At a Glance
- Tasks: Lead privacy initiatives in R&D and ensure ethical data management.
- Company: Join GSK, a global biopharma company with a mission to impact 2.5 billion lives.
- Benefits: Competitive salary, hybrid work model, and opportunities for professional growth.
- Other info: Collaborative environment with strong focus on personal and professional development.
- Why this job: Make a real difference in patient privacy while advancing innovative research.
- Qualifications: Degree in relevant field and experience in privacy or data protection.
The predicted salary is between 80000 - 100000 £ per year.
At GSK, we have bold ambitions for patients, aiming to positively impact the health of 2.5 billion people by the end of the decade. Our R&D focuses on discovering and delivering vaccines and medicines, combining our understanding of the immune system with cutting-edge technology to transform people’s lives. GSK fosters a culture ambitious for patients, accountable for impact, and committed to doing the right thing.
The Privacy Lead will serve as a trusted privacy advisor supporting Research & Development (R&D) and the Chief Patient Office (CPO) in embedding privacy-by-design across research, clinical development, patient-focused activities, and emerging digital capabilities. Working in partnership with Legal, the Data Protection Office, Information Security, Data Governance, business process owners, and external stakeholders, the Privacy Lead will help ensure personal data is managed responsibly, ethically, and in accordance with applicable regulatory requirements.
This highly collaborative role requires strong influencing skills, sound judgment, and the ability to translate privacy requirements into practical, risk-based solutions that enable scientific innovation while maintaining patient and participant trust.
Key Responsibilities- Support the R&D and CPO privacy strategy and contribute to the continued advancement of privacy-by-design principles across research and patient-focused activities.
- Provide privacy guidance and subject matter expertise to cross-functional teams involved in clinical research, real-world evidence, digital health, AI-enabled initiatives, and patient engagement activities.
- Partner with business leaders to identify privacy considerations early in project planning and operational execution.
- Promote a culture of responsible data use and privacy awareness across R&D and CPO.
- Lead and manage privacy impact assessments, privacy risk assessments, and related governance activities for processes involving personal data.
- Maintain oversight of privacy-related data inventories and records supporting regulatory compliance.
- Track privacy risks, develop mitigation strategies, and support reporting to relevant governance forums.
- Collaborate with stakeholders to drive continuous improvement in privacy controls, practices, and processes.
- Advise teams on the lawful, ethical, and responsible use of personal data across clinical trials, observational research, real-world studies, and digital health initiatives.
- Support interpretation and implementation of privacy requirements under UK GDPR, EU GDPR, US Data Protect and cross-border data transfer and other relevant global privacy frameworks.
- Coordinate privacy-related responses to incidents, individual right requests, audits, inspections, inquiries, and regulatory requests in partnership with Legal, Security, and Privacy Office colleagues.
- Support governance activities associated with the use and reuse of human biological samples and other sensitive research data.
- Build strong partnerships across R&D, CPO, Legal, Information Security, Risk, Compliance, and external partners.
- Develop and deliver privacy training, communications, and awareness initiatives.
- Influence stakeholders at all levels through clear communication and practical problem solving.
- Support privacy capability development across the organization through coaching, education, and knowledge sharing.
- Bachelor's degree in Law, Information Governance, Privacy, Computer Science, Life Sciences, or related discipline; or equivalent experience.
- Significant experience in privacy, data protection, information governance, compliance, or related disciplines.
- Experience conducting privacy impact assessments and privacy risk assessments.
- Working knowledge of UK GDPR, EU GDPR, US Data Protect and cross-border data transfer and privacy principles applicable to highly regulated environments.
- Experience influencing stakeholders across a complex matrix organization.
- Strong written, verbal, and presentation skills with the ability to explain complex concepts to non-specialist audiences.
- Professional privacy certification such as CIPP/E, CIPM, CIPT, or equivalent.
- Experience within pharmaceutical, biotechnology, healthcare, clinical research, or other regulated industries.
- Familiarity with global privacy regulations beyond UK/EU GDPR, US Data Protection including cross-border data transfer requirements.
- Experience supporting AI, advanced analytics, digital health, or innovative data-driven initiatives.
- Knowledge of governance processes related to clinical trials, real-world evidence, and human biological samples.
- Experience managing privacy incidents, individual rights requests, or regulatory interactions.
- Experience building communities of practice or leading cross-functional privacy initiatives without direct management responsibility.
This role is hybrid. You will be expected to work on-site in the UK office for part of the week, with flexibility agreed with your manager.
We want to hear from you. Please submit your CV and a short note explaining why this role matters to you and how your experience matches the role. We welcome applicants from people with varied backgrounds and lived experiences.
GSK is an Equal Opportunity Employer. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, genetic information (including family medical history), military service or any basis prohibited under federal, state or local law.
Privacy Lead – R&D / Chief Patient Office (CPO) employer: GlaxoSmithKline
GlaxoSmithKline is an exceptional employer, offering a dynamic work environment that fosters innovation and collaboration in the pharmaceutical industry. With a strong commitment to employee development, you will have access to numerous growth opportunities while enjoying a competitive salary, annual bonus, and a flexible hybrid working model that promotes work-life balance. Located in the UK, GSK's culture prioritises teamwork and inclusivity, making it a rewarding place for professionals passionate about making a difference in healthcare.