Data Protection Lead - CIPP/E, CIPM, CIPT, UK GDPR practitioner
Location: London, Bristol or Manchester (Hybrid - typically 1 day per week onsite)Contract: 6 Months IR35: £650 daily Inside IR35 Clearance: BPSS
The OpportunityWe are seeking an experienced Data Protection Lead to join a high-profile digital delivery environment, supporting the development of innovative digital products and services.
This is a hands-on role for a privacy professional who enjoys working closely with product, technology, analytics and delivery teams to ensure privacy requirements are embedded from the outset. You will play a key role in delivering practical data protection solutions, conducting risk assessments, and enabling teams to deliver at pace while maintaining compliance.
This is not a strategic leadership or people management position. We're looking for a practitioner who is comfortable getting into the detail of complex digital services, privacy risks and DPIAs.
Key Responsibilities- Lead and deliver Data Protection Impact Assessments (DPIAs) for new and existing digital services.
- Provide expert advice on UK GDPR, Data Protection Act requirements and privacy best practices.
- Embed Privacy by Design principles throughout the product and delivery lifecycle.
- Support the creation and maintenance of:
- Privacy Notices
- Records of Processing Activities (ROPAs)
- Data-sharing documentation
- Risk assessments
- Work closely with product managers, delivery teams, engineers and stakeholders to identify and mitigate privacy risks.
- Analyse digital products, data flows and technical architectures to assess compliance implications.
- Provide pragmatic, risk-based guidance that enables delivery while maintaining regulatory compliance.
- Support governance activities relating to emerging technologies and AI-enabled solutions.
- Minimum 3 years' experience in a Data Protection, Privacy or Information Governance role.
- Strong experience conducting and reviewing DPIAs.
- Proven expertise in UK GDPR and Data Protection legislation.
- Experience embedding Privacy by Design within digital products or services.
- Strong risk assessment and problem-solving capabilities.
- Experience working with technical stakeholders, digital teams and delivery environments.
- Excellent communication and stakeholder engagement skills.
- Ability to work collaboratively within multidisciplinary teams.
- Experience working within digital delivery organisations.
- Knowledge of PECR, cookies and tracking technologies.
- Exposure to analytics platforms and privacy considerations surrounding digital analytics.
- Experience supporting AI governance or AI-related risk assessments.
- Public sector or government experience.
- Experience working within Agile delivery environments.
One or more of the following would be highly desirable:
- CIPP/E
- CIPM
- CIPT
- Data Protection Practitioner Certificate
- UK GDPR Practitioner Certificate
- Equivalent privacy or data protection qualification
Equivalent practical experience will also be considered.
Personal AttributesWe are particularly interested in individuals who are:
- Personable and collaborative
- Pragmatic in their approach to compliance and risk
- Detail-oriented and analytical
- Comfortable working in fast-paced environments
- Able to build strong relationships across technical and non-technical teams
- Focused on delivery and outcomes rather than high-level strategy