Data Privacy Analyst

Keen to become part of a truly global, collaborative team of professionals? Your journey begins here.

Data Privacy Analyst

Global Privacy Office

London or Birmingham

Senior Manager, Data Protection Compliance and DPO

35 hours per week, 9:30am to 5:30pm but additional hours may be required. We are happy to consider agile and flexible working patterns. Our approach to hybrid working allows for up to 40% of time working from home and 60% working in the office,please contact a member of the recruitment team to discuss further.

Hogan Lovells is one of the leading global law firms. Our distinctive market position is founded on our exceptional breadth of our practice, on deep industry knowledge, and on our 'one team' global approach. Formed through the combination of two top international law firms, Hogan Lovells has over 40 offices in the Americas, Asia‑Pacific, Europe, the Middle East and Africa.

With a presence in the world's major financial and commercial markets, we are well placed to provide excellent business‑oriented advice to our clients locally and internationally. Our people are the key to our success, which is why we seek to recruit and retain the most talented individuals in all regions of our global practice.

In the UK Hogan Lovells has offices in Birmingham and London. The Birmingham office opened in 2015 and has a number of practice areas including Corporate/Commercial, Disputes, Finance and Real Estate, as well as our Legal Delivery Centre and Business teams.

The General Counsels’ office is legal counsel to the firm. We are involved with all legal matters relating to conflicts, ethics, engagement terms and business intake; compliance with law and legal requirements in all of our jurisdictions; interactions with regulators; general firm policies; risk management and matters affecting the reputation of the firm; and legal issues in the business of the firm such as contracts and agreements.

We are seeking a meticulous and experienced Data Protection Analyst to join our dynamic internal Global Privacy Office. In this pivotal role, you will be responsible for evaluating and ensuring our organization’s internal privacy practices, comply with regulatory requirements and industry standards, including, but not limited to, the EU General Data Protection Regulation (GDPR), the EU AI Act, the California Consumer Privacy Rights Act (CCPA), and the Health Insurance Portability and Accountability Act (HIPAA).

As a Data Protection Analyst, you will support our internal business teams and partners in responding to various data protection queries, support the completion of data privacy audits, and work to ensure operational business processes are compliant with data protection laws and regulations. In addition, you will support our third‑party risk management program, work as a project manager on various special tasks, such as dashboard analytics and KPI/KRI tracking.

• Maintain dashboard analytics that track various KPI and KRIs via Smartsheets and One Trust.
• Conduct comprehensive reviews of data protection policies, procedures, and processes, and recommend improvements.
• Identify potential vulnerabilities and risks in data handling practices. Track their remediation and mitigation.
• Conduct data protection impact assessments for high‑risk processing activities and monitor their remediation actions.
• Maintain and update the firm’s records of processing activities and related documentation.
• Assist with client audits and third‑party vendor risk reviews from a privacy perspective.
• Provide guidance and training to staff on data protection best practices and compliance requirements.
• Collaborate with stakeholders to implement correct actions and enhance data protection across the firm.
• Manage special projects assigned by the Chief Privacy Officer.

Specific duties or responsibilities may be reviewed from time to time to reflect changes in personnel and management structure, staff location or services.

All members of the firm participate in our Responsible Business program.

• At least five years’ experience in data privacy, data risk, data management, AI, data analytics, and data protection fields, but also willing to consider those transitioning from other relevant sectors.
• Proven experience in data protection fields, with a strong understanding of data protection laws and regulations, including the General Data Protection Regulations (GDPR), the EU AI Act, Health Insurance Portability and Accountability Act (HIPAA), and the California Consumer Privacy Rights Act (CCPA).
• Data Analytics.
• Previous work experience at matrixed law firms, banks, insurance companies, or accounting firms is desirable.
• Experience with requirements gathering, analysis, and recommendations development.
• Experience in reviewing policies and technical requirements from the user perspective, providing a pragmatic approach to improving privacy by design requirements.
• Familiarity with industry standards and frameworks related to data protection and privacy, including those that address AI‑specific considerations (e.g., NIST, ISO, Fed Ramp).
• Experience in effectively communicating with both technical and non‑technical roles.
• Experience with OneTrust, Smartsheets, and ServiceNow is preferred.
• Preferences provided to individuals holding IAPP certifications (e.g.; CIPP‑E, CIPP‑US, AI‑G, or CIPT).
• Bachelor’s degree in legal studies, Computer Science, Information Technology, Executive Education, Corporate Communications, or related field.
• Experience in consulting and risk management preferred.

• Demonstrated project management planning and skills; ability to break down complex problems into manageable goals.
• Extremely organized and detail oriented.
• Excellent interpersonal skills, with the ability to build strong relationships with peers and executives.
• Outstanding oral and written communication skills.

Our goal is to embed flexibility across our business by giving everyone the opportunity to work in an agile way, whether as a regular pattern or on an ad hoc basis, and we will be happy to discuss this further.

It is the policy of Hogan Lovells to provide equal opportunities for all employees in relation to recruitment, training and promotion. Decisions in these areas will be made only by reference to the requirements of the job and shall not be influenced by any consideration of racial or ethnic origin, religion, sex, gender and gender identity, age, sexual orientation, marital and civil partnership status, pregnancy or disability.