Business Analyst GDPR and Data Protection

This role sits within the Data Protection team and supports the continuous improvement of data protection services. You will act as a critical friend to the business - building trust with stakeholders and translating complex regulatory requirements into clear, actionable business processes and controls.

• Act as a key liaison between the Data Protection team and business units to identify, analyse, and improve data protection processes.

• Work closely with project teams to ensure data protection by design and by default is embedded in operational change and transformation projects.

• Engage stakeholders to gather and document data protection requirements, aligning them with business processes and regulatory obligations (e.g. UK GDPR, Data Protection Act 2018).

• Lead or support Data Protection Impact Assessments (DPIAs), ensuring accompanying artefacts (e.g. privacy notices, data sharing agreements, contracts) are reviewed for compliance.

• Support the identification and documentation of data flows and Records of Processing Activities (RoPA).

• Provide expert advice and guidance to stakeholders on data protection issues, balancing legal obligations with operational needs.

• Investigate and support resolution of data protection breaches, incidents, and complaints. Update relevant logs and ensure reporting obligations are met.

• Coordinate and manage responses to Data Subject Rights Requests (e.g. Subject Access Requests, data erasures), including system searches.

• Contribute to the strategic communications and awareness plan, working with the Communications and Learning & Development teams to deliver training and promote a culture of data protection.

• Maintain and improve internal documentation including data protection standards, policies, FAQs, and toolkit materials.

• Monitor risks related to data protection non-compliance and support continuous improvement of internal controls.

• Support reporting on data protection metrics, performance, and compliance.

• A recognised qualification in data protection or privacy (e.g. BCS, IAPP) or equivalent practical experience.

• Minimum of 3 years' experience in a privacy, risk, compliance, or business analysis role.

• Strong working knowledge of the UK GDPR and Data Protection Act 2018.

• Proven experience in stakeholder engagement, process analysis, and documenting business and regulatory requirements.

• Discretionary annual bonus based on company performance.

• 25 days' annual leave plus the option to buy additional days and five extra days for long service.

• Generous employer pension contributions (between 5% and 11%).

Reasonable Adjustments:

Respect and equality are core values to us. We are proud of the diverse and inclusive community we have built, and we welcome applications from people of all backgrounds and perspectives. Our success is driven by our people, united by the spirit of partnership to deliver the best resourcing solutions for our clients.

If you need any help or adjustments during the recruitment process for any reason , please let us know when you apply or talk to the recruiters directly so we can support you.