Data Protection Officer

We are seeking an experienced DPO to join our Governance & Compliance function. The incumbent will help ensure organisational compliance with the UK GDPR, the Data Protection Act 2018, and other relevant legislation and will act as an independent advisor and monitor, supporting governance, risk, and assurance activities across the organisation and serving as the primary contact for data subjects and the Information Commissioner s Office (ICO).

Please note that this position requires a Disclosure and Barring Service (DBS) check as part of our commitment to safeguarding and ensuring the safety of our clients and staff. The successful candidate will be required to undergo a DBS check before commencing employment.

• Monitor internal compliance with data protection legislation and organisational policies.
• Advise on and review Data Protection Impact Assessments (DPIAs) and coordinate Records of Processing Activity (ROPA) registers.
• Lead investigations into data breaches and ensure timely reporting to the ICO.
• Maintain and review the Data Incident Tracker and ensure appropriate classification and resolution.
• Support audits and regulatory reviews, including ISO and CQC assessments.
• Develop and deliver data protection training across the organisation.
• Serve as the point of contact for data subjects and the ICO.
• Provide expert advice to senior leadership and collaborate with clinical and operational teams.
• Ensure fulfilment of NHS DSPT obligations and Cyber Assessment Framework, ISO27001 alignment.
• Manage the Subject Access Request process, regular reporting of KPI s in relation to this.
• Line manage the Subject Access Administrator.
• Support the supplier validation process from a data protection and IT security perspective.

• Minimum 3 years experience in data protection, information governance, or compliance.
• In-depth knowledge of UK GDPR, Data Protection Act 2018, and NHS DSPT requirements.
• Experience managing data breaches, DPIAs, and regulatory submissions.
• Strong understanding of risk management and audit processes.
• Qualification in Data Protection.
• Experience of people management.
• Experience of managing SAR s, complaints and incidents relating to data breaches.
• Experience in advising on supplier validation and assurance in relation to data protection and IT security.
• Excellent analytical and problem-solving skills.
• Strong written and verbal communication, including report writing.
• Ability to manage sensitive information with discretion and integrity.
• Proficiency in Microsoft Office and data governance platforms.
• Strong understanding of UK GDPR Articles 37-39 and their practical application, NHS DSPT and Online Safety Act 2023 implications for digital services.
• Desirable: Formal qualification in Data Protection (e.g., CIPP/E, BCS DPO Certificate).
• Experience in healthcare or regulated sectors.
• Familiarity with ISO 27001, CQC standards, and Cyber Assessment Framework.
• Ability to influence and advise senior stakeholders.
• Experience with SharePoint, risk registers, and incident tracking tools.
• Knowledge of Gender Recognition Act 2004 and handling of special category data, cross-border data transfer regulations and adequacy decisions and application of AI and data security implications.

At Clinical Partners, we are proud to be one of the UK s leading providers of mental health services, working across both private and NHS sectors to support individuals and families facing emotional and psychological challenges. Our commitment to delivering safe, high-quality care is at the heart of everything we do.

• Salary starting from 50,000 per annum
• 25 days paid holiday (increasing with service to 28 days) plus bank holidays.
• A day off for your birthday.
• Healthcare Cash Plan
• Benefits Platform
• Life Assurance
• Discount Vouchers
• Flexible working opportunities to suit your personal needs
• Opportunities to take part in charitable events
• Access to a Wellbeing portal and Employee Assistance Programme (EAP)