Group Data Protection Officer (DPO)


As Data Protection Officer (DPO) you will be appointed to monitor internal compliance on data protection obligations and act as a point of contact for the supervisory authority and data subjects. The DPO will be required to ensure the organisations processes of personal data of its, employees, contractors and workers or any other individual is compliant with the appliable data protection regulations. 

The role will be a group role and the appointed DPO will be required to ensure compliance both in the EU and UK regulatory and supervisory authorities such as the Information Commissioner’s Office (ICO) and European Data Protection Supervisor (EDPS). 

You must be prepared to work in a fast-paced environment and possess the ability to be completely flexible in all/many different situations that may arise. The DPO will hold accountability and be the organisations representative for all compliance with data regulation authorities. 

As the Group DPO you will need to be self-motivated and have the ability work on your own initiative, solution-oriented and have the ability to build processes and procedures relating to data protection regulations from scratch with the relevant departments across the business. 

Day-to-day duties 

You will be required and will hold accountability to serve as the main point of contact for DPO duties such as: 

  • Data breach support and response (including but not limited to liaison with the ICO) 
  • Breach response 
  • Data subject access request support (SAR) 
  • Drafting policy and procedure in line with UK and EU GDPR regulations 
  • Data mapping support and advice 
  • Ability to compile Data Protection Impact Assessments (DPIAs) 
  • Support the Security Manager with GDPR compliance and information security awareness training 
  • The DPO is responsible in for ensuring the controllers and data subjects are well informed about their data protection rights, obligations and responsibilities 
  • Support with raising awareness of data protection regulations in partnership with relevant departments (HR, IT, Communications) 
  • Give advice and provide corrective action and recommendations to the organisation about the interpretation or application of data protection regulations 
  • Create processes and procedures to processing operations within the organisation and notifying or presenting to EDPS any specific risks (or prior checks as required) 
  • To be held accountable in the organisation for data protection compliance 
  • Handle queries or complaints on request by either the organisation, the controller, or data subject 
  • Work in partnership with EDPS (responding to any investigations, complaint handling, inspections conducted by EDPS etc.) 
  • Draw the organisations attention to any non-compliance or failures to comply with the applicable data protection rules. 
  • You will have worked as DPO since May 2018 and have expert knowledge in EU regulation prior to UK exit from EU OR BREXIT – need to be consistent [see further down] 

Attributes/experience required 

  • Expert knowledge of data protection legislation 
  • Minimum of 4 years’ experience as DPO (essential knowledge of EU regulations prior to BREXIT) 
  • Expert knowledge of reporting data breach to ICO and relevant data protection regulatory bodies both in EU and UK 
  • Proficient in English (French and Italian are desirable) 
  • Ability to work proactively 
  • Flexibility (location, travel, hours) is expected for this role