Data Protection Manager

Summary

Join Octopus Electric Vehicles' Information Security and Data Protection team as a Data Protection Manager. You will maintain and develop the company's data protection strategy, policies, and compliance framework. Lead and conduct Data Protection Impact Assessments (DPIAs), update Records of Processing Activities (ROPAs), and manage data breach responses. Act as the primary point of contact for data privacy matters, providing advice to stakeholders. Conduct due diligence on third-party suppliers and design data protection training. Monitor the regulatory landscape and report on compliance. Support the designated Data Protection Officer (DPO) in liaising with the ICO. This role requires a passion for data protection and experience with UK GDPR legislation.

Requirements

• A passion for Data Protection, Privacy and Information Security and an ability to explain these concepts in a clear and meaningful way to those who may not be familiar with them
• Excellent understanding and practical experience of the principles/issues involved in Data Protection and compliance with UK GDPR legislation and the expectations of the ICO
• Excellent understanding of the UK Data Protection Act 2018 and of the principles/issues involved in maintaining compliance
• Forward-thinking, self-motivated and able to take responsibility for your own initiatives and drive them to implementation
• Ability to work in a pressured environment while prioritising work in a considerate way
• Supportive and reliable team member, with excellent attention to detail

Responsibilities

• Maintain and develop the company's data protection strategy, policies, procedure, and compliance framework in line with UK GDPR, the Data Protection Act 2018, and PECR
• Lead and conduct Data Protection Impact Assessments (DPIAs), update our Records of Processing Activities (RoPA), conduct Legitimate Interest Assessments (LIAs) and any other expected activity records
• Lead and conduct the end-to-end process for Data Subject Access Requests (SARs) and other data subject rights (e.g., erasure, rectification) in a timely and compliant manner
• Manage the company's data breach response plan, including investigation, reporting, remediation, and communication with the Information Commissioner's Office (ICO) and affected individuals where necessary
• Act as the primary point of contact and subject matter expert for all data privacy matters, providing pragmatic advice to internal and external stakeholders, at all levels of the business
• Conduct due diligence and manage data protection risks associated with third-party suppliers, including SaaS vendors, finance providers, vehicle dealerships, data brokers, and marketing partners
• Design and deliver engaging data protection training and awareness campaigns across the business to foster a strong privacy-aware culture
• Monitor the evolving privacy regulatory landscape and report on the company's compliance posture and risk level
• Serve as a point of contact for the ICO and support the designated Data Protection Officer (DPO)

Preferred Qualifications

• Awareness of Information Security principles and requirements for ISO27001 compliance would be valuable
• Any knowledge of the FCA or experience in the financial services industry would be valuable