Head of Data Protection (6 month FTC) in Glasgow

Our client is a highly diversified international media and technology group with a rich heritage and a modern, digital-first outlook. Their portfolio spans traditional publishing, digital subscriptions, and specialized data services, reaching a global audience from young consumers to specialized researchers. They are currently undergoing a significant digital transformation, putting data-driven insights and customer trust at the heart of their future growth.

The successful candidate will join the Group Risk & Compliance function, and report to the Head of Compliance & Group Company Secretary. You will lead the development and delivery of the Group’s risk and privacy frameworks, ensuring the business can safely harness the potential of its vast and varied customer data sets.

• Scale: Manage compliance across a dynamic array of systems, suppliers, and international jurisdictions (UK, US, and beyond).
• Innovation: Support the Artificial Intelligence working group and Data Governance Council to ensure ethical data use in emerging tech.
• Leadership: Direct a Data Protection Manager and establish a group-wide network of ‘Privacy Champions.’
• Specialist Focus: A key part of the remit involves managing complex data subjects, including children’s data frameworks and global marketing permissions.

This role is a 6 month FTC and the firm is flexible on location - period travel into the office may be required however the right individual is the key hiring criteria.

• Subject Matter Expertise: A proven track record in a senior advisory capacity, acting as a technical expert on UK GDPR and PECR.
• Professional Credentials: Must hold at least one recognized industry qualification, such as CIPP/E or CIPM.
• Leadership: Experience in line management and the professional development of privacy/compliance staff.
• Framework Development: Demonstrated experience designing and embedding group-wide data protection policies and procedural improvements.
• Regulatory & Contractual Oversight: Experience leading on regulatory change and managing complex data-related contracts (e.g., DPAs, UK IDTA) within a commercial environment.
• Incident Response: Proven ability to lead and guide a business through the lifecycle of a data protection breach.
• Specialized Data Governance: Practical experience managing high-risk data categories, specifically focusing on age-appropriate design and robust control frameworks for younger audiences.

• Emerging Tech: Familiarity with the privacy implications of Artificial Intelligence (AI) and Large Language Models (LLMs).
• Broader Governance: Experience with Information Governance frameworks, records management, and data retention protocols.
• Training Delivery: A history of creating and delivering engaging privacy awareness programs, via both face-to-face and digital/e-learning platforms.
• Privacy Tech: Experience implementing or utilizing dedicated DP software for ROPAs (Registers of Processing Activity) or incident reporting.
• Global Reach: A working knowledge of international privacy landscapes, including US state-level or federal regulations (e.g., CPRA).