Data Protection Officer London

We’re Capital on Tap. Capital on Tap started because small businesses were underserved. Big banks were slow, their products weren’t fit for purpose, and small business owners often couldn’t access what they needed. We set out to fix that. Today we’re a financial platform – not just a credit card company. We offer a best‑in‑class business credit card, SME‑focused spend management platform, a savings product that reached £1 billion in funds within its first year, and a growing suite of tools and financial products that make running a small business easier. 1,000+ employees, £20 bn in annual card spend, 200,000+ customers, 17,000+ Trustpilot reviews averaging 4.7 stars. We’re profitable and just getting started!

Why Join Us?

We empower you to be innovative and solve complex problems. Take ownership, make an impact, and thrive in our scaling and agile environment.

The Data Protection Team at Capital on Tap

The Data Protection team plays a crucial role in enabling Capital on Tap’s commercial objectives while ensuring full compliance with global data protection regulations. As our Data Protection Officer, you’ll lead a team that includes Data Protection Analysts and Administrators, working at the intersection of technology, compliance, and business enablement.

The Role

We’re looking for an exceptional Data Protection Officer to join our FinTech in London. This is a strategic leadership role for someone who thrives on using cutting‑edge technology and AI to transform data protection from a compliance function into a business enabler. You’ll protect the company by finding innovative ways to achieve commercial goals while maintaining the highest standards of data protection compliance.

What you’ll be doing

• Strategic Leadership: Serve as the primary data protection authority (act as the designated DPO under Article 37 of the UK GDPR and UK data protection law), providing strategic guidance to senior leadership on privacy risks and opportunities across all business functions.
• Business Enablement: Work closely with Product, Engineering, Marketing, and Commercial teams to find compliant pathways for new initiatives, ensuring data protection accelerates rather than hinders business goals.
• Technology & Automation: Lead the implementation of state‑of‑the‑art AI technologies and automation tools to streamline data protection activities, from DPIA automation to intelligent data discovery and rights fulfillment.
• Regulatory Compliance: Ensure full compliance with UK GDPR, DPA 2018, PECR, DUAA, CCPA/CPRA and emerging regulations, while staying ahead of regulatory developments and their business implications.
• Risk Management: Conduct and oversee Data Protection Impact Assessments (DPIAs), manage data breach responses, and implement privacy‑by‑design principles across all technology platforms.
• Monitoring: Monitor and assess data processing activities to ensure ongoing compliance. Assess the lawful basis for processing activities and ensure appropriate documentation is in place. Maintain and regularly review the organisation’s Record of Processing Activities (ROPA) to ensure completeness and accuracy.
• Stakeholder Management: Act as the primary contact point for regulators (ICO), work closely with internal and external legal counsel, and represent the company in privacy‑related matters.
• Team Development: Build and lead a high‑performing data protection team, fostering a culture of innovation, urgency, and business partnership.
• International Expansion: Support the company’s US operations and international growth by navigating complex cross‑border data transfer requirements and multi‑jurisdictional compliance.
• Vendor Management: Lead privacy due diligence for third‑party vendors and partnerships, ensuring contractual protections align with business risk appetite.
• Training & Culture: Drive privacy awareness across the organisation through targeted training programmes and embed privacy considerations into business‑as‑usual processes.

We’re looking for

• Deep Regulatory Expertise: Comprehensive knowledge and hands‑on experience with UK data protection regulations (GDPR, DPA 2018, PECR, DUAA), with the ability to interpret complex requirements and provide pragmatic business guidance.
• FinTech / Tech Background: Proven experience in financial services or technology companies, understanding the unique privacy challenges of regulated financial products (including an understanding of consumer duty and vulnerability) and high‑growth tech environments.
• Technical Fluency: Strong technical acumen with experience using data protection tools, privacy management platforms, and automation technologies to streamline compliance processes.
• AI & Innovation: Experience with or strong willingness to adopt cutting‑edge AI technologies for privacy operations, from automated risk assessments to intelligent data processing.
• Problem‑Solving Mindset: Pragmatic approach to complex privacy challenges, with a track record of finding creative solutions that balance compliance requirements with customer outcomes and business objectives.
• Urgency & Business Focus: Demonstrated ability to work at pace in fast‑moving environments, with a philosophy that compliance should enable rather than block business progress.
• Leadership Experience: Proven ability to lead cross‑functional initiatives, influence senior stakeholders, and build high‑performing teams.
• Strategic Thinking: Experience translating regulatory requirements into business strategy, with the ability to anticipate future privacy challenges and opportunities.
• Professional Qualifications: A recognised data protection qualification such as IAPP’s CIPP/E, CIPM, CIPT, C‑DPO, or a BCS Practitioners certificate in Data Protection.
• US Privacy Expertise: Knowledge of CCPA/CPRA, state‑level US privacy laws, and experience managing multi‑jurisdictional compliance programmes.
• Professional Qualifications: AIGP – a certified AI Governance Professional would be highly desirable.
• Regulatory Relationships: Existing relationships with privacy regulators or experience managing regulatory inquiries.
• International Experience: Experience with international data transfers, adequacy decisions, and global privacy frameworks.
• Experience: Minimum of 2 years experience acting in a DPO capacity within a financial services or technology organisation.

Diversity & Inclusion

We welcome, consider and encourage applications from anyone who shares our commitment to inclusivity. Join us in creating a space where authenticity thrives, and everyone can do their best work.

Great Work Deserves Great Perks

• Private Healthcare including dental and opticians services through Vitality.
• Worldwide travel insurance through Vitality.
• Anniversary Rewards (£250, £500, £750, 4‑week fully paid sabbatical).
• Salary Sacrifice Pension Scheme up to 7% match.
• 28 days holiday (plus bank holidays).
• Annual Learning and Wellbeing Budget.
• Enhanced Parental Leave.
• Cycle to Work Scheme.
• Season Ticket Loan.
• 6 free therapy sessions per year.
• Dog Friendly Offices.
• Free drinks and snacks in our offices.