Data Protection Officer in City of Westminster

Affidea UK and Fortius Clinic are looking for an experienced and highly motivated Data Protection Officer (DPO) to act as our organisation’s designated DPO under the UK GDPR and Data Protection Act 2018. This is a key leadership role with independent oversight, direct access to senior leadership, and functional alignment with the Group Data Protection Officer. You will play a critical role in embedding a culture of data protection excellence across the organisation, ensuring the consistent implementation of Affidea’s group data protection framework within the UK.

Key Responsibilities

• Governance & Compliance
  • Act as the named DPO under UK GDPR and the Data Protection Act 2018
  • Develop, maintain, and continuously improve data protection policies, frameworks, and procedures
  • Monitor compliance, including NHS Data Security and Protection (DSP) Toolkit requirements
  • Maintain and oversee the Record of Processing Activities (ROPA)
  • Lead and oversee Data Protection Impact Assessments (DPIAs)
  • Ensure implementation of data protection standards, privacy notices, retention frameworks, and local controls
  • Maintain clear documentation and elevate significant risks to senior leadership and Group DPO
• Regulatory Engagement
  • Serve as the primary contact for the Information Commissioner’s Office (ICO)
  • Managing regulatory audits, investigations, and enquiries
  • Track regulatory developments and provide expert guidance
• Data Subject Rights & Incidents
  • Oversee responses to DSARs and other data subject rights requests
  • Lead data breach response, including assessment and notification where required
  • Maintain and report on incident and breach logs
• Third Parties & Contracts
  • Advise on data processing agreements, data sharing agreements, and international data transfers
  • Conduct due diligence on third-party processors
  • Provide data protection input into procurement, contracts, and technology implementation
• Culture, Training & Advisory
  • Deliver and oversee tailored data protection training across the organisation
  • Advise clinical, operational, and digital teams on data protection matters
  • Promote privacy by design and default
  • Support governance around AI use and emerging technologies
  • Participate in or chair Information Governance forums

About You

Qualifications

• Recognised data protection qualification (e.g. CIPP/E, BCS Certificate in Data Protection, IAPP)
• Full UK driving licence
• Willingness to travel regularly across UK sites

Experience

• Strong expertise in UK GDPR and Data Protection Act 2018
• Experience engaging with the ICO
• Hands‑on experience managing: DPIAs, ROPAs, DSARs, Data breaches
• Experience working in a regulated environment (healthcare preferred)
• Knowledge of NHS information governance standards (DSP Toolkit, Data Security Standards)
• Proven ability to influence senior stakeholders
• Experience embedding privacy in digital, IT, or AI‑driven projects

Skills & Competencies

• Strong communication and stakeholder management skills
• Ability to translate legal requirements into practical, risk‑based advice
• High attention to detail with strong documentation capabilities
• Proactive, solutions‑focused mindset
• Solid understanding of IT systems and cybersecurity fundamentals
• Proficiency in Microsoft 365 and digital tools

Why Join Us?

• Play a strategic, high‑impact role in a leading healthcare organisation
• Work closely with senior leadership and contribute to organisational governance
• Influence how data protection supports innovation, including digital and AI initiatives
• Be part of a collaborative environment committed to high standards of care and compliance