Data Protection Lead
Data Protection Lead
Contract Length: 6 months (with potential extension)
Location: London, Bristol or Manchester (hybrid working - 1 day on site per week)
BPSS
£650 P/D Inside IR35
About the Role
We are seeking an experienced Data Protection Lead to join a high-performing data governance function within a digital delivery environment. This is a hands-on operational role focused on embedding privacy and data protection principles into innovative digital products and services.
Working within a team of 8 data protection and governance professionals (and a wider governance function of 14), you will provide expert advice, conduct privacy risk assessments, and support the implementation of privacy-by-design practices across complex digital programmes.
This role is ideal for a pragmatic and collaborative data protection professional who enjoys working closely with delivery teams, analysing technical solutions, and ensuring privacy risks are effectively identified and managed throughout the development lifecycle.
Key Responsibilities
- Lead and support the completion of Data Protection Impact Assessments (DPIAs) and other privacy risk assessments.
- Provide expert guidance on UK GDPR, Data Protection Act requirements, and broader privacy compliance obligations.
- Embed Privacy by Design principles into new and existing digital services and products.
- Work collaboratively with product, technical, delivery and policy teams to identify and mitigate privacy risks.
- Assess complex digital products and services, translating technical concepts into clear privacy and compliance considerations.
- Support the development and maintenance of data protection policies, standards and guidance.
- Provide practical, risk-based advice to stakeholders while balancing legal compliance with operational delivery needs.
- Contribute to the management of privacy risks associated with digital delivery programmes and emerging technologies.
- Support compliance activities, governance processes and assurance reviews as required.
Essential Skills & Experience
- Minimum 3 years' experience working in data protection, privacy, or a closely related discipline.
- Strong practical experience conducting and reviewing DPIAs and privacy risk assessments.
- Detailed knowledge of UK GDPR, data protection legislation and privacy best practice.
- Experience working in a digital, technology or product delivery environment.
- Strong understanding of Privacy by Design principles and their application in digital services.
- Excellent analytical and problem-solving skills, with the ability to assess complex technical solutions.
- Strong attention to detail and ability to undertake detailed risk assessments.
- Ability to work effectively as part of a collaborative, multidisciplinary team.
- Excellent stakeholder management and communication skills.
- Pragmatic approach to balancing privacy requirements with organisational and delivery objectives.
Desirable Skills & Experience
- Experience within the Civil Service, wider public sector, or government organisations.
- Experience supporting the development and delivery of large-scale digital transformation programmes.
- Knowledge of privacy considerations relating to digital identity services.
- Experience assessing or managing privacy and data protection risks associated with Artificial Intelligence (AI) solutions.
- Familiarity with Government Digital Service (GDS) standards and digital delivery practices.
Qualifications
Applicants should hold one or more of the following qualifications, or be able to demonstrate equivalent experience:
- Data Protection Practitioner Certificate
- CIPP/E (Certified Information Privacy Professional - Europe)
- CIPM (Certified Information Privacy Manager)
- CIPT (Certified Information Privacy Technologist)
- UK GDPR Practitioner Certificate
- Equivalent data protection/privacy qualifications
Person Specification
- Personable, collaborative and approachable.
- A strong team player who enjoys working closely with delivery and technical teams.
- Pragmatic and solutions-focused in their approach to privacy and compliance challenges.
- Comfortable working at a detailed operational level rather than in a purely strategic capacity.
- Confident assessing complex technical products and identifying privacy risks.
- Resilient and able to maintain focus when conducting detailed assessments and reviews.