The Capital on Tap started because small businesses were underserved. We offer a best‑in‑class business credit card, a SME‑focused spend management platform, a savings product that hit £1 billion in funds within its first year, and a growing suite of tools and financial products that make running a small business easier. We have 1,000+ employees, £20bn in annual card spend, over 200,000 customers, and are profitable.
The Data Protection Team at Capital on Tap
The Data Protection team plays a crucial role in enabling Capital on Tap's commercial objectives while ensuring full compliance with global data protection regulations. As our Data Protection Officer, you will lead a team that includes Data Protection Analysts and Administrators, working at the intersection of technology, compliance, and business enablement.
The Role
We are looking for an exceptional Data Protection Officer to join our FinTech in London. This is a strategic leadership role for someone who thrives on using cutting‑edge technology and AI to transform data protection from a compliance function into a business enabler. You will protect the company by finding innovative ways to achieve commercial goals while maintaining the highest standards of data protection compliance.
What you'll be doing
* Strategic Leadership: Serve as the primary data protection authority, providing strategic guidance to senior leadership on privacy risks and opportunities across all business functions.
* Business Enablement: Work closely with Product, Engineering, Marketing, and Commercial teams to find compliant pathways for new initiatives, ensuring data protection accelerates rather than hinders business goals.
* Technology & Automation: Lead the implementation of state‑of‑the‑art AI technologies and automation tools to streamline data protection activities, from DPIA automation to intelligent data discovery and rights fulfilment.
* Regulatory Compliance: Ensure full compliance with UK GDPR, DPA 2018, PECR, Data Use and Access Act (DUAA), CCPA/CPRA and emerging regulations, while staying ahead of regulatory developments and their business implications.
* Risk Management: Conduct and oversee Data Protection Impact Assessments (DPIAs), manage data breach responses, and implement privacy‑by‑design principles across all technology platforms.
* Monitoring: Monitor and assess data processing activities to ensure ongoing compliance, maintain and review the organisation's Record of Processing Activities (ROPA).
* Stakeholder Management: Act as the primary contact point for regulators (ICO), work closely with internal and external legal counsel, and represent the company in privacy‑related matters.
* Team Development: Build and lead a high‑performing data protection team, fostering a culture of innovation, urgency, and business partnership.
* International Expansion: Support the company's US operations and international growth by navigating complex cross‑border data transfer requirements and multi‑jurisdictional compliance.
* Vendor Management: Lead privacy due diligence for third‑party vendors and partnerships, ensuring contractual protections align with business risk appetite.
* Training & Culture: Drive privacy awareness across the organisation through targeted training programmes and embed privacy considerations into business‑as‑usual processes.
Essential Requirements
* Deep Regulatory Expertise: Comprehensive knowledge and hands‑on experience with UK data protection regulations (GDPR, DPA 2018, PECR, DUAA) and the ability to interpret complex requirements and provide pragmatic business guidance.
* FinTech/Tech Background: Proven experience in financial services or technology companies, understanding the unique privacy challenges of regulated financial products.
* Technical Fluency: Strong technical acumen with experience using data protection tools, privacy management platforms, and automation technologies.
* AI & Innovation: Experience with or strong willingness to adopt cutting‑edge AI technologies for privacy operations.
* Problem‑Solving Mindset: Pragmatic approach to complex privacy challenges, with a track record of finding creative solutions that balance compliance requirements with customer outcomes and business objectives.
* Urgency & Business Focus: Demonstrated ability to work at pace in fast‑moving environments, with a philosophy that compliance should enable rather than block business progress.
* Leadership Experience: Proven ability to lead cross‑functional initiatives, influence senior stakeholders, and build high‑performing teams.
* Strategic Thinking: Experience translating regulatory requirements into business strategy, with the ability to anticipate future privacy challenges and opportunities.
Desirable
* Professional Qualifications: A recognised data protection qualification such as IAPP's CIPP/E, CIPM, CIPT, C‑DPO, or a BCS Practitioners certificate in Data Protection.
* US Privacy Expertise: Knowledge of CCPA/CPRA, state‑level US privacy laws, and experience managing multi‑jurisdictional compliance programmes.
* Professional Qualifications: AIGP – a certified AI Governance Professional would be highly desirable.
* Regulatory Relationships: Existing relationships with privacy regulators or experience managing regulatory inquiries.
* International Experience: Experience with international data transfers, adequacy decisions, and global privacy frameworks.
* Experience: Minimum of 2 years experience acting in a DPO capacity within a financial services or technology organisation.
Diversity & Inclusion
We welcome, consider and encourage applications from anyone who shares our commitment to inclusivity. Join us in creating a space where authenticity thrives, and everyone can do their best work.
Great Work Deserves Great Perks
* Private Healthcare including dental and optician services through Vitality
* Worldwide travel insurance through Vitality
* Anniversary Rewards (£250, £500, £750, 4‑week fully paid sabbatical)
* Salary Sacrifice Pension Scheme up to 7% match
* 28 days holiday (plus bank holidays)
* Annual Learning and Wellbeing Budget
* Enhanced Parental Leave
* Cycle to Work Scheme
* Season Ticket Loan
* 6 free therapy sessions per year
* Dog Friendly Offices
* Free drinks and snacks in our offices
Excited to work here? Apply!
If you'd like to lead data protection innovation at one of Europe's fastest‑growing FinTechs, click apply and we will aim to get back to you within 3 working days.
#J-18808-Ljbffr