Overview
We are seeking a highly skilled and experienced Group Data Protection Officer (GDPO) to oversee and implement our organization’s data protection strategy, ensuring compliance with data protection regulations, including the UK GDPR, EU GDPR (where applicable), and the UK Data Protection Act 2018.
Department: Governance & Risk
Location: Manchester, UK
Key Responsibilities
* Lead the development and implementation of the Group-wide Data Protection Framework and Strategy, ensuring compliance with UK GDPR, EU GDPR, and other relevant data privacy laws.
* Provide expert guidance to senior management and the board on data protection risks, compliance obligations, and continuous improvement initiatives.
* Champion a strong data protection culture across the organization, acting as the principal advocate for privacy and information security.
* Oversee compliance and governance, ensuring all data processing activities are properly documented and legally compliant.
* Maintain and update key governance materials, including ROPAs, privacy notices, retention schedules, and policies.
* Advise business units and project teams on data protection implications of new initiatives, data sharing, and technology deployments.
* Act as primary liaison with regulators, including the UK ICO, handling audits, consultations, and data breach notifications.
* Lead responses to data subject requests such as SARs and right to erasure, ensuring appropriate handling of personal data breaches.
* Deliver training and awareness programmes to build employee understanding of privacy risks and regulatory compliance requirements.
* Oversee third‑party and vendor compliance, including data protection clauses, DPIAs, and ongoing risk monitoring.
About You
* A degree in Law, Information Security, Compliance, or a related field (or equivalent experience)
* Professional certifications such as CIPP/E, CIPM, CIPT, or equivalent are highly desirable
* Strong experience in data protection, privacy, or a similar compliance/governance role, ideally in a regulated environment (e.g., financial services, legal, or technology)
* Deep understanding of the UK GDPR, EU GDPR, and other relevant privacy laws across the European Union and the UK
* Proven track record in managing regulatory relationships, data breach incidents, and compliance audits or assessments
* Expertise in data protection laws, principles, and operations, with the ability to translate legal requirements into practical business processes
* Strong leadership and stakeholder engagement skills, with the ability to influence decisions at senior management and board levels
* Excellent communication, interpersonal, and negotiation skills
* Proficiency in managing data protection tools and conducting audits, assessments, and remediation plans
* Risk management mindset with strong analytical and problem‑solving capabilities
Seniority level
Mid‑Senior level
Employment type
Full‑time
Job function
Information Technology
#J-18808-Ljbffr