Senior Data Protection Analyst in Nottingham

Location: Flexible on location with visits to our office in Wimbledon as and when required.

Salary: Permanent Contract: Full Time

We have an exciting opportunity to join our Risk & Compliance team here at Domestic & General. The role plays a pivotal role in supporting and strengthening the organisation’s data protection and privacy compliance framework. It focuses on implementing and maintaining operational data protection processes, conducting data privacy risk assessments, supporting regulatory compliance, and ensuring personal data is processed in accordance with relevant legislation including the UK General Data Protection Regulation.

Key Responsibilities

• Provide support to the GDPO to help shape the design, implementation, and continuous improvement of the organisation’s data privacy framework.
• Monitor compliance with data privacy legislation, policies, and internal controls.
• Maintain and oversee RoPA, DPIAs, LIAs and associated documentation.
• Develop and implement data privacy policies, standards, and guidance.
• Identify, evaluate, and mitigate privacy risks across business functions.
• Lead and oversee DPIAs, TIAs, and high‑risk processing assessments.
• Advise on new initiatives, digital transformation programmes, and vendor engagements to ensure privacy by design and default.
• Ensure third‑party vendors comply with the organisation’s data privacy requirements.
• Lead the response to personal data breaches, including assessment, containment, remediation, and notification obligations to regulators and data subjects.
• Ensure effective root cause analysis and drive systemic improvements.
• Serve as a trusted advisor to first line business areas and other functions, such as Legal, Information Security, HR, Marketing, and Product teams.
• Review contracts and data privacy clauses in conjunction with Procurement and Legal teams.
• Provide expert advice on international data transfers and cross‑border processing.
• Develop and deliver privacy training, workshops, and awareness campaigns.
• Promote a privacy‑first culture across the organisation.
• Oversee processes related to data subject rights requests (DSRs), including access, rectification, and erasure requests.
• Ensure efficient handling of subject rights requests within statutory timelines.
• Coordinate compliance with applicable data privacy laws and guidance issued by regulators such as the Information Commissioner's Office.
• Manage responses to regulatory enquiries, investigations, and audits.
• Develop and maintain policies covering data retention, lawful processing, and international data transfers.
• Maintain records of processing activities as required under data privacy legislation.
• Act as a key point of contact with regulators, external auditors, and data subjects where required.
• Prepare regular reports for senior leadership, risk committees, and the GDPO.
• Mentor data privacy analysts and privacy specialists.
• Support the strategic development of the data protection function.
• Provide management information on a regular basis to demonstrate compliance for relevant business units and highlight any compliance gaps. This includes preparation of monthly KRIs.
• Horizon scan for changes to data privacy laws / regulations that could impact the business and raise these with the GDPO.
• Monitor regulatory developments and assess their impact on organisational operations.
• Working groups – attend and contribute where required.
• Provide cover for other members of the DP Team as required.

Skills And Experience Required

• Strong knowledge of applicable data privacy laws, e.g. UK GDPR, EU GDPR, DPA 2018, PECR/e-Privacy, and relevant industry standards.
• Proven experience of conducting operational day‑to‑day data privacy tasks, DPIAs, incident response, and regulatory interactions.
• Excellent communication, influencing, and stakeholder management skills.
• Ability to interpret complex legislation and translate into practical business advice.
• Recognised data privacy qualification is preferable but not essential, such as CIPP/E, CIPM, CIPT, BCS Data Protection, or equivalent.

Benefits

• Competitive salary and annual discretionary bonus.
• 25 days annual leave plus bank/public holidays, as well as an annual option to buy up to 5 additional days of annual leave.
• Training opportunities as well as clearly defined career progression.
• Health cash plan – employer funded cover to enable you to claim money back on essential healthcare costs, including dental, optical, physiotherapy and many more.
• Cover also includes unlimited access to a 24/7 virtual GP service.
• Attractive company pension scheme.
• Life assurance – employer funded cover of 4x basic salary.
• Dedicated online benefit portal offering access to saving and lending facilities, financial wellbeing and support services.
• Employee Assistance Programme – specialist advice and support on issues such as finance, relationships, illness and family issues.
• Free Domestic & General protection plan – one free plan each year with access to discounted rates of up to 50% on additional plans, including referrals for family and friends.
• Employee discounts – with a range of discounts for 100s of online and high street retailers.

Domestic & General are an equal opportunities employer which means we treat people fairly. We welcome applications from all suitably skilled persons regardless of their gender, age, race, disability, ethnic background, religion/belief, sexual orientation, gender reassignment or marital/family status.