Manager, Privacy Compliance

About the team and role:

Klaviyo's Legal Privacy team is responsible for Klaviyo's privacy strategy and for keeping the company's products, operations, and go-to-market practices aligned with privacy laws and regulations worldwide. The Senior Manager, Legal Compliance - Privacy will serve as a senior subject matter expert on privacy compliance across the company, partnering with Product, Engineering, Marketing, Security, and Customer Experience teams to operationalize privacy requirements in a fast-moving B2C CRM platform environment.

Reporting directly to the Sr. Director, Legal Privacy, this role combines strategic privacy program ownership with hands-on compliance execution, covering the full lifecycle of Klaviyo's customer data handling across company products and services. The Senior Manager will help drive Klaviyo's privacy-by-design culture, support compliance with U.S. and international privacy frameworks, and contribute to the company's approach to AI governance as Klaviyo's AI-powered capabilities continue to grow.

• Own and execute a 6–12 month privacy compliance work plan aligned with broader Legal and company KPIs, identifying opportunities to drive measurable impact.
• Lead compliance readiness efforts for new and evolving U.S. state privacy laws (CCPA/CPRA), FTC requirements, and international privacy regulations (GDPR, UK Data Protection Act, PECR, PIPEDA, and emerging frameworks).
• Monitor legislative and regulatory developments across jurisdictions, assess applicability to Klaviyo's products and operations
  
  Develop, maintain, and improve privacy policies, procedures, records of processing activities (RoPAs), and internal documentation to demonstrate compliance with applicable laws.

• Working closely with Product Counsel, serve as the primary privacy compliance advisor to Product, Engineering, and Data teams, embedding privacy-by-design principles into Klaviyo's product development lifecycle, including new features, AI/ML capabilities, data integrations, and platform changes.
• Conduct and oversee privacy impact assessments (PIAs) and data protection impact assessments (DPIAs) for high-risk processing activities, new product launches, and third-party integrations.

• Communicate with key stakeholders cross-functionally to deliver a unified, global privacy compliance experience for the business.
• Partner with Security, IT, and Data Governance teams on controls frameworks, data mapping, data retention schedules, and incident response protocols.
• Support the negotiation and review of data processing agreements (DPAs) and privacy-related contractual terms with vendors, partners, and enterprise customers.
• Build and leverage strong relationships with leaders and partners across the company to secure buy-in, manage issues, and drive results on privacy initiatives.

• Oversee processes for data subject rights requests (access, deletion, correction, opt-out) to ensure timely and compliant responses at scale.
• Support privacy incident and data breach response, including investigation, documentation, root-cause analysis, remediation, and regulatory reporting as needed.

• Contribute to Klaviyo's approach to responsible AI governance, advising on privacy and data protection considerations for AI-powered features.
• Monitor emerging AI-related privacy regulations and guidance (EU AI Act, FTC AI enforcement trends, state AI legislation) and assess their applicability to Klaviyo's products and services.

• Design and deliver privacy training and awareness programs tailored to different business functions (Engineering, Marketing, Customer Support and Success, Sales).
• Maintain accountability for key privacy compliance metrics (DSR response times, assessment completion rates, training completion, incident resolution timelines) and report on program performance to senior leadership.
• Proactively engage with external networks (IAPP, industry peer groups, privacy forums) to stay current on…