Job Description
Responsible for managing the organisation’s data protection and privacy compliance in an SME environment with fewer than 250 employees operating across the UK EU and Switzerland. This role provides pragmatic, proportionate GDPR compliance. The focus is on practical risk management, operational compliance and acting as the internal point of contact for data protection matters.
\n\n
MAIN DUTIES AND RESPONSIBILITIES:
\n\n
Responsible for the following activities, including but not limited to:
\n\n
GDPR Compliance & Governance
\n\n
\n\t
* Maintain proportionate GDPR policies, notices, and procedures suitable for an SME.
\n\t
* Maintain Records of Processing Activities (RoPA) in line with Article 30 requirements applicable to SMEs.
\n\t
* Support privacy-by-design principles in new projects and systems.
\n\t
* Conduct and document low-risk DPIAs where required; escalate higher-risk matters for external advice.
\n
\n\n
Data Subject Rights
\n\n
\n\t
* Act as the primary contact for data subject rights requests (including DSARs).
\n\t
* Coordinate responses across HR, IT, and business teams.
\n\t
* Ensure statutory deadlines are met under UK GDPR, EU GDPR and Swiss data protection law (FADP).
\n
\n\n
Incident & Breach Management
\n\n
\n\t
1. Maintain a personal data breach register.
\n\t
2. Coordinate initial assessme...