Role: Data Protection Manager Location: Sheffield - hybrid Salary: £40,000 - £60,000 (DOE) Contract: Full time, Perm Benefits: 30 days annual leave birthday off Free parking onsite Enhanced parental leave Life assurance EAP and online/digital GP Wellbeing support services Professional development Fantastic supportive culture The Edwin Group is a growing collective of education companies working together to positively impact the lives of young people. We support schools and multi-academy trusts across the UK by offering high-quality temporary and permanent staffing, expert HR and leadership services, staff wellbeing training, character education and active learning programmes, and automated safer recruitment solutions – all designed to help schools recruit, retain and empower the best people. We’re proud to be recognised as a Sunday Times Best Place to Work for the third year in a row – a reflection of our strong values, supportive culture and commitment to employee wellbeing. The role: At Edwin, we’re building more than a business, we’re building a community. Our purpose-driven approach is at the heart of everything we do, and safeguarding the trust of our candidates, clients, and colleagues is essential to our mission. That’s where our Data Protection Manager plays a crucial role. In this varied and fast-paced role, you’ll be the Group’s subject matter expert on data protection, ensuring compliance with data protection laws and championing best practices across our operations. You’ll oversee and enhance data protection policies, processes, and training, helping to ensure that all personal data is handled responsibly and transparently across the group. The Data Protection Manager will act as a trusted advisor to stakeholders across the business and work closely with senior leadership to uphold and embed a culture of privacy and accountability. You’ll also serve as the key point of contact for the Information Commissioner’s Office (ICO) and for individuals exercising their data rights. Responsibilities: Manage and respond to data subject rights requests in accordance with GDPR and statutory deadlines. Report and investigate data breaches, ensuring incidents are documented, assessed, and escalated appropriately in line with legal and our internal procedures. Conduct and review Data Protection Impact Assessments (DPIAs) Manage and adapt existing data protection policies, privacy notices, and retention schedules to match regulatory requirements for our colleagues, candidates, customers and partners Lead the implementation of appropriate technical and organisational measures (TOMs). Lead data mapping activities across key systems (e.g. CRM, payroll, HR, learning platforms) to maintain an accurate understanding of data flows and processing activities. Provide practical guidance and advice on data protection matters to staff, escalating complex issues to the CTO where necessary. Lead the design and delivery of tailored data protection training Promote and foster a proactive culture of data privacy, championing best practices and ongoing awareness throughout The Edwin Group. Ensure the accuracy of compliance-related reports, including Positive DBS, CQC, and CCS checks, by overseeing regular monitoring and follow-up actions. Liaise with IT and other relevant teams to ensure systems and processes align with data protection standards and security protocols. Oversee the quality and accuracy of clearance data, using housekeeping reports to maintain up-to-date agency staff records. Support the transition of compliance-related data during the implementation of new systems, ensuring data integrity throughout the process. Keep up to date in data protection legislation across all regions where the business operates. Provide administrative cover when needed, including support for compliance or admin roles during periods of annual leave or absence. Act as an Ambassador for the Group’s Sustainability strategy and with a demonstrated commitment to adopt, promote and comply with Sustainability policies, developments, and initiatives. Requirements and skills Experience and Knowledge: Previous experience in data protection roles. Thorough knowledge of the General Data Protection Regulation (GDPR) is essential, including the UK GDPR and Data Protection Act 2018. Experience in supporting the creation and maintenance comprehensive ROPA logs. Proven track record rolling out GDPR programmes end-to-end. Understanding of reporting requirements to the UK’s Information Commissioner’s Office (ICO), and experience in managing Subject Access Requests (SARs) and data breaches. Familiarity with cyber essentials, and 3 rd party risk assessments. Familiarity with regulations related to the UK education sector (e.g. safeguarding requirements, data processing of children) and recruitment (e.g. processing candidate data, Right to Work and DBS checks). Understanding of data flows within recruitment systems, CRM tools, Learning Management Systems (LMS), and cloud platforms. Skills & Competencies: Communication: Ability to explain complex data protection requirements in accessible language. Problem-solving: Navigate ambiguous regulatory situations and implement pragmatic solutions. Decision making: Confident and responsible in making decisions Ethical mindset: Champion data subject rights and privacy-first thinking. Confidentiality: Handle confidential and sensitive information with discretion Personal Attributes: Has high attention to detail Is self-motivated and well-organised Personable and collaborative with the ability to build positive relationships Approachable and respectful Has excellent time management skills Works well under pressure and meets deadlines Takes initiative and solves problems proactively Has strong IT skills, including Microsoft Office Qualifications (Optional): CIPP/E (Certified Information Privacy Professional – Europe) CIPM (Certified Information Privacy Manager) BCS Data Protection Practitioner Certificate Click 'apply now' to be part of our exciting journey! Process: Screening Process - Our screening process is designed to assess candidates in a fair way. This gives you an opportunity to share your skill, experience and passion. Phone Call with the Talent Team - You will share a call with our Talent Acquisition team who will answer any questions you have about the role, our business and any next steps. 1st Interview - This first stage will involve meeting your potential manager and team members. Final Stage Interview - The final interview involves meeting a Senior Stakeholder in the business. The Edwin Group do not discriminate on the grounds of age, gender, race, colour, religion, disability or sexual orientation, and we welcome applications from all sections of the community. internaledwin