Operational Compliance Specialist

About the role

Reporting directly to Senior Counsel of Privacy, the Operational Compliance Specialist will play a key part in Certn's privacy and EMEA compliance programs, by translating legal and regulatory requirements into reliable, repeatable operational processes. This role will focus on managing subprocessor compliance, data retention, client privacy communications, EMEA reporting obligations, and technical compliance. You will serve as a critical partner across the business, ensuring privacy-related processes are effectively implemented, maintained, and aligned with evolving regulatory requirements.

Responsibilities

• Technical Privacy Compliance
• Maintain the subprocessor register; manage the end-to-end process for reviewing, onboarding, and notifying clients of subprocessor changes in line with contractual and regulatory obligations.
• Administer data retention schedules - tracking retention periods by data category and jurisdiction, coordinating deletion and archiving activities, and maintaining supporting documentation.
• Support access control compliance, including maintaining records of data access permissions and assisting with periodic access reviews.
• Own the end-to-end Data Subject Access Request (DSAR) intake process ensuring accurate request tracking, seamless coordination across internal stakeholders, and timely fulfillment in compliance with regulatory requirements and response deadlines.
• Support the privacy office in monitoring and testing activities and audits, notably by ensuring proper documentation and tracking of the controls and related findings.
• Ensure that compliance documentation remains up-to-date and support the management and handling of any relevant registries of processing activities and risks assessments.
• Client Privacy Communications
• Act as a first point of contact for client and applicant compliance queries relating to privacy and EMEA regulatory matters, triaging straightforward requests independently and escalating complex or legally sensitive issues to Senior Counsel as appropriate.
• Prepare and issue subprocessor update notices and other privacy-related client communications.
• Maintain client-specific compliance records relating to data processing agreements and privacy obligations.
• EMEA Regulatory Operations
• Track EMEA jurisdiction-specific reporting requirements and filing deadlines; coordinate preparation in support of the Senior Counsel, Privacy and Senior Compliance Officer.
• Maintain the EMEA compliance calendar and assist with regulatory correspondence.
• Support credentialing and onboarding/offboarding compliance processes for EMEA clients and vendors.
• Apply a working knowledge of regulated criminal-record screening across the UK disclosure regimes (DBS, Disclosure Scotland, and AccessNI), including the distinct check levels available under each and the eligibility rules that govern which level a given role qualifies for.
• Understand Certn's obligations when acting as, or supporting clients who rely on, a registered body, umbrella body, or responsible organisation, including the duty to confirm role eligibility, verify applicant identity, and handle disclosure results in line with each agency's code of practice.
• Audit screening files for eligibility accuracy and procedural compliance, and prepare first-line responses to client and regulator inquiries about how a check was scoped, processed, and stored, escalating substantive legal questions to the Senior Counsel, Privacy and Senior Compliance Officer.
• Apply the data-protection rules that sit alongside the disclosure regimes, including the handling, retention, and secure destruction of criminal-record data as criminal offence data under UK GDPR and the Data Protection Act 2018.
• Operational Collaboration
• Maintain process documentation for privacy and EMEA compliance workflows
• Act as a liaison to Operations for privacy-adjacent process design and workflow improvements
• Triage and manage Jira tickets relating to privacy and EMEA compliance matters
• Key Qualifications
• Post-secondary education in a related field or an equivalent combination of education and professional experience.
• Practical working knowledge of GDPR and data subject rights processes, including experience engaging with regulatory or quasi-governmental bo

Additional Information

About Certn At Certn, we're changing how trust works with The World's Easiest Background Check. We've raised $127M+, earned Deloitte Fast 50 recognition three years in a row, and we're still only scratching the surface. Our goal is straightforward: help people move faster - into jobs, homes, and opportunities - by simplifying the path to trust. We're not a traditional background screening company. We're a team of curious, collaborative builders who care about solving real problems for real people. We challenge each other, move fast, and have fun doing it. If you want to grow, make an impact, and help shape products used by millions, this is your place. Let's build what's next, together.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at highlightta? Share your experience