Data Rights Manager
Job Title: Data Rights Manager
--------------------------------------
Location: Remote – our HO is in Northampton
---------------------------------------------------
Type: Full\-Time / 37\.50 – we offer a flexible working week
--------------------------------------------------------------------
Salary: From £60k DOE
-----------------------------
Closing Date: 13th June 2026 or until the right candidate is hired
----------------------------------------------------------------------
Purpose of Role:
--------------------
Around the globe, families, clients and staff trust Bright Horizons to provide high\-quality education and care, operate with integrity, and empower them to thrive. Respecting privacy rights is an integral part of building and maintaining that trust. How we process and protect personal information as a business is critical to supporting Bright Horizons’ reputation and success.
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The purpose of Bright Horizons’ Privacy Team is to ensure that Bright Horizons handles personal data responsibly and in compliance with relevant privacy laws and regulations. The Privacy Team’s goals are to protect personal data, build trust, reduce risks and enhance business practices. We strive for continuous improvement and the advancement of Bright Horizons’ privacy maturity levels.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
The Data Rights Manager is responsible for leading and operating the organisation’s global data subject rights programme. This responsibility includes overseeing the end\-to\-end management of data subject rights requests (DSR), ensuring compliance with the global privacy regulations, and embedding scalable, consistent, and defensible processes across jurisdictions. The role acts as a key interface between Legal, Privacy, IT, Security, HR, and Operations, ensuring that individual rights are respected while managing risk, efficiency, and regulatory exposure.
---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Key Responsibilities:
-------------------------
Data Subject Rights Operations
----------------------------------
- Own and manage the global DSR programme, including DPIAs/LIAs, policies and notices, standard operating procedures, workflows, queue management, templates and continuous improvement.
- Oversee the end\-to\-end handling of high\-volume and complex DSRs across multiple jurisdictions.
- Ensure all DSR responses meet statutory deadlines and applicable legal requirements.
- Review complex or high\-risk responses and escalate for senior approval where required.
- Manage DSR vendors, including external service providers and outside counsel.
- Coordinate complex data searches across enterprise and local systems (email, collaboration tools, business applications, archives, backups) and maintain defensible audit trails.
- Support the business in responding to third\-party requests for personal data (e.g. law enforcement).
Governance, Compliance and Regulatory Alignment
---------------------------------------------------
- Interpret and operationalise data rights requirements across global privacy regimes.
- Monitor relevant laws, regulatory guidance and enforcement trends, updating the DSR programme as needed.
- Develop, maintain, and enhance global DSR policies, procedures, templates, and decision frameworks in line with applicable laws and supervisory authority guidance.
- Ensure consistent and defensible interpretation of exemptions, restrictions, and lawful refusal grounds.
- Maintain metrics, trend analysis and reporting to support governance, compliance and certification requirements.
- Support regulatory inspections, internal and external audits, and investigations related to data rights.
- Maintain robust records of decision\-making and audit trails.
Stakeholder Management, Tools, Automation and Continuous Improvement
------------------------------------------------------------------------
- Act as the primary escalation point for data rights issues across the organization.
- Partner with Legal, HR, IT, Security, and Business Operations teams to identify, review and disclose personal data.
- Advise stakeholders on regulatory requirements, risk and proportionality.
- Own, manage, configure and optimise data rights tooling and workflows within the organization’s case management platform (OneTrust).
- Drive automation and efficiency improvements while maintaining legal accuracy and quality assurance.
Other
---------
- Promote a consistent, rights\-respecting privacy culture globally.
- Lead and manage the DSR team, setting clear goals, SLAs, and quality standards.
- Undertake ad hoc tasks and other duties appropriate to the role.
Qualifications and Essential Experience:
--------------------------------------------
- Degree or equivalent professional experience in a similar role.
- Privacy qualification such as CIPP/E, CIPP/UK, CIPM, or similar (highly desirable).
- Legal, compliance, or data governance background advantageous.
- Significant experience (5\+ years) in data rights management (required).
- Deep practical knowledge of US, UK and EU privacy regimes, particularly individual rights.
- Hands\-on experience leading teams and managing DSARs at scale, including complex and contentious requests.
- Proficiency with case management platforms and video redaction software.
- Proven ability to apply exemptions, manage statutory deadlines, and maintain defensible audit trails.
- **Familiarity with CCTV ecosystem, including camera systems, access controls, reten
This listing is from indeed. View original listing ↗