2,491 Data Protection Act jobs in the United Kingdom

When Russian hacker, Vladimir Leonidovitch Levin, attempted the biggest bank heist the world had ever seen via dial-up internet in 1994, Zia Hayat, Callsign CEO and founder, was hooked – armchair fraud became a real possibility. From this moment, Zia knew he wanted to play a part in stopping the bad guys and securing the internet for all. Founded in 2012, Callsign's mission is to make digital identity seamless and secure, helping organizations build digital trust and accountability in every online transaction. In that time, we've grown to over 180 employees, opened offices globally, been recognized as a WEF Global Innovator and our technology is being used by many of the world's leading financial institutions to keep millions of consumers safe. But we aren't stopping here. The identity revolution has only just begun, and we are looking to hire the brightest and inquisitive minds to help us make every web, mobile, and physical interaction seamless and secure. If this sounds like you, let’s chat.

Over the years, Callsign has been maintaining and improving Personal Information Management System (PIMS) framework in line with ISO 27001 and 27701 standards. We are now looking for a data privacy expert to join our Security Risk Team as Data Protection Officer and manage Callsignʼs global data privacy program and strategy.  The role will be based in our London HQ, in the City of London sitting at the heart of the business.

Requirements

What you’ll be doing

You will be leading on the implementation of Callsign privacy strategy across the business and responsible for maintaining our Data Governance framework. This will include assessing privacy risks and opportunities across all areas of Callsign's business, including our product, and third-party software and services to ensure privacy-by-design is embedded in our processes.

Your role will ensure data protection and privacy compliance obligations, both internally defined and externally regulated, are understood and met by all stakeholders.

This will be an opportunity to improve the Callsign Information Security Management System (ISMS) and Personal Information Management System (PIMS) framework. Review and continuously improve the data policies and standards to keep pace with the changing threat and compliance landscape.

Furthermore, you will support the team in facilitating regular audits of Callsign’s data privacy and security compliance, policies and procedures and operating effectiveness of controls. This includes ISO 27001, SOC2 Type 2 and regular client audits.

What you’ll be good at

Technical:

To be successful in this post, the candidate will have:

·    Bachelor’s Degree or Master in Law, Information Technology or related fields;  

·    3-5 years of experience in data privacy roles (DPO preferred but not mandatory);

·    Professional certifications such as CIPP/E, CIPP/US, CIPM.

Knowledge, experience and skills

You will demonstrate strong expertise in global and European data protection laws and practices and an in-depth understanding of the GDPR and comparable data privacy laws (ADGM DP Regulation, Singapore PDPA, US CCPA/CPRA and more) and provide evidence of your ability in:

·    Managing data privacy issues in a global organisation;

·    Conducting data privacy compliance reviews, including as part of annual audits;

·    Working within a ‘cloud-first" and agile business environment;

·    Implementing a Data Governance framework and liaising with different stakeholders to strengthen privacy awareness across teams;

·    Mastering the principles of data privacy by design and default, and

·    Ability to review and implement privacy related policies and procedures.

Responsibilities

At Callsign we expect our people to take responsibility for their work – in this role you will:

·    Develop and implement data privacy policies, procedures, and guidelines;

·    Inform and advise the company on applicable data protection laws globally including General Data Protection Regulation (GDPR) and its requirements, liaising with relevant supervisory authorities and serving as the main point of contact for data protection issues;

·    Liaise with all key business areas, in particular Product and Engineering teams, to ensure adherence to privacy by design principles;

·    Handle enquiries and issues relating to data privacy practices and data subject rights eg. the right to be forgotten, data subject requests and client offboarding activities;

·    Conduct Data Privacy Impact Assessments for new projects and processes;

·    Maintain Callsign Record of Processing Activities (RoPA) and Data Retention Schedule;

·    Support our Procurement team in reviewing data privacy clauses and Data Sharing Agreements;

·    Provide guidance on data breach procedure and response;

·    Collaborate with other members of the Security Risk team in audits and due diligence activities;

·    Monitor the industry landscape to keep visibility on evolutions, trends, and best practices related to Data Privacy;

·    Apply your expertise to drive improvements to Callsign’s data privacy program in a high-tech space involving Artificial Intelligence and ever-changing legal requirements;

·    Monitor and report on privacy performance metrics;

·    Present privacy challenges and updates in Data Governance meetings with relevant stakeholders;

·    Support the security and privacy review of Callsign vendors, and

·    Respond to privacy-related queries coming from clients and/or prospective clients.

