[Hiring] Privacy & Compliance Specialist @Certn

Role Description

The Privacy & Compliance Specialist, EMEA is responsible for supporting Certn’s UK and EMEA privacy and regulatory compliance program for background screening services. In this role, you’ll help manage privacy rights requests, maintain compliance documentation, support screening-specific regulatory requirements, and provide practical support to internal teams and customers.

You’ll work under the direction of our Global Privacy Officer, partnering with Legal, Security, Operations, Customer, and Go-to-Market teams. This role is hands-on and detail-oriented, with a strong focus on helping Certn meet its obligations under UK GDPR, EU GDPR, applicable EMEA privacy and data protection laws, and background screening requirements connected to DBS, Disclosure Scotland, AccessNI, and other relevant regional regulatory bodies.

This is a great opportunity for someone with privacy, data protection, or regulatory compliance experience who wants to deepen their expertise in a high-growth technology company operating in a highly trusted and regulated space.

This position follows standard business hours in the UK/EMEA time zone. Given our globally distributed team, some flexibility may be required to accommodate collaboration across Pacific and GMT time zones.

This is a live role and we are planning to fill it as soon as possible.

What You’ll Be Doing (and Crushing)

• Data Protection & Privacy
  • Support Certn’s UK and EMEA privacy compliance activities under UK GDPR and EU GDPR.
  • Assist with end-to-end data subject access requests, deletion requests, and related privacy rights requests.
  • Maintain and update privacy documentation, including Records of Processing Activities, DPIA materials, cross-border transfer documentation, and records related to special category data such as criminal records and biometrics.
  • Coordinate responses where Certn acts as a processor, in accordance with customer instructions, applicable data processing agreements, and internal escalation procedures.
• Background Screening Regulatory Compliance
  • Support Certn’s compliance framework for certain criminal record disclosure services, including DBS, Disclosure Scotland, and AccessNI requirements.
  • Help maintain documentation related to umbrella or registered body obligations, eligibility rules, consent frameworks, and permissible checks by jurisdiction.
  • Create and maintain customer-facing and internal guidance on screening-specific compliance requirements.
• Client-Facing Compliance & Advisory Support
  • Support responses to client inquiries on data handling practices, lawful bases for processing, and screening regulatory requirements.
  • Assist with RFPs, due diligence questionnaires, and compliance-related customer requests using approved materials and guidance.
  • Help coordinate client-reported data incidents involving Certn's processing, escalating complex or high-risk matters as appropriate.
• Incident Response & Breach Management Support
  • Support regional personal data incident and breach assessment activities, including intake, fact-gathering, documentation, escalation, and follow-up.
  • Partner with Privacy, Legal, Security, and Operations teams to support containment and regulatory notification analysis under UK GDPR and EU GDPR.
  • Help maintain regional breach response materials and process documentation.
• Training, Awareness & Continuous Improvement
  • Support the development and delivery of data protection and compliance training tailored to UK/EMEA operations.
  • Create and maintain internal guidance materials for teams handling criminal records, biometric data, and other sensitive information.
  • Support external audits and accreditations, including ISO 27001, ISO 9001, and PBSA-related activities.
  • Assist with internal compliance audits, sub-processor compliance documentation, regulatory tracking, and process improvements.

Qualifications

• Some previous experience in data protection, privacy, regulatory compliance, legal operations, risk, audit, or a related function.
• Previous experience and practical exposure to UK/EU GDPR, privacy rights requests, compliance documentation, or data protection processes.
• Strong written and verbal communication skills, with the ability to explain privacy and compliance concepts clearly to both technical and non-technical audiences.
• Strong attention to detail, organization, documentation, and follow-through.
• Sound judgment when handling sensitive information, identifying risk, and escalating issues appropriately.
• Experience supporting DSARs, deletion requests, privacy rights requests, or data breach response activities.
• Ability to work cross-functionally with Legal, Security, Operations, Customer, Product, and Go-to-Market teams.
• Comfort working in a fast-paced, high-growth technology environment where priorities can shift and processes continue to evolve.
• Post-secondary education in law, business, compliance, privacy, public policy, or a related field, or equivalent practical experience.

Bonus Points

• CIPP/E, CIPM, ICA, or equivalent privacy or compliance certification.
• Experience in background screening, employment screening, identity verification, HR technology, SaaS, or another regulated technology environment.
• Familiarity with DBS, Disclosure Scotland, AccessNI, criminal records processing, biometric data, or employment screening compliance.
• Familiarity with ISO 27001, ISO 9001, PBSA, customer due diligence, RFPs, or regulatory inquiries.
• Prior interaction with the ICO, EU supervisory authorities, auditors, or external advisors.

Benefits

• Private health and dental insurance
• Benefits start on the 1st of the month following start date
• Flex Allowance: £325 per year
• Professional Development: £650 per year
• Work From Home Stipend: £325 to get your home office setup as needed
• Digital Nomad Policy
• Pension through Aviva

Company Description

We’re a remote-first company with a high-performance edge. We value hustle, hunger, and helping each other win - but we also have a strict no-jerk policy. Ambition here is about lifting people up, not stepping on toes.

We think like owners and execute with urgency.

We’re customer-obsessed and always learning.

We give real feedback and hold each other to high standards.