Data Protection and Compliance Support Officer (Zendesk) in City of Westminster

Reporting to Data Protection & Compliance Lead (day-to-day) and Data Protection Officer (formal oversight).

Hours: Part‑time (5 days per week – hours to be agreed).

Role Purpose

To support the delivery of Reform UK Party Ltd’s data protection and compliance programme by acting as the first‑line handler of Subject Access Requests (SARs), data rights requests, complaints, and suppression requests through the Zendesk platform. This role is central to ensuring the Party meets its legal obligations under the UK GDPR, Data Protection Act 2018, Data Use and Access Act 2025, and PECR 2003, while also supporting the rollout of a new public‑facing Compliance Portal and transparency framework. You will play a key role in restoring and maintaining operational control, consistency, and audit readiness across all data protection interactions.

Key Responsibilities

• Act as the primary handler of inbound Zendesk tickets, including:

• Subject Access Requests (SARs)
• Data rectification and erasure requests
• Objections to processing (Article 21)
• Suppression (“do not contact”) requests
• General data protection enquiries and complaints

• Logged correctly
• Categorised appropriately
• Tracked against statutory deadlines (e.g. 30 days under UK GDPR Article 12)

• Apply Article 12(6) UK GDPR identity verification requirements where necessary
• Ensure requests are valid before progressing
• Issue acknowledgements and manage intake communications using approved templates

• Liaise with internal teams (Membership, Campaigns, IT, Legal, Treasury) to:

• Identify whether personal data is held
• Retrieve relevant datasets
• Confirm data sources and processing purposes

• Escalate to Legal / DPO for review, redaction and sign‑off prior to disclosure

• Maintain and update suppression records to ensure individuals do not receive further communications where requested
• Ensure suppression requests are correctly reflected across systems (e.g. Reform Pro, mailing workflows)
• Support transition to automated suppression via the Compliance Portal

• Support the rollout and operation of the Compliance Portal, including:

• Processing requests submitted via online forms
• Monitoring portal‑driven workflows
• Ensuring alignment between portal submissions and Zendesk tickets

• Maintain accurate records of:

• Requests received
• Actions taken
• Deadlines and outcomes

• Volume and type of requests
• Response times
• Compliance performance indicators

• Identify and engage:

• Complex or high‑risk requests
• Potential data breaches or systemic issues
• Repeated or vexatious request patterns

Person Specification

• Strong organisational and administrative skills
• High attention to detail and ability to handle sensitive information confidentially
• Clear written communication skills (professional and structured)
• Ability to follow defined processes and workflows
• Comfortable working with digital systems (Zendesk or similar ticketing platforms)
• Experience in:

• Customer service or case handling roles
• CRM or ticketing systems (e.g. Zendesk, Intercom)

• UK GDPR principles and individual rights
• Political campaigning or electoral processes

Key Behaviours

• Accuracy over speed – getting it right matters
• Calm under pressure – especially when handling complaints or high volumes
• Structured thinker – able to follow and apply processes consistently
• Discreet and professional – handling sensitive personal data appropriately
• Proactive – identifies issues and suggests improvements

Governance & Accountability

All work is undertaken under the direction of the Data Protection & Compliance Lead (operational control) and Data Protection Officer (legal oversight). Final decisions on disclosure, refusal, or exemptions remain with the DPO / Legal. The role operates within the Party’s Data Protection & Information Governance Framework.

Why This Role Matters

This is not a standard admin role. It will sit at the heart of:

• Legal compliance
• Public trust
• Regulatory scrutiny (ICO, Electoral Commission)
• Operational efficiency

Handled well, it:

• Prevents regulatory escalation
• Enables scalable, automated compliance via Zendesk and the Compliance Portal

Future Development

The role is expected to evolve as:

• Zendesk automation increases
• The Compliance Portal becomes fully operational

There is potential for:

• Increased responsibility
• Greater involvement in compliance operations
• Expansion into wider governance or data protection support functions