Group Data Subject Requests (DSR) Lead

The Group DSR Lead is responsible for ensuring that Data Subject Requests (DSRs) are handled correctly consistently and efficiently across the group. This includes setting clear guidelines for how DSRs should be assessed processed documented and answered in daily operations.

The role combines hands-on operational responsibility with group-wide ownership of DSR ways of working ensuring alignment between legal requirements and practical execution across Operations Legal IT and Credit Risk & Analytics.

Key Responsibilities

Operational DSR Management

• Take overall responsibility for the day-to-day handling of DSRs across the group.

• Review incoming requests and ensure they are correctly classified and handled according to established guidelines.

• Ensure DSRs are answered within legal timelines and follow up on open or delayed cases.

• Handle complex sensitive or high-risk DSRs and act as an escalation point when needed.

Guidelines & Ways of Working

• Develop own and maintain clear group-wide guidelines for how DSRs should be handled in practice.

• Define how different types of DSRs should be assessed including scope data sources exemptions and response structure.

• Ensure guidelines are practical easy to follow and aligned with both legal requirements and operational realities.

• Update guidelines when regulations systems or business processes change.

• Ensure guidelines are understood and applied consistently across teams and entities.

Processes & Continuous Improvement

• Own the practical DSR processes and ensure they reflect the established guidelines.

• Identify gaps risks and inefficiencies in how DSRs are handled.

• Drive improvements to simplify workflows reduce manual handling and improve quality and consistency.

• Support standardisation across the group while allowing for local operational needs.

Coordination & Stakeholder Work

• Coordinate DSR handling between Operations Legal IT and Credit Risk & Analytics.

• Ensure clear ownership and handovers between teams involved in data identification extraction review and response.

• Act as a bridge between legal interpretation and operational execution.

• Follow up on dependencies to ensure timely and accurate delivery.

IT & Data Access Requirements

• Define operational and functional requirements for IT systems supporting DSR handling.

• Work with IT to improve data access data extraction and case handling tools.

• Translate legal and guideline requirements into concrete system and process needs.

• Participate in initiatives to automate or improve DSR handling where possible.

Training & Support

• Train employees on DSR guidelines processes and practical case handling.

• Provide ongoing support and guidance in daily DSR work.

• Act as a subject matter expert and point of contact for DSR-related questions.

Documentation & Compliance

• Ensure guidelines processes templates and work instructions are documented and kept up to date.

• Maintain documentation and evidence demonstrating compliant DSR handling.

• Support Legal in audits inspections and regulatory inquiries related to DSRs.

• Ensure decisions in complex cases are properly documented and traceable.

Qualifications & Experience

• Relevant higher education (e.g. law compliance data protection information security business or IT).

• Practical experience working with Data Subject Requests and data protection requirements.

• Experience from an operational compliance legal risk or similar role.

• Experience working cross-functionally in a regulated environment.

Skills & Personal Attributes

• Fast learner with the ability to quickly understand systems data flows and processes.

• Hands-on pragmatic and solution-oriented.

• Structured detail-oriented and reliable.

• Comfortable taking ownership and driving work independently.

• Clear and confident communicator able to explain guidelines and requirements in simple terms.

• Fluent in English both written and spoken.

Nice to Have

• Experience developing operational guidelines or playbooks.

• Experience working with GDPR in a group-wide or international setup.

• Experience defining requirements towards IT or working with case management tools.

• Background from financial services credit or other regulated industries.

• Experience supporting audits or regulatory reviews.

• Additional language skills besides English.