Personal qualities

• You will be an independent and positive player with a can-do attitude, who has initiative and passion for all things privacy related, and a willingness to go the extra mile.
• As a strong communicator, you will effectively collaborate with a wide range of people, sharing your views and supporting others in the team.
• A positive player with a can-do attitude, the ability to work independently and prioritize tasks to get things done. All of this will be underpinned by your high levels of motivation and your strong interpersonal and organisational skills.

A note from the hiring manager , Ian (Chief Security Officer)

"I'm looking forward to meeting with prospective candidates about this exciting role which will be a key part of our global team. I'm looking for someone who has strong experience as a Data Privacy Lead/Expert who is looking to show what they can do in a growing business. We're a close-knit team who set high standards for ourselves and demand it from others. That said we also recognise that having time for fun is as important as hard work. So, if you're a pro-active, motivated individual that loves working in a collaborative and fun team then get in touch and see if this is the role for you."

Applications will be open until 10th October 2025

We look forward to hearing from you and why you'd be a great fit for this role!

Benefits

Benefits

Pension scheme with Scottish Widows

Private medical cover with Vitality

Life assurance (4x base salary)

Personal Learning & Development Budget

Cycle to Work Scheme

Company Family Leave

25 days annual leave plus Callsign Bank Holiday

Employee Volunteering Program

• Advise on a broad range of global data privacy issues across the EU, UK, Canada, Mexico, APAC and the US.
• Draft, review and negotiate commercial agreements including e-commerce, software licensing, consultancy and contracts with data privacy clauses.
• Prepare and advise on data protection agreements such as processing and transfer agreements, as well as privacy impact assessments.
• Support and maintain global data privacy policies, guidelines, procedures and training.
• Ensure records of personal data processing are accurately captured and maintained.
• Coordinate and manage data subject access requests and data breach incidents.
• Monitor legal and regulatory developments and communicate impacts to global stakeholders.
• Collaborate with business leaders, legal counsel, audit and compliance teams.

• Qualified lawyer with extensive experience in data privacy, ideally gained in-house.
• Proven background advising on commercial contracts is essential.
• Previous experience in a large international organisation is desirable.
• Strong organisational and project management skills, with the ability to manage multiple priorities.
• Confident communicator with excellent interpersonal and leadership skills.
• Sector experience in retail/manufacturing is advantageous.
• Proficient with Microsoft Office.

• Hybrid role: minimum 3 days per week in the Uxbridge office, with flexibility to attend as required.
• Applicants must have the right to work in the UK and be UK-based.
• Occasional international travel may be required.

Head of Data Privacy
Excellent salary and bonus for the right candidate.
Glasgow - 2 days per week

Head Resourcing is looking for a Head of Data Privacy to join one of Scotland's biggest success stories. This role will be worked on a hybrid basis in Glasgow (2 days per week on site) and will play a vital role in maximising the value of data across the organisation.

Our client is looking for a hands-on Head of Data Privacy to work across the organisation, influencing the business, and coaching and mentoring colleagues. The successful candidate will come from a commercial organisation of substantial size and be comfortable assessing our clients business and knowing what needs to be addressed. You'll be expected to drive these outcomes, designing, and deploying the most appropriate solution for the business context and shaping policies and processes to ensure they remain relevant and compliant.

Essential skills:
* Strong background in data management
* Deep understanding of data privacy
* Good knowledge of GDPR and privacy management system requirements, processes, and solutions
* Knowledge of PECR
* CIPP/E or working towards one
* DPA 2018 knowledge
* Excellent people and communication skills and an ability to explain complex requirements in understandable terms

Sounds interesting?
Apply now!

