the Group Chief Compliance & Risk Officer (CCRO) and working closely with Legal, Security, and Technology leadership, the DPO acts independently to monitor compliance, advise the organisation, and serve as a point of contact for supervisory authorities and data subjects.
This role requires independence, expert knowledge of GDPR, and practical experience operating in a complex, multi-jurisdictional, remote-first organisation.
Key Responsibilities
GDPR Oversight & Advisory
Monitor and advise on compliance with GDPR and related European data protection laws
Inform and advise management and staff of their obligations under data protection law
Provide guidance on lawful processing, data minimisation, and privacy-by-design principles
Governance, Policies & Documentation
Maintain and oversee GDPR documentation, including records of processing activities (RoPA)
Develop, review, and update data protection policies and procedures
Advise on data protection impact assessments (DPIAs) and risk mitigation measures
Supervisory Authority & Data Subject Liaison
Act as the primary contact point for supervisory authorities within the EU/EEA
Handle data subject requests (DSARs) and related communications
Support regulatory inquiries, investigations, and audits
Incident & Breach Management
Advise on personal data breaches and notification obligations
Work closely with Security and Legal on breach response and remediation
Ensure breach documentation and reporting timelines are met
Monitoring, Training & Awareness
Monitor compliance through reviews, audits, and assessments
Develop and deliver GDPR training and awareness programmes
Promote a strong culture of data protection and privacy awareness
Expectations
Operate independently in accordance with GDPR Article 38
Avoid conflicts of interest and maintain professional objectivity
Communicate clearly and effectively with technical and non-technical stakeholders
Maintain strict confidentiality and professional integrity
Requirements
Experience
Proven experience acting as a Data Protection Officer or senior GDPR/privacy specialist
Experience advising organisations operating across multiple EU/EEA jurisdictions
Hands-on experience with DPIAs, RoPA, DSARs, and breach management
Experience in technology, telecommunications, SaaS, or digital services environments preferred
Skills
Expert-level knowledge of GDPR and European data protection law
Strong analytical, advisory, and documentation skills
Ability to work independently and assertively at senior levels
Excellent written and verbal communication skills
Ability to operate effectively in a remote, international environment
Qualifications
Degree in Law, Information Security, Privacy, or a related field (or equivalent experience)
Recognised privacy certification (e.g. CIPP/E, CIPM, or equivalent) strongly preferred
Job Tags
Full time,