Explore roles
Contractair Ltd
Data Protection Lead/Privacy Manager
£40,000
- £45,000
Kidderminster
Remote or hybrid
RECENTLY POSTED
Graduate
Junior
Mid
Senior
Leader
Description
Responsible for managing the organisation’s data protection and privacy compliance in an SME environment with fewer than 250 employees operating across the UK EU and Switzerland. This role provides pragmatic, proportionate GDPR compliance. The focus is on practical risk management, operational compliance and acting as the internal point of contact for data protection matters.
MAIN DUTIES AND RESPONSIBILITIES:
Responsible for the following activities, including but not limited to:
GDPR Compliance & Governance
Maintain proportionate GDPR policies, notices, and procedures suitable for an SME.
Maintain Records of Processing Activities (RoPA) in line with Article 30 requirements applicable to SMEs.
Support privacy-by-design principles in new projects and systems.
Conduct and document low-risk DPIAs where required; escalate higher-risk matters for external advice.
Data Subject Rights
Act as the primary contact for data subject rights requests (including DSARs).
Coordinate responses across HR, IT, and business teams.
Ensure statutory deadlines are met under UK GDPR, EU GDPR and Swiss data protection law (FADP).
Incident & Breach Management
Maintain a personal data breach register.
Coordinate initial assessment and response to suspected data breaches.
Support notification decisions and documentation, seeking external advice where appropriate.
Third-Party & International Transfers
Conduct GDPR due diligence on key suppliers and processors.
Ensure appropriate Article 28 processor agreements are in place.
Maintain oversight of EU,UK and Swiss data transfers and reliance on UK adequacy.
Identify and escalate any onward transfers outside the UK/EU/Switzerland
Training & Awareness
Deliver practical GDPR awareness training for staff.
Act as a day-to-day point of contact for data protection queries.
Monitoring & Reporting
Monitor compliance with internal controls and policies.
Provide concise updates to senior management on GDPR risks and compliance status.
QUALIFICATIONS & REQUIREMENTS:
Practical working knowledge of UK GDPR and EU GDPR
Knowledge of Swiss data protection law an advantage
Experience managing DSARs, basic DPIAs, and data breach response Ability to apply GDPR proportionately in a commercial SME environment
Strong organisational and stakeholder management skills
Experience operating across UK and EU jurisdictions Familiarity with processor management and international data transfers Privacy, compliance, or risk management certification (or equivalent experience)
Experience managing and maintaining an ISO9001:2015 aligned QMS desirable
KEY COMPETENCIES:
Achieving Results
Communication
Self-Awareness
Risk Management
Data Subject Rights
Influencer
Organisational Skills
WHAT WE OFFER:
Permanent position
Location: Hartlebury or remote
Schedule: Mon to Fri 37.5 hours per week
Salary: £40 - £45k per annum
Benefits: EAP, Pension, Company gifts for Long Service/Wedding/Adoption, Cycle to Work Scheme, Free Parking
Role tech stack
Processing
Contractair Ltd
Data Protection Lead/Privacy Manager
£40,000 - £45,000
Share role