Data Protection Manager in Loughborough

PHP Law are a team of lawyers and other professionals who provide legal support and advice to schools and Trusts. We pride ourselves on providing friendly, professional and pragmatic support for our clients and having a great team environment.

We are seeking a highly motivated individual to manage our Data Protection Service for schools and academies, while also providing essential support for linked governance issues. This role will ensure the service meets all statutory and regulatory requirements, delivers high-quality support to educational institutions, and maintains the highest standards of compliance and administrative efficiency.

This is a role to support a well established, technically able and very friendly team. It reflects the increase of resources that are necessary to meet the current challenges. It recognises that Data Protection and requests are usually linked to other matters involving complaints, exclusions, grievances and SEN.

The post will require oversight and management of the service, but will be done in collaboration with the team and with full support and supervision.

• Oversee and manage the provision of Data Protection Officer (DPO) services and support to subscribing schools and academies.
• Act as the primary co-ordinator for all data protection matters within the service, specifically concerning the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 or any other legislation impacting the DPO service.
• Ensure the service is up-to-date with the latest Information Commissioner's Office (ICO) guidance, Department for Education (DfE) requirements, and other relevant legislation, regulatory or statutory guidance.
• Monitor and support schools in managing data breaches, subject access requests (SARs), and freedom of information requests (FOIs).
• Maintain and update all service documentation, policies, and guidance materials.
• Provide updates for Governing Boards and Trusts, with the possibility of remote attendance at meetings.

• Support the development and delivery of a comprehensive programme of training and workshops for school staff, governors, and other stakeholders on data protection best practices and compliance.
• Create and disseminate regular updates, alerts, and briefings to subscribing institutions regarding changes in legislation, guidance, and emerging data protection risks.

• Provide high-level, practical administrative support related to the formal complaints process within schools, ensuring adherence to statutory and local procedures.
• Assist schools with the administration of pupil exclusions, including reviewing documentation for governing board review meetings (Disciplinary Committees) and Independent Review Panels (IRPs), ensuring legal compliance.
• Maintain accurate and confidential records related to complaints and exclusions.

• Proven experience in a data protection compliance role, preferably within the education, public or regulated sectors.
• Excellent working knowledge of UK GDPR and the Data Protection Act 2018.
• Demonstrable experience of supporting operational teams in a school or Trust setting.
• Strong administrative and organisational skills, with experience in managing complex procedures such as complaints or exclusions.
• Excellent communication (written and verbal) and interpersonal skills, with the ability to provide clear, practical, and authoritative advice.

• Demonstrable day to day experience of the issues and requirements.
• A recognised Data Protection or Information Governance qualification (e.g., BCS, IAPP) or other relevant qualification.
• Knowledge of the school and academy landscape in England, including governance structures.
• Experience using case management systems for data protection or complex administration.

The postholder will be supported through an individually created and reviewed CPD program. The opportunity for personal professional development will be a central element of the role. There will be the opportunity to work with other teams, particularly Employment and HR colleagues where there is often overlap of the tasks and roles.

As a niche practice firm, we do things differently. PHP is multi-disciplinary and although regulated by the SRA, we have staff and partners who do not hold legal qualifications. We recognise the value of providing a broad service to our clients.

We represent Multi-academy trusts, single academies and maintained schools. We have good, professional relationships with Local Authorities and the DfE.

We have a flexible approach to hybrid working, and a genuine flexibility in how people work and when they work. We are also developing a range of employee benefits, we currently provide a NEST workplace pension, medical health insurance and flexible working initiatives.

We are based in Leicestershire and in Devon, but have clients across the country. This is a hybrid role - working from home with attendance at the head office or client premises as required. Remote working would also be considered depending upon the experience of the candidate, with a requirement to travel to client premises as required.

This is a role that would work for a full-time basis (37.5 hours per week) or term time plus 4 weeks. The remuneration for the right candidate would be between £38,000 and £44,500. There is an opportunity for progression and an employee bonus scheme.

This is a rolling vacancy and will therefore remain open until a suitable candidate is appointed.

Please provide a CV and covering letter. The covering letter should set out details of experience of Data Protection and Information Management, complaints, suspensions and exclusions within a school context. Provide details of experience of managing people. Any information about experience of school governance would be welcomed.