Compliance and Data Protection Officer

Description

We have a role to join us as a Compliance and Data Protection Officer. This standalone position, reporting into Legal, is responsible for ensuring Footaylum adheres to legal standards, internal policies, and data protection regulations such as the GDPR, and other applicable privacy laws.

The role is split into two key areas:

Compliance Management Responsibilities

• Develop, implement, and maintain Footasylum’s compliance framework, policies, and procedures.
• Monitor and report on compliance risks, breaches, and regulatory developments.
• Conduct internal audits and risk assessments to ensure adherence to legal and regulatory requirements.
• Provide training and guidance to staff on compliance-related matters.
• Liaise with regulatory bodies and manage responses to compliance inquiries or investigations.

Data Protection Officer (DPO) Responsibilities

• Serve as the primary point of contact for data protection authorities and data subjects.
• Monitor compliance with data protection laws and internal data protection policies.
• Advise on Data Protection Impact Assessments (DPIAs) and privacy-by-design practices.
• Maintain records of processing activities (RoPA) and oversee data breach response protocols.
• Conduct regular privacy audits and risk assessments.
• Collaborate with IT, HR, Legal, and other departments to ensure data protection compliance.
• Ensure all marketing campaigns, ideas, and events are in line with the legal requirements of the GDPR, Data Protection & Privacy processes.
• The role is responsible for reviewing all third-party DPA contract clauses.

About You

• Strong knowledge of GDPR, UK Data Protection Act 2018, PECR, and other relevant privacy laws.
• Proven experience developing and implementing compliance frameworks and internal policies.
• Excellent understanding of risk assessment methodologies and internal audit processes.
• Strong stakeholder management and ability to influence at all levels.
• Excellent written and verbal communication skills, with the ability to explain complex regulations in plain language.
• High attention to detail with strong organisational and analytical skills.
• Ability to work autonomously in a standalone role, managing multiple priorities simultaneously.
• Proficiency with compliance management tools and MS Office Suite.

Desirable Skills

• Knowledge of ISO standards such as ISO 27001 (Information Security Management).
• Experience with privacy-by-design and data protection impact assessments (DPIAs).
• Familiarity with contract review, especially Data Processing Agreements (DPAs).
• Training delivery experience on compliance and data protection topics.
• Understanding of cybersecurity best practices.

Diversity

We recognise and value the importance of diversity to help make sure we have lots of different perspectives when we are building products and services. We know that this will help us build useful and accessible things which our customers will love. This is great news for our business. Diversity for us is also, importantly, about building happy teams full of people that want to learn and want to be inspired by each other and our different experiences and backgrounds.

Recruitment Process

We’ll help make the interview process as transparent and stress-free as possible.

We review applications individually, and if we feel you would be a good fit, we’ll invite you for a call or Teams video for an informal chat about the role and to see if we’re a good fit for you.

We value open and honest conversations and collaboration, allowing you to learn about our work in an informal and friendly environment. We want to know about you and why you feel this is your opportunity.

Please note this is not a remote role, and we expect that you will be able to attend Head Office in a hybrid way in Greater Manchester.