We're now recruiting a Data Protection Officer (DPO), a newly created role reporting to the Chief Risk Officer (CRO).
The Data Protection Officer (DPO) is responsible for overseeing the organisation's data protection strategy and ensuring compliance with data protection laws, including the UK GDPR and other relevant regulations. The DPO will act as the primary point of contact for data protection issues, advising the business on good practices and working cross-functionally to embed a culture of data protection within the organisation.
Key Responsibilities: Regulatory Compliance & Governance:
- Ensure the organisation's compliance with all applicable data protection laws and regulations, including UK GDPR and Data Protection Act 2018.
- Develop and maintain data protection policies, procedures, and frameworks.
- Monitor and review data processing activities, ensuring lawful, fair, and transparent processing.
- Conduct regular reviews to assess compliance with data protection laws and identify areas for improvement.
- Keep up to date with legislative changes and update internal policies accordingly.
Advisory & Stakeholder Engagement:
- Use practical experience of AI's impact on data governance and security to ensure development and adherence to good practices.
- Ensure stakeholders consider ethical, technological, and commercial factors when designing or using new customer data tools.
- Provide expert guidance and challenge to senior management and employees on data protection obligations and best practices.
- Act as the primary contact for regulatory authorities, including the ICO.
- Collaborate with Technology, Legal, HR, and other units to implement privacy-by-design in new projects and systems.
- Raise awareness and provide training on data protection principles across the organisation.
Data Subject Rights & Incident Management:
- Oversee data subject requests such as SARs, right to erasure, and data portability.
- Manage data breach response plans and ensure timely reporting to regulators and individuals.
- Supervise records of processing activities (RoPA) and DPIAs for high-risk processing.
- Maintain in-depth knowledge of data laws, regulations, and current best practices, including AI's impact on data protection.
- Apply strong analytical and technical skills to assess compliance risks, with knowledge of emerging technologies.
- Engage effectively with stakeholders at all levels through excellent communication skills.
- Influence decision-making and foster a culture of data security and compliance.
- Manage multiple priorities with strong attention to detail.
Qualifications & Experience:
- Bachelor's degree in Law, Compliance, IT, or related field (preferred).
- Relevant data protection certification (e.g., CIPP/E, CIPM, CDPO) is highly desirable.
- Proven experience in a data protection, compliance, or privacy role, preferably in Financial Services.
- Experience in regulated industries such as finance, healthcare, or tech is advantageous.
About us
AJ Bell is one of the UK's fastest-growing investment platforms, offering a broad range of solutions for professionals and DIY investors. With over 593,000 customers and assets exceeding £90.4 billion, we are committed to making investing accessible and straightforward. Listed on the London Stock Exchange's Main Market since December 2018, we are a FTSE 250 company.
Headquartered in Manchester with offices in London and Bristol, we employ over 1,500 staff and have been recognized as one of the UK's best workplaces for six consecutive years and as a Great Place to Work in 2024.
Our perks and benefits
- Starting holiday entitlement of 27 days, increasing with service, plus buy/sell options.
- Matched pension contributions up to 8%.
- Discretionary bonus, share schemes, health plans, private healthcare, gym membership, and more.
- Flexible working with a hybrid model, requiring at least 50% office presence.
At AJ Bell, we value an inclusive environment where everyone can bring their whole self to work.