FreeHire

together

Head of Data Protection

Show

As the Head of Data Protection you will be responsible for overseeing Together Money's Data Protection Framework, ensuring compliance with UK General Data Protection Regulations (UK GDPR), the Data Protection Act 2018 (DPA) and the Privacy and Electronic Communication Regulations (collectively “Data Protection Laws”), Consumer Duty, and other relevant regulatory expectations. The role provides strategic leadership on privacy, data protection, data governance, and information risk, acting as the primary subject matter expert and advisor to senior management and the Board.

As the Head of Data Protection we are looking for someone to:

  • Lead the development and implementation of Together Money’s data protection strategy
  • Serve as the organisation’s Data Protection Officer under UK GDPR
  • Monitor compliance with data protection laws, internal policies, and regulatory obligations
  • Provide advice on, and monitor the completion and outcomes of, Data Protection Impact Assessments (DPIAs) for high‑risk processing and change initiatives
  • Cooperate with, and act as the main point of contact for, the Information Commissioner’s Office (ICO), including supporting any prior consultation activities
  • Act as a contact point for data subjects on the exercise of their rights and privacy queries, and support timely, compliant responses
  • Drive continuous improvement of data protection and privacy controls
  • Drive continuous improvement of data protection training and awareness programmes
  • Provide expert advice on new products, systems, and change initiatives
  • Inform and advise the organisation (including employees) on obligations under UK GDPR, DPA 2018 and related data protection laws
  • Monitor compliance with data protection laws and internal policies, including assigning responsibilities, overseeing audits, and driving awareness and training
  • Provide assurance and oversight of data retention, archiving, and disposal practices
  • Ensure privacy by design and default is embedded across all change initiatives
  • Lead investigations into complex or high‑risk data protection incidents
  • Develop data protection KPIs, metrics, and Board‑level reporting dashboards
  • Support enterprise‑wide risk management and governance activities
  • Contribute to Consumer Duty compliance, ensuring vulnerable customer considerations are embedded
  • Provide regular reports to CORC, Executive Risk Committee, and Board as required
  • Oversee third‑party data protection assurance and contractual controls
  • Champion a strong culture of privacy and responsible data use across the business
  • Lead internal awareness campaigns to enhance data protection culture
  • Support internal and external audits relating to privacy and information governance
  • Collaborate with Cyber Security to align privacy and security risk management

Essential:

  • Experienced Data Protection professional with substantial experience as a Data Protection Officer
  • Excellent and effective communication, negotiation, influencing and interpersonal skills
  • Expertise in UK and EU data protection laws and an in-depth understanding of the UK GDPR
  • Ability to demonstrate technical knowledge and awareness of current data management and communication technologies.
  • Experience of continuous improvement activity driving high performance

Desirable:

  • CIPP/E
  • CIPT
  • CISM
  • Advanced report writing experience

If you feel you have some of the skills mentioned above, but not all, please do still apply and we would be happy to have a further discussion with you in regards to your suitability for the role.

Together embraces diversity and inclusion, and are proud to be an equal opportunity workplace. Not only do we welcome difference – we celebrate it, support it and really value our colleagues for who they are. We are committed to building a team that represents a variety of backgrounds, perspectives and skills.

If you feel you'd benefit from any support or reasonable adjustments during any stage of the recruitment process, please don’t hesitate to let us know when completing your application. This information will be picked up by our team, so we can try and put steps in place to help you be at your best through this process.

Please note that all successful applicants will undergo relevant employment reference, financial and criminal record checks.