Hybrid 3x a week, London | 20% bonus + competitive salary
We’re looking for a Privacy Officer to join The Restaurant Group.
Purpose
Working closely with legal, technology, and business stakeholders, the privacy officer will enhance and embed privacy practices, ensuring that privacy risks are effectively managed and aligned with regulatory requirements. The group has an established privacy framework, so this role will focus on strengthening governance, improving consistency, and scaling privacy capabilities to support the organisation’s growth and operational complexity.
Key Accountabilities
* define and evolve the groups privacy strategy, working with senior stakeholders, aligned with regulatory developments and business objectives
* monitor the external regulatory landscape (e.g., UK GDPR, PECR, evolving ICO guidance) and translate impacts into actionable changes
* maintain and enhance the groups privacy framework, including policies, standards, controls, and procedures
* oversee and continuously improve DPIA and privacy risk assessment processes, ensuring consistency, quality, and timely completion
* lead and coordinate personal data breach management, including triage, notification decisions, regulatory engagement, and post-incident reviews
* collaborate with Information Security and Technology teams to align privacy and security controls
* oversee third-party privacy risk management, including vendor due diligence and contractual privacy requirements
* provide pragmatic, risk-based advice on new initiatives, products, systems, and technologies (e.g., digital platforms, customer data use, AI tools) and act as a trusted advisor to senior stakeholders, influencing decision-making
* facilitate resolution of complex or high-risk privacy issues, balancing regulatory expectations with operational needs
* Evolve and deliver a structured privacy training and awareness programme tailored to different roles and risk profiles
* drive a culture of accountability and responsible data use across TRG and its brands
* develop targeted communications and campaigns to improve awareness of privacy obligations and emerging risks
* monitor ongoing compliance with applicable data protection laws, internal policies, and standards
What You Need
* Bachelors degree or higher in business administration, law, finance, accounting, computer science or a related discipline is required.
* An advanced degree in law, business (M.B.A.), information science (MIS), information security or a related field is preferred.
* The ideal candidate will have a combination of a legal or business degree with technical experience.
* The candidate has obtained one or more of: Certified Information Privacy Professional (CIPP), Certified Information Privacy Management (CIPM), Certified Information Privacy Technologist (CIPT), AI Governance Professional (AIGP) and/or Practitioner Certificate in Data Protection.
Experience
* Experience leading or operating a privacy programme in a multi-stakeholder organisation
* Strong understanding of UK GDPR, PECR, and practical application in a commercial environment
* Experience working with senior stakeholders and influencing business decision-making
* Ability to translate regulatory requirements into pragmatic, business-friendly solutions
Benefits
* competitive salary
* 20% bonus
* hybrid working
* come as you are culture, with modern offices, fresh fruit and soft drinks
* £200 monthly wagamama food allowance — enjoy all your favourite dishes on us!
* private healthcare cover (+ partner)
* 3% pension contribution
* 25 days holiday plus bank holidays
* further discounts across retail, hospitality & leisure — perks that make life sweeter
* family-friendly pay: 26 weeks full pay + 13 weeks half pay for expectant or adopting parents
J-18808-Ljbffr