Group Data Protection Manager
Reporting to: Director of Data Protection
Office Location: London Triton Street
This role will be based in London Triton Street Office and benefit from our hybrid working arrangements. There will be occasional travel to our offices in other locations, as and when required.
Role Objectives
Act as the lead for data protection matters for the Group functions, ensuring compliance with applicable data protection and AI laws through close collaboration with Group DPO and Regional DPOs.
Support and manage data protection risk within the Group functions while aligning with global data protection strategy and principles.
Support the Group DPO to provide expert advice and guidance to Group leadership on data protection risks, embedding privacy by design and by default into business processes.
Support the organisation’s ethical and compliant use of emerging technologies.
Key Results / Areas
Compliance & Governance:
* Maintain Group data protection policies and monitor adherence
* Maintain and keep up to date Group data protection notices, consent language, policies and standards
* Provide regular formal reports to Group leadership
* Work with wider regional DPOs and legal teams to ensure data protection contractual templates are up to date and fit for purpose
Risk Management:
* Identify, assess, and mitigate data protection risks in Group projects and operations.
* Maintain and update the data protection risk assessment processes
* Conduct and oversee Group function Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), International Data Transfer Assessments (IDTAs) and other risk assessments, as necessary
* Support incident response for data breaches within Group functions
* Identify and deploy Group level data protection controls and metrics to provide data protection risk assurance across Group functions
* Act as key point of contact for Information Security & Data Protection, ensuring close collaboration on key shared priorities
Regulatory Engagement:
* Monitor and manage emerging regulatory developments in data protection and AI
* Support Regional DPOs in multi-jurisdiction regulatory changes and support Group functions in regulatory change management.
Training & Awareness:
* Coordinate data protection training and awareness programmes between regional and Group functions, ensuring consistency and sharing resources where appropriate
* Proactively engage with high risk Group teams to improve data protection education and awareness
Monitoring & Reporting:
* Track and report Group data protection metrics and KPIs to Group DPO and senior leadership
Data Protection Operations:
* Act as the Subject Matter Expert for issues relating to data subject rights fulfilment and complaints handled by Group functions
* Monitor and problem solve issues with any area of DP Operations within the Group
* Act as super-user for DPO technology & systems
* Responsible for new DPO technology roll-out and coordination across regional DPO teams and Group functions
Stakeholder responsibilities (customer/staff etc)
Collaborate with:
* Group Senior Leadership – advise on compliance and risk, provide formal reports on data protection risk
* Legal, Compliance, and IT Security Teams – ensure integrated privacy controls, appropriate vendor management, etc.
* Group and Regional DPOs – support group-wide projects, coordinate group-wide policies and procedure development, manage change/new feature request for DPO technology
Knowledge, qualifications and experience
In-depth knowledge of:
* Global data protection laws and cultural attitudes to data protection.
* Global AI laws and emerging AI governance frameworks.
* Privacy by design principles and risk assessment methodologies.
* Recruitment practices and Hays organisational knowledge is desirable
Qualifications:
* Degree in Law, Compliance, or Information Security.
* Professional certifications (e.g., CIPP/E, CIPM) highly desirable.
Skills and Competencies
* Stakeholder Management: Strong influencing and relationship-building skills across diverse cultures
* Communication: Clear and persuasive communication for senior stakeholders
* Project Management: Ability to deliver change, manage issues and risks, create and execute plans
* Analytical Capability: Excellent risk analysis and problem-solving skills
* Technical Acumen: Understanding of data flows, security controls, and AI technologies
* Resilience & Adaptability: Ability to manage complex regulatory environments and evolving technologies
At Hays, we share a passion for creating a culture of opportunities for our people to flourish and succeed, whatever your background. We know that diversity of perspective and an inclusive approach, which encourages those experiences and views to be heard, is great for business and therefore your career.