Data Governance and Privacy Manager

The Data Governance Team, as part of the GDS Product, Strategy, Planning and Performance directorate, provides specialist expertise and leadership across the Government Digital Service. GDS has specialist data protection requirements and needs extensive data governance controls to be designed and incorporated into product development. Strong privacy controls designed and built from the outset maintain users' confidence in the digital services delivered by GDS. The Data Governance team has an excellent track record for their enabling and pragmatic attitudes to support delivery teams in achieving GDS’s strategic objectives at a fast pace whilst balancing robust data protection compliance.

The postholder will lead on delivering data protection excellence across GDS in products such as the GOV.UK web platform, App, analytics and new and upcoming products such as GOV.UK Chat.

As a Data Governance and Privacy Manager, you will:

• Support the Data Protection Lead to ensure the GDS Product Group complies with data protection law by delivering flexible and pragmatic governance practices that enable delivery at pace.
• Lead and deliver high quality Data Protection Impact Assessments (DPIAs), Privacy Notices and Records of Processing Activities for new projects at pace.
• Support other key processes including delivering data subject rights and managing personal data incidents.
• Identify, assess and manage data protection risks, ensuring that risks are appropriately escalated to the Data Protection Lead and GDS Senior Management.
• Design and deliver training to ensure GDS staff understand data protection obligations and best practices, fostering a culture of data privacy at all levels.
• Work closely with GDS colleagues to build trust.
• Deliver high quality written and verbal briefings to all levels, including delivery managers and senior management.
• Work closely with external stakeholders such as the Information Commissioner’s Office (ICO) and privacy groups to ensure compliance and address queries.
• Provide proactive support to the Data Protection Lead to manage compliance, identify risks, and deliver strategic objectives.
• Prioritise effectively to manage a high volume, fast paced and frequently evolving workload.
• Manage workload to ensure that priorities align with strategic and team objectives and deadlines are met.
• Provide expert advice and direction on complex and novel forms of processing, especially on AI.
• Balance legal requirements against the need to deliver innovative solutions to benefit the public, supporting timely delivery of demanding GDS targets.

We’re interested in people who have:

• Experience at delivering data protection compliance within complex digital projects with the ability to enable the use of innovative techniques such as the use of AI.
• A strong understanding of data protection law (e.g. UK GDPR, DPA 2018).
• Hold a relevant privacy qualification such as IAPP (CIPP/E, CIPM) or PDP, with experience of delivering data protection within fast paced organisations.
• Proven experience in managing multiple complex tasks simultaneously, prioritising workload and meeting challenging deadlines in a fast paced environment.
• The ability to work under pressure and adjust priorities where necessary.
• Extensive experience of delivering Data Protection Impact Assessments which enable delivery and mitigate risks through pragmatic solutions.
• The ability to proactively identify risks and opportunities for improvement.
• Proven experience of using excellent verbal and written communication skills to build strong relationships and influence data protection practices.
• Skills in translating data protection requirements into clear, practical advice.
• Strong experience of working as part of a team, collaborating effectively with colleagues to achieve collective goals and enhance team performance.

There are many benefits of working at GDS, including:

• Flexible hybrid working with flexi-time and the option to work part-time or condensed hours.
• A Civil Service Pension with an average employer contribution of 28.97%.
• 25 days of annual leave, increasing by a day each year up to a maximum of 30 days.
• An extra day off for the King’s birthday.
• An in-year bonus scheme to recognise high performance.
• Career progression and coaching, including a training budget for personal development.
• A focus on wellbeing with access to an employee assistance programme.
• Job satisfaction from making government services easier to use and more inclusive for people across the UK.
• Advances on pay, including for travel season tickets.
• Cycle to work scheme and facilities.
• Access to an employee discounts scheme.
• 10 learning days per year.
• Volunteering opportunities (5 special leave days per year).
• Access to a suite of learning activities through Civil Service learning.
• Access to children's holiday play schemes across different locations in central London.

Any move to Government Digital Service from another employer will mean you can no longer access childcare vouchers. This includes moves between government departments. You may however be eligible for other government schemes, including Tax Free Childcare.

The Department operates a discretionary hybrid working policy, which provides for a combination of working hours from your place of work and from your home in the UK. The current expectation for staff is to attend the office or non-home based location for 40-60% of the time over the accounting period. DSIT does not normally offer full home working (i.e. working at home); but we do offer a variety of flexible working options (including occasionally working from home).

Artificial intelligence can be a useful tool to support your application, however, all examples and statements provided must be truthful, factually accurate and taken directly from your own experience. Where plagiarism has been identified (presenting the ideas and experiences of others, or generated by artificial intelligence, as your own) applications may be withdrawn and internal candidates may be subject to disciplinary action.

The standard selection process for roles at GDS consists of:

• A simple application screening process - we only ask for a CV and cover letter of up to 1000 words. Important tip - please ensure that your cover letter includes how you meet the skills and experience listed in the “person specification” section above.
• Successful candidates will then be asked to attend a 60 minute video interview.

In order to assist candidates with this role, we will be holding a virtual recruitment event on Monday 2nd February at 12:00 to 13:00 where we will introduce you to what it is like to be a Data Governance & Privacy Manager at the Government Digital Service, the team that you will be potentially working with and a bit about how the application and interview process works within the civil service. There will also be time to answer any questions.

If you would like to join this recruitment open day session, access the session using the provided Google link.

Depending on how many applications we get, there might also be an extra stage before the video interview, for example a phone interview or a technical exercise. In the event we receive a high volume of applications, we will conduct the initial sift against the lead criteria which is: experience at delivering data protection compliance within complex digital projects with the ability to enable the use of innovative techniques such as the use of AI.

In the Civil Service, we use Success Profiles to evaluate your skills and ability. This gives us the best possible chance of finding the right person for the job, increases performance and improves diversity and inclusivity. We’ll be assessing your technical abilities, skills, experience and behaviours that are relevant to this role.

We’ll also be assessing your experience and specialist technical skills against the following skills defined in the Government Digital and Data Capability Framework for the Data Governance and Privacy Manager role:

• Data ethics and privacy.
• Enabling and informing risk-based decisions.
• Stakeholder relationship management.
• Communicating analysis and insight.
• Strategic thinking.
• Communicating between the technical and non-technical.

Recruitment Timeline:

• Sift completion: 20th February 2026.
• Panel interviews: 2nd March 2026.

Candidates that do not pass the interview but have demonstrated an acceptable standard may be considered for similar roles at a lower grade. A reserve list will be held for a period of 12 months, from which further appointments can be made.

Please note that this role requires SC clearance, which would normally need 5 years’ UK residency in the past 5 years. This is not an absolute requirement, but supplementary checks may be needed where individuals have not lived in the UK for that period. This may mean your security clearance (and therefore your appointment) will take longer or, in some cases, not be possible. For meaningful checks to be carried out, you will need to have lived in the UK for a sufficient period of time, to enable appropriate checks to be carried out and produce a result which provides the required level of assurance. Whilst a lack of UK residency in itself is not necessarily a bar to a security clearance, an expectation of UK residency may range from 3 to 5 years. Failure to meet the residency requirements needed for the role may result in the withdrawal of provisional job offers.

Sponsorship: DSIT cannot offer Visa sponsorship to candidates through this campaign. DSIT holds a Visa sponsorship licence but this can only be used for certain roles and this campaign does not qualify.