- Company Name
- Zilch
- Job Title
- Data Protection Officer - 12m FTC (Mat Cover)
- Job Description
-
Job title: Data Protection Officer – 12 Month Fixed‑Term Contract
Role Summary:
Lead the organisation’s data protection and privacy compliance program, ensuring adherence to UK GDPR, Data Protection Act 2018, PECR, and related legislation. Serve as primary liaison with the Information Commissioner’s Office (ICO) and other supervisory authorities, provide independent oversight, and embed privacy practices across all business functions.
Expectations:
- Establish and continuously improve a robust privacy framework, policies, and procedures.
- Maintain full compliance with UK data protection laws while balancing regulatory obligations with business innovation.
- Deliver expert legal and compliance advice to senior management and operational teams.
- Foster a culture of privacy awareness through training and communication.
Key Responsibilities:
- Develop, implement, and update privacy policies, procedures, and the Record of Processing Activities (RoPA).
- Act as the main point of contact for the ICO and other supervisory authorities, managing communications, investigations, breach notifications, and complaints.
- Collaborate with Legal to review, draft, and negotiate privacy clauses, data processing agreements, and international data transfer documentation.
- Manage data subject rights requests, ICO complaints, and data protection‑related court cases; continuously improve resolution processes.
- Provide guidance on privacy aspects of marketing, digital advertising, cookies, and electronic communications in line with PECR.
- Conduct privacy risk assessments, support privacy‑by‑design in new projects, and maintain data flow documentation.
- Work with Information Security to investigate personal data breaches and manage related notifications to regulators and data subjects.
- Design and deliver privacy training programs and promote awareness across the business.
- Monitor and assess privacy risks through internal audits, compliance monitoring, and reporting to senior leadership.
- Track emerging data protection developments and advise the business on regulatory changes.
Required Skills:
- Minimum 5 years of experience in data protection and privacy compliance within a regulated environment.
- Strong knowledge of UK GDPR, Data Protection Act 2018, PECR, and other privacy laws.
- Proven ability to implement and lead privacy management programmes in complex, fast‑paced settings.
- Experience interacting directly with supervisory authorities, including the ICO.
- Skilled in reviewing, drafting, and negotiating privacy and data protection contracts.
- Excellent communication, influencing, and stakeholder‑management skills.
- Ability to translate complex legal and technical issues into clear, actionable advice.
- Experience supporting M&A, audits, and due‑diligence activities.
Required Education & Certifications:
- Legal background highly desirable (LLB, LLB/LLM, or equivalent).
- Professional certifications such as CIPP/E, CIPM, or CIPT (or equivalent) preferred.
- Advanced or specialist training in data protection is an asset.