Experience Level
Experienced professional
Area
IT
Location
Calle Trinidad Grund 12, 29001 Málaga
Employment Type
Full-time
Company
Drees & Sommer Digital Services
Start Date
By arrangement
The Data Protection & Classification Officer is responsible for implementing, improving and maintaining the organization’s data protection, data governance, and information classification framework. This role ensures that data is handled in accordance with legal, regulatory, and internal security requirements, while enabling secure and efficient business operations. The officer supports head of GRC in collaboration with cybersecurity, legal, compliance, IT, and business units to drive consistent data protection practices across the enterprise.
The Data Privacy and Classification Officer is a professional with extensive expertise in Data Privacy Governance, Risk, and Compliance (GRC), bringing a deep understanding of integral data privacy frameworks, regulations, and best practices. With a strong track record in executing compliance programs and embedding data privacy controls within large-scale and multinational environments, this role supports Drees & Sommer’s mission to ensure regulatory compliance, business continuity, and long-term data privacy and information security maturity. Support yearly internal and external assessment and audit programme in alignment with the head of the department. Support the development, implementation, and maintenance of the company’s GRC framework.
YOUR TASKS
Core Responsibilities
1. Data Protection Governance
- Develop, maintain, and enforce policies, standards, and procedures related to data protection and information classification.
- Ensure compliance with relevant regulations (e.g., GDPR, national and international privacy laws) and industry frameworks (ISO/IEC 27001, TISAX, NIST).
- Conduct impact assessments (e.g., DPIAs) and advise on data handling best practices.
2. Information Classification & Handling
- Define and maintain the organization’s data classification scheme and associated handling requirements.
- Coordinate classification of new and existing data assets across systems and business processes.
- Provide guidance and tooling for labelling, tagging, and securing sensitive data.
- Knowledge and experience implementing Data Governance and Compliance with Microsoft Purview.
3. Lifecycle & Data Governance Management
- Support data owners and business units in identifying, mapping, and documenting personal and sensitive datasets.
- Define retention, deletion, and archival requirements aligned with legal and business needs.
- Oversee implementation of data minimization and “privacy-by-design” principles.
4. Monitoring, Reporting & Risk Management
- Monitor compliance with data protection and classification rules.
- Identify, assess, and report data protection risks to relevant stakeholders.
- Support incident response related to data breaches or data loss—including documentation, remediation, and lessons learned.
5. Awareness & Training
- Develop and deliver training programs on data protection, secure handling, and classification requirements.
- Serve as the subject matter expert (SME) for questions related to data governance and classification.
6. Collaboration & Advisory
- Work closely with Cyber Security, Data Governance, Legal, and Compliance teams.
- Provide input for technical solutions such as DLP, access controls, encryption, data discovery, and classification tools.
- Participate in audits and support responses to regulatory inquiries.
YOUR PROFILE
Key Competencies
- Strong understanding of data lifecycle, protection mechanisms, and cybersecurity controls.
- Knowledge of relevant frameworks (GDPR, NIST Privacy Framework, ISO 27001/27701, TISAX)
- Familiarity with technical tooling (DLP, CASB, data discovery, encryption tools, etc.)
- Excellent communication, documentation, and stakeholder management skills
- Ability to work across business units and manage complex topics with clarity
- Proficiency in policy and process implementation
- Strong writing and documentation skills
- Awareness of operational security practices in IT and industrial environments
- Strong analytical thinking and attention to detail
Certifications & Qualifications
- CIPP/E, CIPM, CIPT
- Microsoft Azure / Microsoft Purview
- Good Knowledge on GDPR and other international Data Privacy Standards
- Good Knowledge on ISO 27001/27701/22301
YOUR ADVANTAGES
To ensure your work-life balance, we offer the option of mobile working
We promote your professional and personal development through individual training and further education at the Drees & Sommer Academy
We support your health with a bonus for sports enthusiasts. We offer the possibility of subscribing to a private health insurance policy
Employees benefit from tax advantages related to their commuting expenses for the office
Fiscal advantages for employees expenses in meal costs during the worktime. Employee referral program with attractive bonus scheme
Supporting career and familiy by receiving tax benefits for kindergarten expenses