Privacy Intern
About The Position
Xpansiv is the leading infrastructure provider for the energy transition markets. Our comprehensive platform includes registries, online marketplaces, market execution services, wholesale power solutions, and market data for energy and environmental commodity markets. Trusted worldwide, Xpansiv enables stakeholders to deliver transparent, credible, and auditable environmental claims to address the growing global demand for assurance and accountability on climate action and sustainability performance. From our founding in 2009 through more than 10 acquisitions, Xpansiv has become a global leader in environmental commodity markets. We are backed by Blackstone and other leading investors Position summary We are seeking a Privacy Intern to support the Risk & Compliance Department in maturing our enterprise privacy program. The initial focus will be to help refine and expand our GDPR privacy obligation matrices and support the documentation of required processing registers with the EU and across the globe. If time permits, the intern will also contribute to broader privacy program buildout activities.
Requirements
- Currently pursuing a later-stage undergraduate degree or a graduate degree (Masterâs or Juris Doctor / law degree preferred) in a related field (e.g., law, privacy, compliance, risk management, information security, public policy, or business).
- Strong understanding of GDPR concepts and key privacy program structures (e.g., RoPA, lawful bases, DPIAs, data subject rights, data transfers, controller/processor roles).
- Exceptional attention to detail and ability to produce clear, well-structured documentation.
- Self-motivated, driven, and comfortable working independently with minimal supervision.
- High curiosity and willingness to learn and ask thoughtful questions.
- Strong written communication and stakeholder coordination skills.
Nice To Haves
- Coursework or experience with international privacy regulations (e.g., EU and UK GDPR, U.S. state privacy laws).
- Exposure to privacy operational artifacts such as DPIAs/PIAs, vendor/processor assessments, and transfer impact assessments.
- Comfort working with structured trackers and matrices (Excel/Sheets) and maintaining documentation quality at scale.
- Familiarity with common privacy or GRC tooling (e.g., OneTrust or similar), not required.
Responsibilities
- Support development and maintenance of GDPR privacy obligation matrices (e.g., mapping obligations to controls, owners, evidence, and documentation requirements).
- Assist in reviewing and updating Records of Processing Activities (RoPA) and related processing register documentation for EU operations.
- Conduct research on international privacy obligations and interpret requirements into practical documentation and program artifacts.
- Partner with internal stakeholders to collect required information (e.g., purposes of processing, data categories, retention, transfers, processors/sub-processors, security measures).
- Identify documentation gaps and propose improvements to privacy governance processes and templates.
- Help prepare materials to support privacy program buildout (e.g., procedures, playbooks, trackers, audit-ready evidence files) as time permits.
- Maintain organized, high-quality documentation with strong version control and traceability.
Stand Out From the Crowd
Upload your resume and get instant feedback on how well it matches this job.
What This Job Offers
Career Level
Intern
Number of Employees
1-10 employees
