Data Protection Manager

Rolls-Royce Motor Cars Ltd is looking for a Data Protection Manager. The Governance team safeguards the company’s reputation as a global luxury brand by fostering a culture of good governance and embedding best-practice frameworks, processes and systems spanning Data Privacy, Information Protection and Trade Compliance. We drive a collaborative approach to governance—balancing risk mitigation with enabling business operations and new innovation. This role is based at Goodwood.

What awaits you?

• Manage, maintain and continually improve the Governance systems of Rolls-Royce Motor Cars, ensuring compliance with global and local regulations across key areas such as Data Privacy, Information Protection and Trade Compliance.
• Act as a Data Protection subject matter expert and trusted advisor to the global organisation, embedding privacy by design and default into business operations.
• Develop and deliver engaging communications, training, and briefing sessions to promote awareness and a strong culture of compliance across all levels.
• Conduct risk assessments and spot checks, maintaining measurement frameworks to monitor control effectiveness, and generate management reporting for the local Board and central functions.
• Lead and motivate a global network of champions to foster a proactive compliance culture aligned with organisational risks.
• Stay ahead of emerging regulatory and business risks, challenging existing practices and support the implementation of innovative, compliant business solutions.
• Influence and partner with internal stakeholders and Group function leads (e.g., Data Protection, Information Protection, Export Control, Legal, Internal Audit) to align governance practices and review compliance instruments for suitability.
• Support external relationships and negotiations with suppliers, dealerships, government agencies, and regulators on governance matters such as data processing agreements and regulatory inquiries.
• Drive a collaborative approach to governance, balancing risk mitigation with enabling business innovation.

What you should bring?

• Deep expertise in Data Privacy with a solid understanding of UK GDPR & PECR and the ability to translate requirements into clear actionable guidance.
• Knowledge of other global privacy regulations advantageous.
• Experience in an international business environment; automotive industry experience preferred.
• Professional Data Privacy qualification essential, additional qualifications in Information Security or International Trade advantageous.
• A solid general understanding of IT systems, architecture and data management highly desired. Familiarity with IT security standards such as ISO27001/NIST 2 etc. advantageous.
• Experience in leading complex privacy assessments, comfortable completing PIA’s, TIA’s, DPA/DSA’s, TOM’s evaluations, RoPA’s etc.
• Familiarity with AI governance and emerging regulatory frameworks.
• Proven ability to communicate complex issues clearly and influence diverse stakeholders, including delivering difficult messages.
• Strong negotiation, facilitation, and networking skills, with a collaborative mindset to achieve mutually beneficial outcomes.
• Excellent analytical skills with a commercial awareness mindset and the ability to interpret and present data concisely.
• Passion for delivering excellent customer service internally and externally.
• Self-driven, entrepreneurial spirit with strong project management experience handling multiple priorities.
• Proficient in Microsoft Office suite (Excel, Word, PowerPoint).

Closing Date: Thursday 28th May.

At BMW Group, we are committed to offering our employees the right balance between work and personal life. We pride ourselves on being a flexible employer, so please discuss your individual requirements as part of the application process to help us agree on a suitable arrangement. We place great importance on equal treatment and equal opportunities. Our recruiting decisions are based on the personality, experience, and skills of the applicants.

Successful candidates will be required to complete background screening checks, and the offer of employment will be subject to satisfactory results. These checks include references, right to work, IT system Compliance Integrity Check (COIN), CV, and relevant qualifications. Additional checks may include criminal records, adverse financial (credit), directorships, address verification, internet research, and/or driving licence. If you have any queries about these checks, please discuss them with us, and we will be happy to provide further details.