Role: Deputy Data Protection Officer
Leeds, LS15 / Perivale, UB6 OR Bardon, LE67 (Hybrid requirements; Once per week at your closest site & Attendance at a monthly team meeting at one of these sites. Travel expenses are covered when meetings are held away from your usual base)
Contract type: Permanent
Full time
5 hours per week, Monday to Friday
Do you want to work for the nation’s largest online pharmacy ensuring excellence for all our patients? We’re a market leader in the pharmacy world, with 25 years’ experience, helping over 1.Our people are fundamental to our success and ensuring we achieve our vision to be a world leading, patient-centric digital healthcare provider. As Deputy Data Protection Officer (DDPO) you will be the DPO’s right hand, championing privacy by design across a fast-growing organisation of more than 1,000 colleagues.
This is an opportunity to shape novel initiatives in AI-enhanced dispensing, personalised health services and advanced analytics within a culture that values creativity and continuous improvement.
Occupational sick pay
Enhanced maternity and paternity pay
Contributory pension
Discounted insurance (Aviva)
Employee discount site
Discounted gyms (via our blue light card and benefits schemes)
Employee assistance programme
In-house mental health support
Free onsite parking
Health and wellbeing initiatives
Social events throughout the year
Cycle to work scheme
Green car scheme*(subject to minimum earnings)
Registration fees paid (GPhC, NMC, CIPD etc)
Long service bonus
Refer a friend bonus
Hybrid working
Commitment to CPD/training
25 days annual leave increasing with service
Annual leave buy and sell scheme
Discounts & Exclusive offers at The Springs, Leeds
25% Discount & health & beauty purchases
25% Discount on Pharmacy2U Private Online Doctor Services
Offer timely, clear and balanced privacy advice across the group, aligning regulatory duties with commercial goals
· Lead DPIAs, Legitimate Interest Assessments and other risk assessments, maintaining robust records of processing activities
· Manage data-subject rights workflows, acting as escalation point for complex cases
· Oversee international data transfers and ensure contracts include appropriate safeguards and standard clauses
· Support and, when required, lead incident response: investigation, containment, mitigation and regulatory or data-subject notifications
· Develop, maintain and continually improve the privacy management programme (policy framework, training, monitoring and audit)
· Horizon-scan for legal, regulatory and technological developments, advising stakeholders on readiness and implementation
· Work closely with Information Asset Owners and risk owners, embedding accountability for personal-data processing throughout the organisation
· Degree (or equivalent) in law, information management, computer science or related discipline or Undergraduate with relevant working experience
· Extensive data-protection or privacy experience, preferably in a regulated or health-tech environment
· Demonstrable experience leading DPIAs and privacy-by-design initiatives on transformative projects
· Hands-on involvement in incident management, regulatory engagement and stakeholder training
· Exposure to contract reviews, international data-transfer mechanisms and vendor-risk management
· Knowledge of AI/ML governance and emerging EU data-governance frameworks
· All successful applicants will be required to undergo a DBS check.