Head Resourcing is committed to being an inclusive business where diversity is valued and celebrated.
Diversity to us, includes but is not limited to: educational background, socio-economic background, neurodiversity, age, marriage and civil partnership status, veteran status, gender, gender identity, gender reassignment, sexual orientation, disability, religion or belief, race and ethnicity. As such we welcome enquiries and applications from everyone. We will be happy discuss with you any workplace adjustments you need in order to be at your best during the recruitment process.

• Advise on a broad range of global data privacy issues across the EU, UK, Canada, Mexico, APAC and the US.
• Draft, review and negotiate commercial agreements including e-commerce, software licensing, consultancy and contracts with data privacy clauses.
• Prepare and advise on data protection agreements such as processing and transfer agreements, as well as privacy impact assessments.
• Support and maintain global data privacy policies, guidelines, procedures and training.
• Ensure records of personal data processing are accurately captured and maintained.
• Coordinate and manage data subject access requests and data breach incidents.
• Monitor legal and regulatory developments and communicate impacts to global stakeholders.
• Collaborate with business leaders, legal counsel, audit and compliance teams.

• Qualified lawyer with extensive experience in data privacy, ideally gained in-house.
• Proven background advising on commercial contracts is essential.
• Previous experience in a large international organisation is desirable.
• Strong organisational and project management skills, with the ability to manage multiple priorities.
• Confident communicator with excellent interpersonal and leadership skills.
• Sector experience in retail/manufacturing is advantageous.
• Proficient with Microsoft Office.

• Hybrid role: minimum 3 days per week in the Uxbridge office, with flexibility to attend as required.
• Applicants must have the right to work in the UK and be UK-based.
• Occasional international travel may be required.

Head of Data Privacy
Excellent salary and bonus for the right candidate.
Glasgow - 2 days per week

Head Resourcing is looking for a Head of Data Privacy to join one of Scotland's biggest success stories. This role will be worked on a hybrid basis in Glasgow (2 days per week on site) and will play a vital role in maximising the value of data across the organisation.

Our client is looking for a hands-on Head of Data Privacy to work across the organisation, influencing the business, and coaching and mentoring colleagues. The successful candidate will come from a commercial organisation of substantial size and be comfortable assessing our clients business and knowing what needs to be addressed. You'll be expected to drive these outcomes, designing, and deploying the most appropriate solution for the business context and shaping policies and processes to ensure they remain relevant and compliant.

Essential skills:
* Strong background in data management
* Deep understanding of data privacy
* Good knowledge of GDPR and privacy management system requirements, processes, and solutions
* Knowledge of PECR
* CIPP/E or working towards one
* DPA 2018 knowledge
* Excellent people and communication skills and an ability to explain complex requirements in understandable terms

Sounds interesting?
Apply now!

Head Resourcing is committed to being an inclusive business where diversity is valued and celebrated.
Diversity to us, includes but is not limited to: educational background, socio-economic background, neurodiversity, age, marriage and civil partnership status, veteran status, gender, gender identity, gender reassignment, sexual orientation, disability, religion or belief, race and ethnicity. As such we welcome enquiries and applications from everyone. We will be happy discuss with you any workplace adjustments you need in order to be at your best during the recruitment process.

• Provide expert legal counsel on global data privacy and protection laws (GDPR, CCPA, etc.).
• Develop, implement, and maintain data privacy policies, procedures, and training.
• Conduct Data Protection Impact Assessments (DPIAs) and advise on privacy implications of new projects.
• Manage data breach response efforts and liaise with supervisory authorities.
• Advise on data processing agreements and third-party vendor contracts.
• Collaborate with engineering, product, and security teams on privacy-enhancing technologies and practices.
• Stay abreast of evolving privacy regulations and best practices.
• Support the legal department in other commercial and technology-related matters as needed.

