Data Protection Officer

We're now recruiting a Data Protection Officer (DPO), a newly created role reporting to the Chief Risk Officer (CRO).

The Data Protection Officer (DPO) is responsible for overseeing the organisation’s data protection strategy and ensuring compliance with data protection laws, including the UK GDPR and other relevant regulations. The DPO will act as the primary point of contact for data protection issues, advising the business on good practices and working cross-functionally to embed a culture of data protection within the organisation.

1. Regulatory Compliance & Governance:

• Ensure compliance with all applicable data protection laws, including UK GDPR and Data Protection Act 2018.
• Develop and maintain data protection policies, procedures, and frameworks.
• Monitor and review data processing activities for lawfulness, fairness, and transparency.
• Conduct regular compliance reviews and identify areas for improvement.
• Stay updated on legislative changes and update policies accordingly.

1. Advisory & Stakeholder Engagement:

• Leverage experience on AI's impact on data governance and security to promote best practices.
• Guide stakeholders on balancing ethical, technological, and commercial considerations when handling customer data.
• Provide expert advice to senior management and staff on data protection obligations.
• Serve as the main contact for regulatory authorities like the ICO.
• Collaborate with Technology, Legal, HR, and other units to implement privacy-by-design principles.
• Raise awareness and deliver training on data protection principles across the organisation.

1. Data Subject Rights & Incident Management:

• Oversee data subject requests such as access, erasure, and data portability.
• Manage data breach response plans and ensure timely reporting to authorities and affected individuals.
• Oversee records of processing activities and DPIAs for high-risk processing.

• Deep knowledge of data protection laws, regulations, and current best practices, including AI's impact on data protection.
• Strong analytical, technical, and problem-solving skills related to compliance risks and emerging technologies.
• Excellent communication and stakeholder management skills.
• Ability to influence decision-making and foster a culture of data security and compliance.
• Meticulous attention to detail and ability to handle multiple priorities.

• Bachelor's degree in Law, Compliance, IT, or related field (preferred, not mandatory).
• Relevant certification (e.g., CIPP/E, CIPM, CDPO) highly desirable.
• Proven experience in data protection, compliance, or privacy roles, preferably in Financial Services.
• Experience in regulated industries (e.g., finance, healthcare, tech) is a plus.