Privacy & Data Protection Senior Analyst

A Privacy & Data Protection Senior Analyst is a key member of the Europe Privacy Office supporting the Head of Consumer Data Privacy in upholding PepsiCo’s privacy and data protection compliance policies, principles and standards across all functions in Europe & UK GDPR markets.

• Drafting and completing PIAs and DPIAs autonomously and providing privacy advice on new and retrospective business projects;
• Providing timely and appropriate response to Consumer Data Subject Requests;
• Leading on our cookie compliance activities and auditing cookie and similar technologies deployed by our sites and apps;
• Supporting the management and ongoing development of the PepsiCo Europe Data Privacy framework and standards;
• Leading on large scale cross functional privacy improvement initiatives;
• Supporting the Europe Privacy Team in reviewing our online training and providing team-specific training to upskill key areas of the business on data privacy matters;
• Drafting, reviewing and updating internal policies, procedures and guidance materials;
• Working closely with our Global Privacy, Legal, InfoSec, Commercial and other business teams.

Competencies / skills required:

• Ability to identify potential risks and proactively devise creative solutions to address emerging challenges;
• Expert knowledge of the GDPR, ePrivacy directive and future legislation around data privacy, security and protection;
• Demonstrable experience writing reports for and presenting to senior stakeholders;

Experience required:

• Prior experience in the Data Protection/Privacy team of a large multinational organisation within an UK/EU country;
• Prior experience evaluating and assessing privacy risks relating to consumer facing businesses / tech platforms;
• Minimum 3 years previous experience interpreting and applying the EU’s General Data Protection Regulation (GDPR);
• Fluency in English required. Fluency in other European languages a benefit;
• Holds or in working towards a relevant Privacy Certification (e.g. CIPM, CIPPE, and/or CIPT);
• (Desirable) Previous experience advising on global privacy compliance;
• (Desirable) Experience with Privacy Technology Platforms (e.g. One Trust, Securiti)

The ‘Internal Reporting Procedure’ for making reports of violations of the law and taking follow-up action in terms of the Law on Whistleblower Protection of June 14, 2024 is available at www.pepsicopoland.com under the Contact/Career tab.