Regulatory Compliance & Data Protection

• Monitor compliance with GDPR, national data protection laws, and internal data protection policies.
• Conduct, document, and track Data Protection Impact Assessments (DPIAs) for new systems, projects, and processes.
• Maintain an accurate and up‑to‑date Record of Processing Activities (ROPA).
• Support the implementation of privacy‑by‑design and privacy‑by‑default principles across all data‑handling activities.
• Maintain, review, and update compliance documentation—including policies, procedures, and guidelines—in line with regulatory changes.

Data Classification & Management

• Support and maintain data classification frameworks to ensure data is categorised and handled appropriately.
• Work with data owners and custodians to define and enforce data access controls.
• Conduct audits to verify adherence to data classification and data‑handling policies.

Information Security Projects

• Support information security initiatives such as risk assessments, policy development, and incident response planning.
• Collaborate with IT teams to implement technical and organisational data protection measures.
• Participate in security audits and risk assessments, identifying compliance gaps and recommending remediation actions.
• Work with the Information Assurance and Security Lead to develop risk treatment plans, track progress, and validate control effectiveness.

Stakeholder Engagement & Reporting

• Act as a key liaison between IT, Legal, HR, and other departments to address compliance and data protection matters.
• Provide expert guidance on data protection issues and regulatory developments.
• Prepare and present compliance reports, metrics, and insights to senior management and governance committees.
• Assist in responding to Data Subject Access Requests (DSARs) and other regulatory enquiries.