Data Protection Officer in London

Location: London/Hybrid (Typically 2/3 days in the office)

Type: Full time – Permanent (If you are a job share partnership, work reduced hours, or any other way of working flexibly, please do still get in touch)

At Ardonagh Specialty, we provide much more than just a workplace. We are dedicated to fostering skill development and knowledge within a team that is passionate about their work, values their Employees, and truly celebrates diversity.

Working at Ardonagh Specialty means you'll be part of The Ardonagh Group. We are proud of our innovative environment offering many opportunities for growth across the wider group. Employees regularly move between our united teams, and we encourage you to make your role your own.

Our offices are lively and exciting places to be, but we understand that life needs flexibility, and offer a genuinely flexible approach to working. If you are looking to join a thriving, energetic business with exciting plans, this role could be an ideal fit for you.

What We Can Offer

• Inclusive culture with apprenticeships, study support, participation in our annual Spotlight Awards, Community Trust, Sports Teams, office socials, events and so much more.
• Access to wellbeing programs, fantastic discounts across many big-name businesses including supermarkets, gym memberships, restaurants, and healthcare cash plans.

Further Perks Of Working With Us (Fixed Benefits)

• Employer pension contribution of 10% (providing you, the Employee provides 5%).
• Good work life balance - flexibility to suit you.
• Competitive salary.
• Life Assurance at X4 of your base salary.
• Group Income Protection.
• Generous Annual Leave entitlement.
• Private Medical Insurance.
• Group annual bonus scheme.

Purpose Of The Role

The DPO provides independent oversight of all personal data processing, ensuring that Ardonagh Specialty meets statutory obligations while providing oversight and challenge to privacy resilience across underwriting, claims, delegated authority, data-driven growth initiatives, and emerging technologies. This includes scrutiny of AI-enabled processing and awareness of the appropriate deployment and limitations of Privacy-Enhancing Technologies (PETs). The role supports Senior Management Functions by providing independent challenge, insight, and reporting as part of the firm's risk and conduct strategy.

Key Role Accountabilities

Regulatory Governance and Statutory Oversight

• Serve as the statutory Data Protection Officer under UK GDPR Articles 37–39, operating with full organisational independence and free from any involvement in decisions determining the purposes or means of processing.
• Inform and advise the organisation and its employees on their data protection obligations under the UK GDPR, Data Protection Act 2018, and evolving digital regulations like the Data Use and Access Act (DUAA).
• Oversee and assure the completeness and accuracy of the firm’s ROPA through periodic reviews, data-flow mapping and validation across brokers, MGAs, TPAs and reinsurance partners.
• Act as the primary escalation point for the ICO and data subjects, providing oversight of SAR handling processes to ensure compliance, consistency, and timeliness.

Strategic Risk Management and Technical Oversight

• Independently oversee and challenge the GDPR remediation programme, providing assurance to Senior Management and documenting risk closures across the value chain.
• Review and challenge DPIAs and AI Impact Assessments for high-risk initiatives, ensuring transparency, fairness, minimisation, explainability, and compliance with Article 22 safeguards for automated decision-making.
• Review and challenge privacy implications of cloud-related processing activities by evaluating shared-responsibility allocations, data governance controls, and alignment with ASL security and data-management frameworks.