Privacy Manager

Admin, Support & Facilities London, England


Position at GroupM


Job Description


Operating Company

GroupM WW

Job Title

Privacy Manager

Department / Team

Global Privacy Team

Reporting To

Privacy Programme Global Director


Sea Containers House

About GroupM


GroupM is the leading global media investment management operation serving as the WPP media agencies including Mindshare, MediaCom, Wavemaker & Essence, each global operations in their own right with leading market positions. GroupM’s primary purpose is to maximize performance of WPP’s media agencies by operating as leader and collaborator in trading, content creation, digital, finance, proprietary tool development and other business-critical capabilities. GroupM’s focus is to deliver unrivalled marketplace advantage to its clients, stakeholders and people. Discover more about GroupM at


About the team and/or client


The role sits within the Global Privacy Team, who sit in the Global Legal Team.  The Privacy Manager directly reports to the Privacy Programme Global Director. 


The Role Objective


As one of 3 Privacy Managers you will work closely with the Privacy Programme Global Director and the DPO to drive a privacy aware culture throughout the organisation.  You will be responsible for providing guidance to the business and coordinating workstreams under the privacy programme framework.


The purpose of the role is to organise and deliver on the privacy objectives of the Privacy Team.  It is important to be able to build trust and good professional relationships with key stakeholders and manage expectations whilst delivering projects on time.





Supply Chain Privacy Risk Management:

You will be supporting the roll out of the Privacy Vendor Risk Assessment programme across global markets.  You will be responsible for checking individual vendor self-assessments, advising on any privacy risks identified, and offering local market support.  You will be able to offer training to markets on the privacy software and will be able to update and amend assessments where required. 


Managing DSARs


You will be responsible for responding to enquiries and complaints from data subjects, including requests by data subjects to exercise their rights under data protection law.  Under the direction of the DPO and Programme Director you will manage, DSARs received by GroupM & Group companies and maintain a record of these.




Company Privacy Risk Management:

Reviewing the current programme for HR, Admin & Finance, you will be able to advise on privacy related matters and ensure regular reviews are undertaken.  You will provide privacy training to enable each department to recognise the privacy related risks and responsibilities and will be able to offer best practice guidelines.


Education & Training:

Working closely with the Privacy Programme team to promote a data protection culture within the Group. Devising and delivering relevant training and guidance notes to promote Privacy by Design across the Group.


Privacy Policies & Assessments:

Working closely with the Privacy Programme team to manage and maintain updates to Privacy Policies and other guidance notes as required.  To help evaluate privacy risks through Data Protection Impact Assessments and advise the business to help mitigate those risks and carry out and document Legitimate Interest Assessments where necessary.


General Privacy Support:

Coordinating responses to queries received through GDPR and privacy inboxes. Auditing the markets approach to the Group Privacy Programme and carrying out a Gap Analysis. Working in conjunction with the Privacy Programme Director to prove regular and ad hoc reports to senior management and other senior stakeholders on data protection matters.


Skills and Behaviours

  • Strong organisational and project management skills, organised structured approach to delivering projects on time is essential.
  • Strong written and oral communications skills.  The candidate must be comfortable communicating directly with senior management and other senior stakeholders.
  • Personable, approachable and keen.

Experience Required


  • CIPP/E or other industry recognised privacy or risk management qualification, preferred but not essential (training available)
  • Project management qualification eg. Prince 2 would be beneficial.
  • Previous experience of managing data protection issues in the media or technology sectors is preferred.