Data Protection Officer

Data Protection Officer (DPO)

Department: Legal

Salary: £60,000 – £70,000

I’m hiring a DPO into a high‑volume UK transport hub—a regulated, security‑conscious environment with complex data flows (customer operations, CCTV/access control, suppliers, and digital platforms). This is a hands‑on governance role with real operational impact.

You will act as the primary contact for data protection matters, providing guidance, oversight and support across the organisation, fostering a culture of data protection awareness, and liaising with regulatory authorities as required. You’ll work closely with Legal, Risk & Compliance, and Cybersecurity teams to develop and monitor policies and standards in line with applicable law.

What’s on offer

• Competitive pension scheme; eligibility to a profit-sharing bonus scheme
• Private healthcare; free gym
• Flexible working; volunteering days
• Discounted travel; money off shops and restaurants

Key responsibilities

• Monitor compliance with data protection laws and internal policies, including regular audits and reviews.
• Advise and inform staff on obligations under data protection legislation and best practice procedures, including setting standards to ensure compliance.
• Develop, implement, maintain and deliver data protection policies, procedures and training programmes.
• Serve as the primary point of contact for data protection queries from the business and for the Information Commissioner’s Office (ICO).
• Manage and respond to DSARs, and support all other data subject rights (erasure, rectification, objection, restriction and portability) within statutory deadlines.
• Oversee the handling of personal data breaches, ensuring prompt reporting and appropriate remedial action.
• Work with key internal stakeholders to review projects and related data to ensure compliance with applicable laws.
• Undertake DPIAs (and work with the business to identify when DPIAs are required).
• Maintain records of processing activities and ensure documentation is up to date and accurate.
• Review and provide guidance on contracts and data sharing agreements to ensure compliance with data protection requirements.
• Keep abreast of developments in data protection law and advise management of any changes affecting the organisation.
• Participate in Information Security Committee meetings, ensuring data protection risks, DPIA outcomes, and compliance issues are considered in cybersecurity decision‑making, programme planning, and incident reviews.
• Collaborate with the Cybersecurity team to support privacy and security awareness, data governance records, privacy by design/default, incident response from a data protection perspective, and internal/external audits and certification activity.
• Work with IT to ensure systems and procedures comply with data protection law and policy, including retention and destruction of data.
• Provide regular reports to the Audit and Risk Committee and the Information Security Committee on data protection compliance.
• Review and authorise the release of CCTV footage to external third parties.

Knowledge, skills & experience

• Strong knowledge of UK GDPR, Data Protection Act 2018, PECR and related privacy legislation.
• Demonstrable experience in a data protection, compliance or information governance role.
• Excellent communication and interpersonal skills, with the ability to influence and educate at all levels.
• Strong analytical and problem-solving abilities, attention to detail and a proactive approach.
• Ability to interpret complex legislation and translate requirements into practical policies and procedures.
• Experience conducting audits, risk assessments and handling data breaches.
• Sufficient knowledge of information technology and data management systems.
• Strong change and project management skills, including prioritisation and managing multiple deadlines.
• High standards of integrity, confidentiality and ethical conduct.
• Experience reviewing and advising on data sharing agreements, schedules and provisions.
• Desirable: relevant professional certification (e.g., CIPP/E, CIPM or similar).
• Preferred (not essential): industry experience relevant to regulated/operational environments; experience drafting/amending data sharing agreements, schedules and provisions.