Job Description

Job Purpose and Mission This new position will be responsible for the privacy support requirements for Starbucks Digital Solutions (SDS) as well as the broader EMEA privacy program. We are seeking a knowledgeable and experienced Senior Privacy Analyst to join our team. The Senior Privacy Analyst will be responsible for ensuring compliance with privacy laws, policies, and regulations within our organisation. This role requires a deep understanding of privacy principles and best practices, as well as excellent analytical and communication skills. The Senior Privacy Analyst will collaborate with cross-functional teams to assess privacy risks, design and implement privacy programs, and provide guidance on privacy-related matters. Summary of Key Responsibilities Responsibilities and essential job functions include but are not limited to the following:

• Stay up to date with privacy laws, regulations, and industry trends, and communicate relevant changes to stakeholders.
• Conduct privacy impact assessments (PIAs) to identify and assess potential privacy risks associated with new projects, systems, or processes.
• Participate in regular cross-functional initiatives such as the weekly data use review committee.
• Assist in the creation of privacy policies, procedures, and guidelines to ensure compliance with applicable laws and regulations.
• Collaborate with legal, IT, and other relevant departments to ensure privacy requirements are integrated into business processes and systems.
• Provide guidance on data privacy practices and ensure appropriate handling of personal data, both internally and externally.
• Manage the \xe2\x80\x98privacy champion\xe2\x80\x99 initiative and lead on monthly calls with the identified Partners to discuss privacy concerns and provide expert advice.
• Perform periodic reviews of the in-scope privacy regulations in your region to identify any changes that will require mitigation and provide monthly reports to the Privacy Counsel and Data Privacy Director.
• Perform horizon scanning activities of the privacy regulations in SDS target markets and provide monthly reports to the Privacy Counsel and Data Privacy Director.
• Lead workshops designed to map out data processing activities across all relevant business units.
• Conduct periodic privacy audits and assessments to monitor compliance and identify areas for improvement.
• Investigate and respond to privacy incidents, breaches, and complaints, ensuring appropriate remedial actions are taken.
• Develop and deliver privacy training and awareness programs to educate employees on privacy obligations and best practices.
• Engage with external stakeholders, such as regulatory bodies, industry groups, and customers, to stay informed of privacy-related developments.
• Act as a subject matter expert on privacy matters, providing advice and guidance to internal teams and senior management.

Knowledge, Skills and Experience Essential Experience

• Proven experience in privacy management, data protection, or a similar role.
• In-depth knowledge of global privacy laws and regulations, such as the GDPR, and other relevant frameworks.
• Familiarity with privacy frameworks, such as ISO 27001, NIST, or other internationally recognized standards.
• Strong understanding of data protection principles, privacy-by-design concepts, and risk management methodologies
• Experience leading on tech related privacy matters.
• Excellent communication and interpersonal skills, with the ability to collaborate and influence stakeholders at all levels.
• Strong understanding of information security principles, including data classification, access controls, and encryption.
• Experience conducting privacy impact assessments (PIAs) and developing privacy policies, procedures, and guidelines.
• Demonstrated ability to work independently, prioritise tasks, and manage multiple work streams and projects simultaneously.
• Strong analytical and problem-solving skills, with the ability to think strategically and make data-driven decisions.
• Experience in conducting privacy impact assessments and managing privacy incidents.
• Demonstrated ability to drive and implement privacy programs in complex organizations.
• Strong organisational skills.
• Strong knowledge in digital technologies (i.e., social media, digital advertising, mobile apps, mobile payments), with particular focus on how these technologies are used to collect, use and/or share information
• Ability to plan, organize and prioritize tasks to complete independently with little supervision / direction and within the time frame established.

Desired Experience

• Professional certifications in privacy management (e.g., CIPP/E, CIPM).
• Knowledge of emerging privacy technologies and tools.
• Experience of working in a licensee/franchise model.

This job description is only a summary of the typical functions of the role and is not an exhaustive or comprehensive list of all possible responsibilities, tasks, and duties that may be required. Management reserves the right to amend the responsibilities, tasks, and duties of the jobholder as dictated by business requirements. Starbucks is committed to building an inclusive and diverse workforce . All applicants and partners will be treated fairly, without regard to race, religion, sex, nationality, age, physical or mental disability, sexual orientation, marital status, gender identity and expression.