• Location
    • Remote
  • Date Posted
  • Oct. 11, 2021
  • Function
  • Data Science
  • Sector
  • Fintech

Xapo is an international fintech startup on a mission to protect and grow its clients’ life savings.

We’re a fully distributed team that works remotely from 50+ countries around the world. We may come from many different cultures and backgrounds, but it’s our values, our resourcefulness, and our drive that makes us Xapiens.

We work hard, think globally, and inspire each other to grow every day. If you’re the best at what you do and share our passion, we want you.

Join us, wherever you are, and help us build a digital bank worthy of the digital age at Xapo.

Position Overview

We are looking for a Data Protection Officer (DPO) for the group who will be responsible for overseeing the organization’s data protection strategy and implementation to ensure that Xapo is complying with its requirements under Europe’s General Data Protection Regulation (GDPR) as adapted into local law by the Gibraltar Regulatory Authority (GRA), and other relevant data protection requirements or good practices as appropriate. While the DPO role will report to the Chief Compliance Officer, it will support all Management Team members and Xapo staff in fulfilling their data protection requirements.

Although we are headquartered in Gibraltar, this is a full-time, 100% remote working position. Work from anywhere in the world!


  • To help Xapo benchmark how other Banks and VASPs comply with GDPR in an innovative manner.
  • To work to ensure Xapo achieves its business objectives while still achieving compliance with relevant regulations.
  • To develop GDPR compliance strategies that are client and staff centric.
  • To inform and advise the controller or the processor of data of their Data Protection obligations (i.e. GDPR as adopted by Gibraltar), including the training, education and awareness of all staff regarding their and the firm’s Data Protection responsibilities.
  • To conduct regular assessments and audits to ensure GDPR compliance.
  • To monitor compliance with GDPR, with other relevant data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits.
  • To develop, implement and oversee a firm-wide Record Retention Policy compliant with GDPR.
  • To provide advice where requested as regards the data protection impact assessment (DPIA) and monitor its performance pursuant to GDPR Article 35.
  • To maintain records of all data processing activities conducted by the company.
  • To respond to data subjects to inform them about how their personal data is being used and what measures the company has put in place to protect their data.
  • To ensure that data subjects’ requests to see copies of their personal data or to have their personal data erased are fulfilled or responded to, as necessary.
  • To cooperate with relevant Supervisory Authorities (e.g. Gibraltar Regulatory Authority);
  • To act as the contact point for the Supervisory Authorities on issues relating to processing, including the prior consultation referred to in GDPR Article 36, and to consult, where appropriate, with regard to any other matter. (Article 36 requires prior consultation where the DPIA assesses that processing would result in a high risk in the absence of measures taken by the controller to mitigate the risk.)
  • The DPO shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.
  • The DPO shall work collaboratively within cross-functional teams and with key stakeholders in order to effect positive change across Xapo.


  • Extensive technical knowledge and experience of data protection regulation, privacy standards, and best practices.
  • Relevant data protection training, certifications and/or regulatory approvals.
  • A strong understanding of data and information systems.
  • A background in Banking and/or Fintech data protection.
  • A dynamic individual who has a track record of innovating and pushing boundaries by leveraging technology to achieve GDPR compliance.
  • An analytical mindset with keen attention to deal.
  • A can-do, customer and solutions focused attitude.
  • Strong organization and communication skills;
  • A proven track record of stepping up, taking responsibility and delivering.
  • A good understanding of management reporting, particularly producing reports with actionable insights.
  • Experience working across or closely with other teams to develop, execute or implement key projects.
  • Experience managing high volumes of workloads with competing priorities.

Other Requirements

  • A strong and stable internet connection;
  • A computing device that meets our minimum technical specifications;
  • Alignment with our culture and values;

Why work for xapo?

  • Impact globally, work remotely.
  • Shape the Future: Improve lives through cutting-edge technology, work 100% remotely from anywhere in the world.
  • Own Your Success: Receive attractive remuneration, enjoy an autonomous work culture and flexible hours, apply your expertise to meaningful work every day.
  • Expect Excellence: Collaborate, learn, and grow with a high-performance team.

About xapo

We founded Xapo to address two of the biggest issues with Bitcoin adoption: accessibility and security. In a matter of years, we developed an industry-leading platform that introduced cryptocurrency into the daily lives of millions worldwide.

Now, we’re bringing our expertise to all facets of our users’ finances. Because no matter who we are or where we’re from, we all deserve more options, more control, and more peace of mind where our money is concerned.

We’re an Equal Opportunity Employer – we believe that diversity is critical to our success as a global company. An inclusive workplace is the foundation of Xapo – it allows us to create products that cater to clients around the world.