Data protection officer

London
Fortius Clinic
Data protection officer
Posted: 18h ago
The role
Data Protection Officer

Requirements

Key Responsibilities

Governance & Compliance
  • Act as the named DPO under UK GDPR and the Data Protection Act 2018
  • Develop, maintain, and continuously improve data protection policies, frameworks, and procedures
  • Monitor compliance, including NHS Data Security and Protection (DSP) Toolkit requirements
  • Maintain and oversee the Record of Processing Activities (ROPA)
  • Lead and oversee Data Protection Impact Assessments (DPIAs)
  • Ensure implementation of data protection standards, privacy notices, retention frameworks, and local controls
  • Maintain clear documentation and escalate significant risks to senior leadership and Group DPO

Regulatory Engagement
  • Serve as the primary contact for the Information Commissioner's Office (ICO)
  • Manage regulatory audits, investigations, and enquiries
  • Track regulatory developments and provide expert guidance

Data Subject Rights & Incidents
  • Oversee responses to DSARs and other data subject rights requests
  • Lead data breach response, including assessment and notification where required
  • Maintain and report on incident and breach logs

Third Parties & Contracts
  • Advise on data processing agreements, data sharing agreements, and international data transfers
  • Conduct due diligence on third-party processors
  • Provide data protection input into procurement, contracts, and technology implementation

Culture, Training & Advisory
  • Deliver and oversee tailored data protection training across the organisation
  • Advise clinical, operational, and digital teams on data protection matters
  • Promote privacy by design and default
  • Support governance around AI use and emerging technologies
  • Participate in or chair Information Governance forums

About You

Qualifications
  • Recognised data protection qualification (e.g. CIPP/E, BCS Certificate in Data Protection, IAPP)
  • Full UK driving licence
  • Willingness to travel regularly across UK sites

Experience
  • Strong expertise in UK GDPR and Data Protection Act 2018
  • Experience engaging with the ICO
  • Hands-on experience managing: DPIAs, ROPAs, DSARs, Data breaches
  • Experience working in a regulated environment (healthcare preferred)
  • Knowledge of NHS information governance standards (DSP Toolkit, Data Security Standards)
  • Proven ability to influence senior stakeholders
  • Experience embedding privacy in digital, IT, or AI-driven projects

Skills & Competencies
  • Strong communication and stakeholder management skills
  • Ability to translate legal requirements into practical, risk-based advice
  • High attention to detail with strong documentation capabilities
  • Proactive, solutions-focused mindset
  • Solid understanding of IT systems and cybersecurity fundamentals
  • Proficiency in Microsoft 365 and digital tools

Why Join Us?
  • Play a strategic, high-impact role in a leading healthcare organisation
  • Work closely with senior leadership and contribute to organisational governance
  • Influence how data protection supports innovation, including digital and AI initiatives
  • Be part of a collaborative environment committed to high standards of care and compliance

Affidea UK and Fortius Clinic are an equal opportunities employer.
Apply
Create E-mail Alert
Job alert activated
Saved
Save
See more jobs
Similar jobs
It jobs in London
jobs London
jobs Greater London
jobs England
Apply
Create E-mail Alert
Job alert activated
Saved
Save