JOB DETAILS

Data Protection Audit Specialist

CompanyGEDU
LocationNoida
Work ModeOn Site
PostedJuly 13, 2026
About The Company
GEDU Global Education (GEDU) is changing lives through education and making a fundamental difference to living standards and access to learning globally. We have 15 institutions in 16 countries, including the USA, United Kingdom, France, Germany, Spain, Malta, UAE, India, Saudi Arabia, Australia, Ireland and Canada. We offer a range of educational opportunities— from K12 through Bachelor’s and Master’s degrees to PhDs and DBAs, plus apprenticeships and language schools. Our portfolio has over 75,000 students, covers a wide range of subjects and is characterised by a keen focus on both employability and student experience to maximise return on investment for students. Education is transformative, and this is what drives us. Our Portfolio: ICN, Schiller International University, MLA College, GBS UK, GBS Dubai, GBS Malta, Queen Elizabeth's Global Schools, Global Institute of Entrepreneurship (GIE), École de Management Appliqué (EMA), Australian Performing Arts Conservatory (APAC), MetaGedu, Lokmani Degree College, English Path, GlobalU, and Global Banking Training.
About the Role


a { text-decoration: none; color: #464feb; } tr th, tr td { border: 1px solid #e6e6e6; } tr th { background-color: #f5f5f5; }

Role Summary

As a Data Protection Audit Specialist, you will play a key role in strengthening our global privacy and compliance posture across GEDU and its entities that process personal data under the UK GDPR and EU GDPR.

In this role, you will lead and support internal data protection audits, partner closely with IT, Cybersecurity, Legal, and operational teams, and help build a privacy environment that is transparent, secure, and audit-ready. Your work will directly contribute to identifying risks, closing compliance gaps, and ensuring our global operations meet regulatory expectations with confidence.

Key Responsibilities Compliance Monitoring
  • Monitor and support GDPR compliance efforts across all global entities.
  • Help maintain the global data protection governance framework.
  • Review departmental processes to ensure personal data is processed lawfully, fairly, and transparently.
Internal Data Protection Audits
  • Plan and conduct GDPR compliance audits across business units, systems, and regions.
  • Develop and maintain structured audit programs, checklists, and evidence frameworks.
  • Assess compliance with key GDPR principles, including:
    • Lawfulness and lawful basis
    • Purpose limitation and data minimisation
    • Retention and secure deletion
    • Data subject rights and response processes
  • Produce clear, actionable audit reports focusing on:
    • Identified gaps
    • Associated risk levels
    • Remediation recommendations
  • Track mitigation and corrective actions with stakeholders through closure.
Collaboration with IT & Cybersecurity
  • Work closely with IT and Cybersecurity teams to assess technical and organisational measures required under GDPR (Article 32).
  • Review controls related to:
    • Access management
    • Encryption and key management
    • System logging, monitoring, and backup practices
    • Security of cloud platforms and SaaS applications
  • Participate in system reviews, change assessments, and security audits involving personal data.
DPIAs & ROPA
  • Maintain a global Data Protection Impact Assessment (DPIA) register, ensuring risks, mitigations, and ownership are clearly documented.
  • Maintain and periodically verify the Record of Processing Activities (ROPA) across all global entities, collaborating with process owners and system experts.
Incident & Breach Support
  • Support IT and Cybersecurity teams in incident investigations and post-incident assessments.
  • Ensure documentation and evidence trails are complete and audit-ready.
  • Feed insights from incidents into improved controls, training initiatives, and business processes.
Vendor & Third-Party Assurance
  • Support the assessment of vendor security and privacy posture in collaboration with IT and Procurement teams.
  • Ensure Data Processing Agreements (DPAs) and third-party safeguards meet GDPR requirements and expectations.
Minimum Requirements
  • Bachelor's degree in Information Security, Compliance, Information Technology, or a related field.
  • Minimum 5 years of experience in data protection, privacy audits, internal audits, or compliance governance.
  • Strong understanding of UK GDPR, EU GDPR, and related global data protection frameworks.
  • Experience collaborating with IT teams on security reviews and control assessments.
  • Excellent analytical, documentation, and reporting skills.
  • Ability to interpret complex technical and regulatory requirements and translate them into practical business solutions.
 
 
 
 
 

GEDU Global Education is a dynamic and innovative group of education providers.
Across our institutions, programmes are designed to have a direct impact on the lives of our students, apprentices and trainees; to equip them with the skills, knowledge and experience necessary for success in their chosen field.
Key Skills
GDPR ComplianceData Protection AuditPrivacy GovernanceRisk AssessmentDPIAROPAInformation SecurityTechnical Control AssessmentVendor AssuranceIncident InvestigationRegulatory ReportingCompliance Monitoring
Categories
LegalSecurity & SafetyData & AnalyticsTechnologyEducation
Job Information
📋Core Responsibilities
Lead and support internal data protection audits to ensure global compliance with UK and EU GDPR across business units and systems. Collaborate with IT and Cybersecurity teams to assess technical controls, manage DPIA and ROPA registers, and support incident investigations.
📋Job Type
full time
📊Experience Level
5-10
💼Company Size
426
📊Visa Sponsorship
No
💼Language
English
🏢Working Hours
40 hours
Apply Now →

You'll be redirected to
the company's application page