Data Privacy and Classification Officer

Creating a future worth living for future generations gets us out of bed every morning. Depending on the project, we are consultants, implementers, or both for sustainable, innovative and economical solutions for real estate, industry, energy and infrastructure. Our more than 6,000 employees at 63 locations worldwide support our customers in interdisciplinary teams. Our thinking is both visionary and realistic. We work independently and as part of a team. With passion and the latest technologies. We unite. Join us at Dreso and let’s create a world we want to live in.

The Data Protection & Classification Officer is responsible for implementing, improving and maintaining the organization’s data protection, data governance, and information classification framework. This role ensures that data is handled in accordance with legal, regulatory, and internal security requirements, while enabling secure and efficient business operations. The officer supports head of GRC in collaboration with cybersecurity, legal, compliance, IT, and business units to drive consistent data protection practices across the enterprise.

The Data Privacy and Classification Officer is a professional with extensive expertise in Data Privacy Governance, Risk, and Compliance (GRC), bringing a deep understanding of global data privacy frameworks, regulations, and best practices. With a strong track record in executing compliance programs and embedding data privacy controls within large‑scale and multinational environments, this role supports Drees & Sommer’s mission to ensure regulatory compliance, business continuity, and long‑term data privacy and information security maturity. Support yearly internal and external assessment and audit programme in alignment with the head of the department. Support the development, implementation and maintenance of the company’s GRC framework.

• Data Protection Governance
• Develop, maintain and enforce policies, standards and procedures related to data protection and information classification.
• Ensure compliance with relevant regulations (e.g., GDPR, national and international privacy laws) and industry frameworks (ISO/IEC 27001, TISAX, NIST).
• Conduct impact assessments (e.g., DPIAs) and advise on data handling best practices.
• Information Classification & Handling
• Define and maintain the organization’s data classification scheme and associated handling requirements.
• Coordinate classification of new and existing data assets across systems and business processes.
• Provide guidance and tooling for labelling, tagging and securing sensitive data.
• Knowledge and experience implementing Data Governance and Compliance with Microsoft Purview.
• Lifecycle & Data Governance Management
• Support data owners and business units in identifying, mapping and documenting personal and sensitive datasets.
• Define retention, deletion and archival requirements aligned with legal and business needs.
• Oversee implementation of data minimisation and “privacy‑by‑design” principles.
• Monitoring, Reporting & Risk Management
• Monitor compliance with data protection and classification rules.
• Identify, assess and report data protection risks to relevant stakeholders.
• Support incident response related to data breaches or data loss—including documentation, remediation and lessons learned.
• Awareness & Training
• Develop and deliver training programs on data protection, secure handling and classification requirements.
• Serve as the subject matter expert (SME) for questions related to data governance and classification.
• Collaboration & Advisory
• Work closely with Cyber Security, Data Governance, Legal and Compliance teams.
• Provide input for technical solutions such as DLP, access controls, encryption, data discovery and classification tools.
• Participate in audits and support responses to regulatory inquiries.

• Strong understanding of data lifecycle, protection mechanisms and cybersecurity controls.
• Knowledge of relevant frameworks (GDPR, NIST Privacy Framework, ISO 27001/27701, TISAX).
• Familiarity with technical tooling (DLP, CASB, data discovery, encryption tools, etc.).
• Excellent communication, documentation and stakeholder management skills.
• Ability to work across business units and manage complex topics with clarity.
• Proficiency in policy and process implementation.
• Strong writing and documentation skills.
• Awareness of operational security practices in IT and industrial environments.
• Strong analytical thinking and attention to detail.

• CIPP/E, CIPM, CIPT.
• Microsoft Azure / Microsoft Purview.
• Good knowledge of GDPR and other international data privacy standards.
• Good knowledge of ISO 27001/27701/22301.

• To ensure your work‑life balance, we offer the option of mobile working.
• We promote your professional and personal development through individual training and further education at the Drees & Sommer Academy.
• We support your health with a bonus for sports enthusiasts. We offer the possibility of subscribing to a private health insurance policy.
• Employees benefit from tax advantages related to their commuting expenses for the office.
• Fiscal advantages for employees’ expenses in meal costs during the work time. Employee referral program with an attractive bonus scheme.
• Supporting career and family by receiving tax benefits for kindergarten expenses.