Data Privacy Manager

About The Position

Requirements

• Minimum 5 years’ experience working in data privacy / data protection roles.
• Strong, hands-on knowledge of GDPR, UK data protection law and EU data protection requirements.
• Proven experience working closely with product and engineering teams.
• Experience managing DPIAs, DSARs, and vendor privacy assessments.
• Ability to translate complex legal and regulatory requirements into clear, practical advice.

Nice To Haves

• Formal privacy qualification (e.g. CIPP/E, CIPM, or equivalent).
• Experience supporting international data transfers and multi-jurisdictional operations.
• Exposure to ISO 27001 or similar security/compliance frameworks.
• Experience in a tech scale-up or SME technology business of similar size (circa 100–300 employees).
• Previous experience acting as, supporting, or collaborating with, a DPO function (note: this role will work in close collaboration with an external DPO).

Responsibilities

• Manage and continuously improve the company’s data privacy framework, policies and procedures in line with the GDPR and other applicable data protection laws.
• Act as a key point of contact for all data protection and privacy matters across the business.
• Collaborate closely with the company's external DPO who will provide support on complex privacy matters, regulatory issues and any interactions with regulatory authorities.
• Advise Product and Engineering teams on privacy-by-design and privacy-by-default principles.
• Lead Data Protection Impact Assessments (DPIAs) and risk assessments for new products, features and vendors.
• Manage data subject rights requests (DSARs) end-to-end and ensure responses are compliant and timely.
• Oversee vendor and third-party risk assessments relating to data protection.
• Provide privacy input and coordinate internal reviews for contracts from a data protection perspective, including DPAs and SCCs, working in collaboration with the Legal team who lead drafting and negotiation.
• Monitor regulatory developments and translate changes into practical guidance for the business.
• Design and deliver data privacy training and awareness programs for employees.
• Work closely with the external DPO, Security and Compliance teams on incident response, including personal data breaches.
• Support audits and regulator interactions where required, in coordination with the external DPO and Legal team.
• Manage the internal administration of Data Processing Agreements (DPAs), including maintaining a central repository, tracking renewal dates, and coordinating internal stakeholder reviews. Note: drafting and negotiating DPAs remains the responsibility of the Legal team.