About The Job
Data Protection Officer – cardfactory
Salary from £55,000 + benefits package
Join us as the UK & Ireland Data Protection Officer and play a pivotal role in shaping and safeguarding the privacy framework across cardfactory, and Garlanna. In this influential position, you'll act as a trusted, independent advisor—ensuring our organisation meets its obligations under UK GDPR, EU GDPR, PECR, ePrivacy and related legislation.
You'll lead the way in embedding a strong culture of privacy by design, guiding stakeholders at all levels, and championing accountability across our UK and Ireland operations. As the primary contact for regulators, data subjects and internal teams, you'll oversee compliance, identify and mitigate privacy risks, and ensure robust policies and controls are in place.
If you're ready to make a significant impact by driving a proactive, risk-aware approach to data protection, we'd love to hear from you.
At cardfactory, we believe in smart working. That means you'll spend around two days a week at our Wakefield support centre, with the flexibility to work from home the rest of the time.
What you'll do:
Data Protection Strategy: Develop, implement and maintain a comprehensive Data Protection Strategy aligned to organisational goals and legislation. Own and update the Record of Processing Activities (ROPA).
Policies & Documentation: Maintain all data protection policies, procedures and documentation, including DPIAs, privacy notices, breach logs and SAR logs. Support development of the Information Security Management System.
Compliance Management: Lead audits and compliance activities to meet UK/EU GDPR, PECR and other regulatory requirements. Run the GDPR and data privacy steering committee.
Monitoring & Audit: Conduct ongoing assessments and internal audits to ensure adherence to data protection standards. Review contracts to ensure appropriate legal and technical safeguards.
Regulatory Liaison: Act as the primary contact for the ICO, DPC and other regulatory bodies, managing enquiries, investigations and reporting duties.
Incident & Breach Management: Lead breach assessments, investigations and reporting, ensuring effective mitigation, documentation and communication.
Training & Awareness: Design and deliver training initiatives, keeping colleagues informed on data protection requirements, risks and emerging trends.
Leadership: Advise senior leaders and business units on privacy risks and compliance. Provide leadership and mentoring to the team.
Supplier Risk Management: Oversee governance and risk assessments for third‑party suppliers to ensure compliance and security standards are met.
Collaboration & Consultancy: Act as the first point of contact for data privacy queries. Work cross‑functionally to ensure a consistent, business‑aligned approach to data protection.
Risk Management: Identify, assess and mitigate data privacy risks, ensuring clear reporting to the appropriate stakeholders.
What you'll need:
Strong risk management capability and ability to deliver practical, commercially‑aware solutions.
Strong influencing skills (soft / hard / active listening etc.) – and the ability to blend and adapt them to the situation and intended audience.
Able to implement a holistic security program of strategy, policies, processes and technologies.
Being able to balance legislative requirements taking into consideration a commercial viewpoint
People management skills to direct and manage a small team of data privacy specialists.
Experience:
5+ years' experience in a DPO role, managing privacy operations complaints with the GDPR and PECR.
Experience leading, developing and managing teams.
Familiarity with Microsoft Purview, One Trust and other similar DSAR management and tooling.
Experience working in fast-paced and complex environments, working across multiple business units.
Experience with ISO 27001, ISO27701, ISAE 3000/3402 or other information security standards and frameworks.