STAPLES IS BUSINESS TO BUSINESS. YOU’RE WHAT BINDS US TOGETHER.

Our talented finance team partners with every area of the business to drive results and provide financial expertise. We are passionate about analyzing and interpreting information to assess performance and provide guidance. Our team serves as a true partner and advisor to all our business leaders; working with them to accelerate the company’s profitability and growth.
The Privacy Analyst is responsible for supporting the organization’s privacy and data protection initiatives by implementing privacy compliance activities, conducting data privacy impact assessments, monitoring internal controls, and responding to privacy-related incidents and inquiries. This role serves as a key contributor to ensuring that business operations and vendor engagements adhere to applicable data privacy laws and corporate policies. The ideal candidate has a strong understanding of privacy regulations (e.g., CCPA and other state laws), data governance principles, and risk assessment methodologies.

WHAT’S NEEDED: BASIC QUALIFICATIONS:

• 2+ years of progressively complex experience in privacy, compliance, legal, risk management, or a related area.
• Working knowledge of GDPR, CCPA/CPRA, and other relevant privacy laws and frameworks.
• IAPP certification: CIPP/US, CIPP/E, CIPM, or CIPT.
• Experience with OneTrust or TrustArc, or similar privacy management platforms
• Proficiency in Microsoft Office Suite.

PREFERRED QUALIFICATIONS:

• Bachelor’s Degree in Business, Information Systems, Law, or related field or equivalent work experience
• Familiarity with data governance, information security, or cybersecurity frameworks (e.g., NIST, ISO 27001).
• Experience working in highly regulated industries (healthcare, financial services, e-commerce).
• Prior involvement in regulatory audits or legal discovery processes.

• Conduct data impact assessments (PIAs) and data protection impact assessments (DPIAs) for business processes and systems.
• Monitor compliance with privacy and internal data protection policies.
• Support the development, review, and implementation of privacy policies, procedures, and training programs.
• Investigate and document privacy incidents and support incident response efforts, including breach notification processes when necessary.
• Track and document data processing activities (RoPA), including partnering closely with third-party vendor risk teams.
• Collaborate with legal, IT, security, compliance, and business units to assess privacy risks and recommend mitigating controls.
• Maintain and update data subject request (DSR) response processes, ensuring timely completion of access, deletion, and correction requests.
• Participate in audits and support documentation efforts for privacy-related certifications and regulatory inquiries.
• Assist with monitoring, tracking, and reporting privacy metrics and KPIs.
• Identify opportunities for process improvement and assist in automation or optimization of privacy related workflows.