Data Protection Officer DPO

Birmingham, West Midlands (with national travel as required)

Reporting into the CTO you will be responsible for ensuring that all personal data particularly that of children, families, and staff is managed lawfully, securely, and ethically. You will lead the organisation's compliance with UK GDPR and the Data Protection Act 2018, embedding a culture of privacy and safeguarding across all operations. This role is central to protecting children's rights, maintaining trust with stakeholders, and ensuring that data processing supports safe and responsible care practices.

Policy & Governance

• Develop and maintain robust data protection policies and procedures
• Ensure all practices align with safeguarding standards and legal obligations
• Serve as the main contact for data subjects, parents/guardians, local authorities, and the ICO

Risk Management & Compliance

• Conduct Data Protection Impact Assessments (DPIAs) for new initiatives
• Maintain records of processing activities and ensure statutory compliance
• Review and manage Data Processing Agreements (DPAs) with third–party providers
• Investigate and report data breaches, prioritising child safety and risk mitigation

Training & Awareness

• Deliver training to staff and carers on privacy, confidentiality, and safe data handling
• Promote a privacy–first culture across all departments and roles

Operational Support

• Collaborate with IT, HR, and leadership to implement privacy–by–design in systems and processes
• Manage Subject Access Requests (SARs) with sensitivity and in line with safeguarding protocols

Skills & Competencies

• In–depth knowledge of UK data protection laws, especially in child–focused environments
• Strong communication skills to engage all levels of staff, including front–line carers
• High ethical standards and commitment to confidentiality
• Excellent problem–solving and risk management capabilities
• Empathy and emotional intelligence when handling sensitive personal data
• Organised, detail–oriented, and proactive in approach
• Skilled in delivering effective training and supporting colleagues
• Resilience and adaptability in a fast–paced setting

Education & Experience

• Degree or qualification in law, compliance, information governance, or a related field
• Professional certification (e.g. CIPP/E, CIPM, BCS Data Protection) is highly desirable
• 3–5+ years' experience as a DPO or Data Protection Manager
• Experience in childcare, education, or similar sectors with safeguarding responsibilities
• Familiarity with child welfare legislation and its intersection with data protection
• Proven track record in conducting audits, DPIAs, and managing SARs
• Understanding of consent, confidentiality, and capacity in child–focused contexts

Success Measures

• Full compliance with data protection and safeguarding regulations
• Positive outcomes from audits and inspections
• Reduction in data breaches and effective incident management
• High levels of staff awareness and confidence in data privacy practices
• Strong stakeholder trust in the organisation's handling of personal data
• Effective policies that support ethical and safe care delivery

General Expectations

• Operate with professionalism, pace, and purpose
• Uphold Compass Community's REACH values in all activities
• Participate in ongoing training and development
• Adhere to company policies including Equal Opportunities, IT usage, and Health & Safety
• Maintain confidentiality and comply with the Data Protection Act
• Be flexible and responsive to evolving business needs
• Travel to Compass Community locations as required

Salary/Package

• GBP75k–GBP80k basic salary
• Discretionary company bonus
• Share Option Scheme
• 4% Pension
• Life Insurance 3 x salary
• 25 days annual leave plus stautory – 1 x extra day every year for the first 3 years
• Blue Light Card
• Medicash – includes discounted gym memberships etc.

Click on the link to apply or speak with Chris Holliday for any further information.