Data Protection Officer (DPO)

Job Description

We're now recruiting a Data Protection Officer (DPO), a newly created role reporting to the Chief Risk Officer (CRO).

The Data Protection Officer (DPO) is responsible for overseeing the organisation’s data protection strategy and ensuring compliance with data protection laws, including the UK GDPR and other relevant regulations. The DPO will act as the primary point of contact for data protection issues, advising the business on good practices and working cross-functionally to embed a culture of data protection within the organisation.

Key Responsibilities:

Regulatory Compliance & Governance:

• Ensure the organisation's compliance with all applicable data protection laws and regulations, including UK GDPR and Data Protection Act 2018.
• Develop and maintain data protection policies, procedures, and frameworks.
• Monitor and review data processing activities, ensuring lawful, fair, and transparent processing.
• Conduct regular reviews to assess compliance with data protection laws and identify areas for improvement.
• Keep up to date with legislative changes and update internal policies accordingly.

Advisory & Stakeholder Engagement:

• Use their practical experience of how AI impacts data governance and security to ensure we are developing and adhering to good practice.
• Ensure stakeholders are balancing ethical, technological and commercial considerations when using or designing new tools for customer data.
• Provide expert guidance and constructive challenge to senior management and employees on data protection obligations and good practices.
• Act as the primary point of contact for regulatory authorities, including the Information Commissioner’s Office (ICO).
• Collaborate with Technology, Legal, HR, and other business units to implement privacy-by-design principles in new projects, systems, and processes.
• Raise awareness and provide training on data protection principles across the organisation.

Data Subject Rights & Incident Management:

• Provide second line oversight of data subject requests (e.g., Subject Access Requests, right to erasure, data portability).
• Oversee data breach response plans and ensure timely reporting to regulators and affected individuals when required.
• Oversee records of processing activities (RoPA) and the organisation’s data protection impact assessments (DPIAs) for high-risk processing activities.

Key Competencies & Skills:

• In-depth knowledge of data protection laws, regulations, and current good practice including how AI impacts data protection and data management in our industry.
• Strong analytical, technical and problem-solving skills to assess compliance risks, with working knowledge of data privacy issues with key emerging technologies.
• Excellent communication and stakeholder management skills to engage with all levels of the business in verbal and written form.
• Ability to influence decision-making and drive a culture of data security and compliance.
• Strong attention to detail and ability to manage multiple priorities.

Qualifications & Experience:

• Bachelor's degree in Law, Compliance, IT, or a related field (but not mandatory).
• Relevant data protection certification (e.g., CIPP/E, CIPM, CDPO, or equivalent) is highly desirable.
• Proven experience in a data protection, compliance, or privacy-focused role, ideally in Financial Services.
• Experience working in regulated industries (e.g., financial services, healthcare, technology) is a plus.

About us

AJ Bell is one of the fastest-growing investment platform businesses in the UK offering an award-winning range of solutions that caters for everyone, from professional financial advisers to DIY investors with little to no experience. We have over 593,000 customers using our award-winning platform propositions to manage assets totalling more than £90.4 billion. Our customers trust us with their investments, and by continuously striving to make investing easier, we aim to help even more people take control of their financial futures.

Having listed on the Main Market of the London Stock Exchange in December 2018, AJ Bell is now a FTSE 250 company.

Headquartered in Manchester with offices in central London and Bristol, we now have over 1,500 employees and have been named one of the UK's 'Best 100 Companies to Work For’ for six consecutive years and in 2024 named a Great Place to Work.

Our perks and benefits

• Competitive starting salary
• Starting holiday entitlement of 27 days, increasing up to 31 days with length of service and a holiday buy and sell scheme
• A choice of pension schemes with matched contributions up to 8%
• Discretionary bonus scheme
• Annual free share awards scheme
• Buy As You Earn (BAYE) Scheme
• Health Cash Plan - provided by SimplyHealth
• Private healthcare scheme and dental plan
• Free gym membership, with an on-site gym providing a wide range of free classes
• Employee Assistance Programme
• Bike loan scheme
• Sick pay+ pledge
• Enhanced maternity, paternity, and shared parental leave
• Discounted nursery fees at Kids Planet on Exchange Quay
• Death in service scheme
• Paid time off for volunteer work
• Charitable giving opportunities through salary sacrifice
• Calendar of social events, including monthly payday drinks, annual Christmas party, summer party and much more
• Ongoing technical training
• Professional qualification support
• Talent development programmes

Hybrid working

At AJ Bell, our people are the heart of our culture. We believe in building strong connections by working together. That's why we offer a hybrid working model, where you’ll spend a minimum of 50% of your working time per month in the office. For new team members, an initial period will be full-time in the office to help you immerse yourself in our business and build valuable relationships with your colleagues.

AJ Bell is committed to providing an environment of mutual respect where equal employment opportunities are available to all applicants and all employees are empowered to bring their whole self to work.