• Provide expert legal counsel on data privacy and protection matters, including GDPR, DPA 2018, and international privacy laws.
• Review and advise on data processing agreements, privacy notices, and other data-related policies.
• Conduct Data Protection Impact Assessments (DPIAs) and advise on mitigating privacy risks.
• Advise on cross-border data transfers and international data adequacy mechanisms.
• Assist in the development and implementation of company-wide data privacy policies and procedures.
• Manage and respond to data subject access requests (DSARs) and regulatory inquiries.
• Advise on data breach incidents, including notification obligations and remediation efforts.
• Conduct privacy training for employees across the organization.
• Stay abreast of new privacy legislation, regulatory guidance, and best practices.
• Collaborate with IT and security teams to ensure appropriate technical and organizational measures are in place for data protection.

• Law degree (LLB or equivalent) and a qualified solicitor/barrister in the UK.
• Minimum of 6 years of post-qualification experience specifically in data privacy law.
• In-depth knowledge of GDPR, CCPA, and other major privacy frameworks.
• Experience advising on data processing agreements, DPIAs, and cross-border data transfers.
• CIPP/E, CIPP/US, or other relevant privacy certifications are highly desirable.
• Exceptional analytical, research, and drafting skills.
• Excellent communication and interpersonal skills, with the ability to explain complex legal concepts to non-legal audiences.
• Proven ability to work independently and manage a demanding workload in a remote environment.
• Strong understanding of technology and its implications for data privacy.

• Provide expert legal advice on data privacy and protection matters, including GDPR, CCPA, and other relevant global regulations.
• Develop, implement, and maintain comprehensive data privacy policies, procedures, and compliance programs.
• Conduct Data Protection Impact Assessments (DPIAs) and advise on data processing agreements.
• Manage and respond to data subject access requests (DSARs) and regulatory inquiries.
• Advise on privacy-by-design principles in the development of new products and services.
• Conduct internal privacy training and awareness programs for employees.
• Oversee data breach incident response protocols and manage regulatory reporting.
• Liaise with data protection authorities and external counsel as needed.
• Stay current with evolving privacy laws and best practices, providing proactive guidance to the business.
• Review and advise on data processing agreements, vendor contracts, and cross-border data transfer mechanisms.

• Law degree (LLB or equivalent) and admission to practice law in a relevant jurisdiction (e.g., England & Wales Solicitor or equivalent).
• Minimum of 7 years' PQE with a significant focus on data privacy law, preferably gained in-house at a technology company or at a leading law firm.
• In-depth knowledge of GDPR, CCPA, and other major international data protection frameworks.
• Experience in drafting and implementing privacy policies and compliance programs.
• Proven ability to conduct DPIAs and manage DSARs.
• Strong understanding of technology and digital business models.
• Excellent analytical, negotiation, and communication skills.
• Ability to work independently, manage a complex workload, and meet tight deadlines in a remote setting.
• CIPP/E, CIPP/US, or equivalent data protection certifications are highly desirable.

• Develop and implement global data privacy strategies and policies.
• Ensure compliance with GDPR, CCPA, and other relevant privacy regulations.
• Conduct Privacy Impact Assessments (PIAs) and Data Protection Impact Assessments (DPIAs).
• Advise on data processing agreements, third-party vendor risks, and cross-border data transfers.
• Manage data breach incident response and notification procedures.
• Oversee the handling of data subject access requests (DSARs).
• Provide legal guidance on privacy-related marketing, product development, and HR initiatives.
• Lead and mentor a team of privacy professionals.
• Stay current with evolving data privacy laws and best practices globally.

• Law degree and admission to practice law in a relevant jurisdiction.
• Extensive experience in data privacy law, with a strong focus on GDPR and other international regulations.
• Demonstrated experience in developing and managing corporate privacy programs.
• Proven ability to advise on complex privacy issues and provide practical legal solutions.
• Experience conducting PIAs/DPIAs and managing data breach responses.
• Excellent communication, negotiation, and interpersonal skills.
• Ability to work independently and lead remote teams effectively.
• Relevant certifications such as CIPP/E, CIPP/US are a plus.