Data Protection Officer

Why LNER? We go beyond. For everyone. Our vision is to be the most loved, progressive and responsible way to travel for generations to come. Now we're looking for the people who can deliver this, every day. Since we took over on the East Coast mainline, we've been changing the face of rail travel. Our new Azuma trains have brought faster journey times, more space and greater reliability. Our exciting plans to embrace new ideas, experiences, backgrounds and ambitions make this the ideal time to join. Bringing passion. Being bold. Always caring. Owning it. They're the values that make us LNER.

What you will be doing:

• We are looking for a Data Protection Officer to join the Business Services team, reporting into the Head of Legal.
• Your role will look something like this:

• Taking ownership of and overseeing data protection requests generated under the General Data Protection Regulation (GDPR) and Data Protection Act 2018 (DPA18).
• Ensuring these are handled promptly, accurately, and in compliance with legal requirements.
• Managing and overseeing data subject access requests (DSARs), rectifications, erasures, objections, and other rights-based requests, ensuring they are processed efficiently and in line with internal policies.
• Handling complex or high-risk DSARs and support the business in meeting its legal obligations.
• Providing ongoing guidance and training to employees, embedding a culture of compliance and ensuring staff understand their data protection responsibilities.
• Collaborating across the business to encourage best practices, challenging non-compliant processes, and promoting effective data protection measures.
• Fostering a culture of compliance throughout the organisation by providing ongoing guidance, training sessions, and resources to employees.
• Conducting regular audits—both physical and technical—to identify risks, ensure compliance, and drive improvements.
• Offering expert support and advice on data protection issues, acting as a key point of contact for employees needing guidance on regulations and best practices.
• Engaging in collaborative initiatives with DFTO, supporting joint efforts, working parties, and group-wide projects to strengthen compliance and align data protection approaches.
• Tracking and reporting on data requests, monitoring trends and identifying areas for process improvement.

What you'll need:

• Essential:

• Proven experience holding a Data Protection Officer (DPO) or equivalent position, with direct responsibility for overseeing data privacy compliance.
• A solid understanding of applicable data protection and information regulations, including best practice guidance from bodies like the Information Commissioner's Office.
• Familiarity with handling information disclosure requests, including timelines, procedures, and exemptions, along with an awareness of privacy laws and principles to ensure correct handling of sensitive data.
• Practical knowledge of privacy-by-design principles and the ability to integrate privacy considerations into the development of systems, processes, and products.
• Demonstrated ability to implement data protection programmes, conduct privacy impact assessments, and manage data breaches effectively.
• Strong grasp of data subject rights (e.g., access, rectification, erasure, restriction of processing) and proven experience dealing with such requests.
• Knowledge of data governance fundamentals, including data classification, data mapping, data retention, and data quality management.
• Excellent analytical and problem-solving skills, with the capability to identify, assess, and mitigate privacy risks.
• Strong communication and interpersonal skills for explaining complex data protection concepts to both technical and non-technical audiences.
• Ability to work effectively with cross-functional teams (e.g., legal, IT, security, business units) to align privacy objectives with broader organisational goals.
• Capacity to work both independently and collaboratively, maintaining high levels of accuracy and confidentiality.
• Flexibility to adapt to evolving privacy regulations and organisational priorities, applying these requirements in diverse contexts.
• A strong commitment to ethical standards, safeguarding privacy and confidentiality at all times.
• Proficiency in Microsoft Office applications (e.g., Excel, Word, Outlook) or equivalent productivity tools.
• Willingness to stay current on privacy regulations, industry best practices, and emerging trends through continual learning.
• Solid understanding of emerging trends and developments in data privacy, with a track record of practical implementation in varied contexts.

• Degree in a relevant field (e.g. Data Protection, Privacy Law, Information Security) or equivalent professional experience.
• Holds a recognised data protection certification (e.g., CIPP/E or BCS Practitioner), or can demonstrate equivalent expertise (e.g., previous certification or extensive proven experience).

If this sounds like you, what are you waiting for? Apply now!