Business BA Analyst

ESN Business BA Analyst

6 months

Bristol - x3 onsite x2 remote

Inside IR35 - Umbrella only

The key purpose of this role is to ensure the ESN programme meets its contractual and regulatory data-handling obligations through the successful delivery of a comprehensive data-mapping and GDPR compliance exercise. The role holder will lead the identification, documentation, and assurance of all personal-data processing across ESN systems.

Working collaboratively with Legal, Digital, Enterprise Architecture, and Security teams, the role holder will analyse complex data flows, assess Controller and Processor responsibilities, and design appropriate governance controls to ensure ongoing compliance. They will act as a coordination point between the Authority on data-governance matters, providing clear, evidence-based recommendations that support programme assurance and contractual delivery.

This role is critical in maintaining the client reputation for operational integrity and transparency within the ESN programme, safeguarding personal data across one of the most nationally significant digital infrastructure initiatives in the UK.

• Lead the end-to-end data mapping and GDPR compliance activity for the ESN programme.
• Identify, document, and maintain a complete record of all ESN systems, data sources, and personal-data flows, creating and managing the ESN information asset register and data lineage documentation.
• Assess and document data-handling roles and responsibilities (Controller vs Processor), ensuring compliance with UK GDPR and internal data-governance policies.
• Coordinate with Enterprise Architecture, Digital, Security, and Legal teams to validate system interfaces, storage, and processing pathways that involve personal data.
• Develop and maintain the Details of Processing tables ensuring accuracy, traceability, and alignment with Authority expectations.
• Conduct gap analyses between current data-handling practices and GDPR requirements, identifying remediation actions and producing clear, evidence-based compliance recommendations.
• Lead stakeholder engagement and progress reporting to demonstrate compliance activity and risk mitigation across the programme.
• Produce supporting documentation for Authority assurance, including ROPA (Records of Processing Activities), DPIAs (Data Protection Impact Assessments), and data-handling statements.
• Ensure any change to data flows or new system onboarding is reviewed, logged, and updated through the established ESN data-governance framework.
• Drive post-delivery handover activities, including knowledge transfer and integration of artefacts into ESN's ongoing governance model.

• Data governance and compliance - ability to interpret GDPR, UK Data Protection Act, and contractual data-handling obligations; practical experience preparing and maintaining ROPA, DPIA, and lawful-basis assessments.
• Data mapping and lineage documentation - proficiency in identifying and visualising data flows across complex systems, recognising interfaces, transformations, and data dependencies.
• Business analysis (data focus) - ability to translate business and regulatory requirements into structured artefacts and traceable documentation, ensuring compliance is evidenced through auditable deliverables.
• Stakeholder management - experienced in working across Legal, Digital, Architecture, and external Authority teams to align data-handling practices and achieve timely approval of deliverables.
• Risk and issue management - capable of identifying compliance gaps, defining mitigations, and escalating appropriately through governance forums.
• Process improvement - able to recommend and embed sustainable data-handling processes and control mechanisms for future ESN operations.

All profiles will be reviewed against the required skills and experience. Due to the high number of applications we will only be able to respond to successful applicants in the first instance. We thank you for your interest and the time taken to apply