Staples is business to business. You’re what binds us together.

Our talented finance team partners with every area of the business to drive results and provide financial expertise. We are passionate about analyzing and interpreting information to assess performance and provide guidance. Our team serves as a true partner and advisor to all our business leaders; working with them to accelerate the company’s profitability and growth.

The Privacy Analyst is responsible for supporting the organization’s privacy and data protection initiatives by implementing privacy compliance activities, conducting data privacy impact assessments, monitoring internal controls, and responding to privacy-related incidents and inquiries. This role serves as a key contributor to ensuring that business operations and vendor engagements adhere to applicable data privacy laws and corporate policies. The ideal candidate has a strong understanding of privacy regulations (e.g., CCPA and other state laws), data governance principles, and risk assessment methodologies.

What you will be doing:

• Conduct data impact assessments (PIAs) and data protection impact assessments (DPIAs) for business processes and systems.
• Monitor compliance with privacy and internal data protection policies.
• Support the development, review, and implementation of privacy policies, procedures, and training programs.
• Investigate and document privacy incidents and support incident response efforts, including breach notification processes when necessary.
• Track and document data processing activities (RoPA), including partnering closely with third-party vendor risk teams.
• Collaborate with legal, IT, security, compliance, and business units to assess privacy risks and recommend mitigating controls.
• Maintain and update data subject request (DSR) response processes, ensuring timely completion of access, deletion, and correction requests.
• Participate in audits and support documentation efforts for privacy-related certifications and regulatory inquiries.
• Assist with monitoring, tracking, and reporting privacy metrics and KPIs. 
• Identify opportunities for process improvement and assist in automation or optimization of privacy related workflows.

What You Bring to the Table:

• Strong analytical and problem-solving skills.
• Strong organizational and documentation skills.
• Excellent written and verbal communication skills.
• Attention to detail with a high degree of accuracy and quality.
• Ability to prioritize and manage multiple projects in a fast-paced environment.
• Collaborative mindset and ability to build trust across departments.
• Proactive and adaptable to regulatory and organizational changes.

What’s needed: Basic Qualifications:

• 2+ years of progressively complex experience in privacy, compliance, legal, risk management, or a related area.
• Working knowledge of GDPR, CCPA/CPRA, and other relevant privacy laws and frameworks.
• IAPP certification: CIPP/US, CIPP/E, CIPM, or CIPT.
• Experience with OneTrust or TrustArc, or similar privacy management platforms
• Proficiency in Microsoft Office Suite.

Preferred Qualifications:

• Bachelor’s Degree in Business, Information Systems, Law, or related field or equivalent work experience
• Familiarity with data governance, information security, or cybersecurity frameworks (e.g., NIST, ISO 27001).
• Experience working in highly regulated industries (healthcare, financial services, e-commerce).
• Prior involvement in regulatory audits or legal discovery processes.

We Offer:

• Inclusive culture with associate-led Business Resource Groups
• Flexible PTO (22 days) and Holiday Schedule (7 observed paid holidays)
• Online and Retail Discounts, Company Match 401(k), Physical and Mental Health Wellness programs, and more!

Staples is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender identity, sexual orientation, age, national origin, protected veteran status, disability, or any other basis protected by federal, state, or local law

It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability.