Data Protection Officer (DPO)
Department: Legal
Salary: £60,000 – £70,000
I’m hiring a DPO into a high‑volume UK transport hub —a regulated, security‑conscious environment with complex data flows (customer operations, CCTV/access control, suppliers, and digital platforms). This is a hands‑on governance role with real operational impact.
You will act as the primary contact for data protection matters, providing guidance, oversight and support across the organisation, fostering a culture of data protection awareness, and liaising with regulatory authorities as required. You’ll work closely with Legal, Risk & Compliance, and Cybersecurity teams to develop and monitor policies and standards in line with applicable law.
What’s on offer
* Competitive pension scheme; eligibility to a profit-sharing bonus scheme
* Private healthcare; free gym
* Flexible working; volunteering days
* Discounted travel; money off shops and restaurants
Key responsibilities
* Monitor compliance with data protection laws and internal policies, including regular audits and reviews.
* Advise and inform staff on obligations under data protection legislation and best practice procedures, including setting standards to ensure compliance.
* Develop, implement, maintain and deliver data protection policies, procedures and training programmes.
* Serve as the primary point of contact for data protection queries from the business and for the Information Commissioner’s Office (ICO).
* Manage and respond to DSARs, and support all other data subject rights (erasure, rectification, objection, restriction and portability) within statutory deadlines.
* Oversee the handling of personal data breaches, ensuring prompt reporting and appropriate remedial action.
* Work with key internal stakeholders to review projects and related data to ensure compliance with applicable laws.
* Undertake DPIAs (and work with the business to identify when DPIAs are required).
* Maintain records of processing activities and ensure documentation is up to date and accurate.
* Review and provide guidance on contracts and data sharing agreements to ensure compliance with data protection requirements.
* Keep abreast of developments in data protection law and advise management of any changes affecting the organisation.
* Participate in Information Security Committee meetings, ensuring data protection risks, DPIA outcomes, and compliance issues are considered in cybersecurity decision‑making, programme planning, and incident reviews.
* Collaborate with the Cybersecurity team to support privacy and security awareness, data governance records, privacy by design/default, incident response from a data protection perspective, and internal/external audits and certification activity.
* Work with IT to ensure systems and procedures comply with data protection law and policy, including retention and destruction of data.
* Provide regular reports to the Audit and Risk Committee and the Information Security Committee on data protection compliance.
* Review and authorise the release of CCTV footage to external third parties.
Knowledge, skills & experience
* Strong knowledge of UK GDPR, Data Protection Act 2018, PECR and related privacy legislation.
* Demonstrable experience in a data protection, compliance or information governance role.
* Excellent communication and interpersonal skills, with the ability to influence and educate at all levels.
* Strong analytical and problem-solving abilities, attention to detail and a proactive approach.
* Ability to interpret complex legislation and translate requirements into practical policies and procedures.
* Experience conducting audits, risk assessments and handling data breaches.
* Sufficient knowledge of information technology and data management systems.
* Strong change and project management skills, including prioritisation and managing multiple deadlines.
* High standards of integrity, confidentiality and ethical conduct.
* Experience reviewing and advising on data sharing agreements, schedules and provisions.
* Desirable: relevant professional certification (e.g., CIPP/E, CIPM or similar).
* Preferred (not essential): industry experience relevant to regulated/operational environments; experience drafting/amending data sharing agreements, schedules and provisions.