Privacy Specialist - Risk & Compliance

Hours: Monday to Friday, 09:00 - 17:00 (35 hours per week). Happy to talk flexible working.

Location: London or Liverpool

Benefits: At Hill Dickinson we understand that incentives go far beyond a good salary, so we have created a comprehensive benefits package tailored around our people. Here Are Some Examples Of What We Offer:

• Annual leave starting at 25 days
• Annual bonus scheme
• Birthday privilege day and Christmas shutdown
• Holiday buy, sell and carryover scheme
• 2 charity volunteering or pro bono days
• Optional private medical insurance via BUPA
• Annual fitness allowance
• Flexible pension scheme
• ISA saving scheme and independent financial advice
• Electric or hybrid vehicle lease scheme
• Medicash
• EAP with access to counselling
• Enhanced family leave policies
• Access to confidential, expert support via Fertifa in relation to reproductive health and wellbeing
• Access to 10 days fully subsidised emergency or back-up care per year via Bright Horizons
• Life assurance
• Group income protection
• Annual travel season ticket loan
• Hybrid working and dress for your day policy
• Bespoke training and development opportunities
• Financial contribution towards home working equipment

Role Overview: You will be at the forefront of the firm’s data protection and privacy operations, playing a critical role in safeguarding personal data and supporting the firm’s regulatory compliance and risk management objectives. As a key member of the Risk & Compliance Department, you will work collaboratively with colleagues across risk and compliance including those in audit, supplier/third party management, business acceptance and our business group sectors to ensure data protection requirements are embedded across the business. Your work will have a direct and ongoing impact on the firm’s ability to operate compliantly, maintain stakeholder and client trust, and manage data-related risk effectively.

The Privacy Specialist role plays a key part in the continued success of the Risk & Compliance team. Working as an integral member of the team while also operating with a high degree of autonomy, the role supports the identification, analysis, and investigation of data protection and privacy risks across the organisation. The Privacy Specialist reviews business activities against data protection policies, procedures, and regulatory requirements, and works closely with stakeholders to provide expert guidance and proportionate challenge. Through both collaborative engagement and independent ownership of assigned matters, the role helps to promote high standards of data handling, support consistent compliance, and embed a strong data protection culture across the firm.

Key Responsibilities:

• Processing and actioning data subject rights requests (including subject access requests) and data protection complaints, resolving complex matters and engaging with relevant teams and stakeholders as required to manage risk and outcomes effectively as well as liaising directly with data subjects and their representatives.
• Working independently on a day-to-day basis to provide data protection advice and answer queries, working with business stakeholders to resolve issues and implement appropriate remedial actions (where appropriate).
• Proactively working with stakeholders to identify emerging risks, trends, and systemic issues, and supporting the Head of Data Protection with insights and recommendations.
• Responsible for the management of Hill Dickinson’s Data Protection mailbox, including triage, allocation, and assessment of risk and complexity using expertise in data protection law and best practice.
• Ensuring regulatory deadlines are met and workload is prioritised effectively across competing demands.
• Managing the instruction of internal and external legal or subject matter expert advice, interpreting and implementing advice provided and challenging where necessary to ensure proportionate and practical outcomes.
• Reviewing, maintaining, and supporting Records of Processing Activities (ROPAs), Data Protection Impact Assessments (DPIAs), and Transfer Risk Assessments (TRAs).
• Ensure the timely escalation of material data protection risks, incidents, or non-compliance issues to the Head of Data Protection and senior management, in line with internal escalation procedures.
• Supporting the Head of Data Protection in implementing, embedding, and driving improvements to data protection governance, processes, and culture across the firm.
• Ensuring follow-up actions arising from regulatory engagement, audits, and complaints are completed in a timely manner, working collaboratively with stakeholders across the business.
• Leading on regulatory matters, including engagement and correspondence with the regulator where required.
• Advising stakeholders and independently assessing data protection risk in relation to personal data breaches, including determining notification requirements, coordinating responses, and escalating to key stakeholders as appropriate.
• Responsible for monitoring data protection metrics, running reports, and maintaining oversight of volumes, trends, and risk indicators.
• Identifying key trends through reporting and analysis to inform continuous improvement of data protection policies, procedures, and controls.
• Supporting on supplier and third party onboarding due diligence from a data protection perspective, including assessing privacy risk, reviewing Supplier/Third party questionnaires, and advising on appropriate safeguards and mitigations.
• Reviewing and advising on data protection clauses within commercial, supplier, and client contracts, including data processing agreements, information sharing provisions, and liability provisions relating to personal data.
• Providing advice and oversight on cross border data transfers, including assessment of international data flows, implementation of appropriate transfer mechanisms, and ongoing compliance with international data protection obligations.
• Mentoring and developing Risk and Compliance Officers, building capability and knowledge across the team in data protection compliance and risk management.
• Identifying weaknesses or gaps within data protection policies, procedures, and processes, managing associated risks, and leading or contributing to improvement initiatives and projects as required.

What Are We Looking For:

Important criteria:

• Strong, relevant legal knowledge and practical experience in data protection and privacy law, with the ability to interpret and apply regulatory requirements in a pragmatic and commercially focused manner. A CIPP/E qualification is beneficial but not essential.
• Proven experience in managing and resolving contentious and sensitive matters, including effective written and verbal communication with clients, third parties, litigants, and internal stakeholders.
• Highly organised, with a strong eye for accuracy and detail, and the ability to prioritise workloads and manage multiple matters concurrently while meeting regulatory deadlines.
• Excellent drafting skills, with the ability to produce clear, concise, and high quality written communications, policies, and formal responses on complex data protection issues.
• Strong commercial awareness, demonstrating sound judgement and pragmatism when balancing legal risk, regulatory obligations, and business objectives.

If you don't meet all of the criteria above but feel that you could add real value to Hill Dickinson, we encourage you to apply and if successful, we can help you develop along the way.

Equality, Diversity and Inclusion:

Hill Dickinson is committed to providing fairness and equal opportunity for all regardless of age, gender, gender identity, ethnic origin, disability, sexual orientation, marital or transgender status, nationality, religion or belief. We understand that our power as a firm comes from empowering our people and that it is only by encouraging and enabling individuals to be themselves at work that we can truly benefit from their rich and varied strengths. Hill Dickinson is an equal opportunities employer. All applications received by the firm will be considered based on their merit alone and we welcome applications from all suitably qualified individuals regardless of background and from all routes to qualification, with both the SRA and CILEx.

Disability Support:

We are a Disability Confident employer, which means if there is anything that we can do to make your visit easier, so you are able to perform at your best, please let us know. You can contact the HR team at hrteam@hilldickinson.com should you require any adjustments to the application or interview process.

At Hill Dickinson, we welcome applications from individuals that are looking to return to the law as well as all routes to qualification, with both the SRA and CILEx. All successful candidates will be subject to our standard pre-employment screening, including a basic criminal record check via Disclosure and Barring Service. Any offer of employment made is conditional upon completion of all checks.

Due to the high response levels we receive for some vacancies, we may expire any of them prior to the advertised closing date and advise you to submit your application as soon as possible.