Role: Deputy Data Protection Officer
Location: Leeds, LS15 / Perivale, UB6 OR Bardon, LE67 (Hybrid requirements; Once per week at your closest site & Attendance at a monthly team meeting at one of these sites. Travel expenses are covered when meetings are held away from your usual base)
Salary: £50,000 - £60,000 per annum DOE, plus extensive benefits
Contract type: Permanent
Employment type: Full time
Working hours: 37.5 hours per week, Monday to Friday
Do you want to work for the nation’s largest online pharmacy ensuring excellence for all our patients? We’re a market leader in the pharmacy world, with 25 years’ experience, helping over 1.4 million patients in England manage their NHS prescriptions from request through to delivery. We are Great Place to Work certified as we consider colleague experience a top priority every day. Our people are fundamental to our success and ensuring we achieve our vision to be a world leading, patient-centric digital healthcare provider. We are committed to continuing to develop a positive, open and honest working environment for all.
As Deputy Data Protection Officer (DDPO) you will be the DPO’s right hand, championing privacy by design across a fast-growing organisation of more than 1,000 colleagues.
This is an opportunity to shape novel initiatives in AI-enhanced dispensing, personalised health services and advanced analytics within a culture that values creativity and continuous improvement.
What’s in it for you?
Occupational sick pay
Enhanced maternity and paternity pay
Contributory pension
Discounted insurance (Aviva)
Employee discount site
Discounted gyms (via our blue light card and benefits schemes)
Employee assistance programme
In-house mental health support
Free onsite parking
Health and wellbeing initiatives
Social events throughout the year
Cycle to work scheme
Green car scheme*(subject to minimum earnings)
Registration fees paid (GPhC, NMC, CIPD etc)
Long service bonus
Refer a friend bonus
Blue light card
Hybrid working
Commitment to CPD/training
25 days annual leave increasing with service
Annual leave buy and sell scheme
Discounts & Exclusive offers at The Springs, Leeds
25% Discount & health & beauty purchases
25% Discount on Pharmacy2U Private Online Doctor Services
What you’ll be doing?
· Offer timely, clear and balanced privacy advice across the group, aligning regulatory duties with commercial goals
· Lead DPIAs, Legitimate Interest Assessments and other risk assessments, maintaining robust records of processing activities
· Manage data-subject rights workflows, acting as escalation point for complex cases
· Draft privacy responses within bids, tenders and due-diligence questionnaires
· Oversee international data transfers and ensure contracts include appropriate safeguards and standard clauses
· Support and, when required, lead incident response: investigation, containment, mitigation and regulatory or data-subject notifications
· Develop, maintain and continually improve the privacy management programme (policy framework, training, monitoring and audit)
· Horizon-scan for legal, regulatory and technological developments, advising stakeholders on readiness and implementation
· Work closely with Information Asset Owners and risk owners, embedding accountability for personal-data processing throughout the organisation
· Prepare reports, presentations and dashboards for governance committees, the Executive team and (when needed) external regulators
· Coach and mentor other information-governance staff, fostering a collaborative learning environment
Who are we looking for?
· Degree (or equivalent) in law, information management, computer science or related discipline or Undergraduate with relevant working experience
· Recognised privacy certification (e.g. CIPP/E, CIPM, BCS Practitioner Certificate)
· Up-to-date knowledge of UK GDPR, DPA 2018, PECR and relevant ICO guidance
· Extensive data-protection or privacy experience, preferably in a regulated or health-tech environment
· Demonstrable experience leading DPIAs and privacy-by-design initiatives on transformative projects
· Hands-on involvement in incident management, regulatory engagement and stakeholder training
· Exposure to contract reviews, international data-transfer mechanisms and vendor-risk management
· Knowledge of AI/ML governance and emerging EU data-governance frameworks
· Familiarity with NHS DSP Toolkit, PECR and health-marketing regulation
What happens next?
Please click apply and if we think you are a good match, we will be in touch to arrange an interview.
Applicants must prove they have the right to live in the UK.
All successful applicants will be required to undergo a DBS check.
Unsolicited agency applications will be treated as a gift.
#INDLP