Data Protection Practitioner
| Dyddiad hysbysebu: | 07 Ionawr 2026 |
|---|---|
| Cyflog: | £45,544 i £55,157 bob blwyddyn |
| Oriau: | Llawn Amser |
| Dyddiad cau: | 16 Ionawr 2026 |
| Lleoliad: | Cardiff, Bristol, Liverpool, Manchester, Telford, Croydon, Leeds, Newcastle, Nottingham, Stratford |
| Gweithio o bell: | Hybrid - gweithio o bell hyd at 2 ddiwrnod yr wythnos |
| Cwmni: | HMRC |
| Math o swydd: | Parhaol |
| Cyfeirnod swydd: | 441808 |
Crynodeb
About the Role
No two days are the same in this exciting and evolving role! One day you might be reviewing privacy risks related to a proposed new IT service, and the next you could be assessing how a change in data protection legislation could impact HMRC.
You will be assigned to the Policy, Advice and International Team, which is responsible for the provision of a large swathe of data protection advice, including policy direction, supporting International data sharing practices, assisting with the data protection aspects of security incidents, customer complaints, Individual’s Rights and IT systems. If successful, it is expected that you will be allocated to one of three mini teams working alongside a Grade 7 Data Protection Advisory Lead working within the IT Technical and Policy areas. You will be expected to demonstrate the willingness to apply data protection expertise flexibly depending on the needs of the team at any one time.
Person specification
Management of the Functional Mailboxes and Management of HO Data Protection Advisors. Be the point of escalation for complex Data Protection matters. You will also be expected to monitor emerging trends and produce management information.
Understanding the customer / business viewpoint and provide an independent oDPO response to complex complaints or enquiries.
You will also provide input to appropriate HMRC boards, internal committees and governance structures, and help to provide responses to Parliamentary Questions, FOIs and senior leader briefings in relation to data protection risks and issues;
You will work strategically across HMRC and wider Government to ensure HMRC is consistent with and represented in, the development of wider UK data protection policies now we have left the EU.
You will undertake research independently and as part of a wider team, analysing complex or novel business scenarios and thinking laterally and practically to identify data protection issues and risks and make recommendations for change. For example, you could be working on assessing the data protection risks arising from a technology project or a commercial outsourcing contract , in understanding the impacts of new guidance around complaints handling, identifying risks associated with international data flows and third-country assessments or looking at individual rights, data protection incidents and policy.
As a Data Protection Manager, you will be expected to become fully conversant with the main principles of data protection legislation and have the ability to translate and confidently communicate that understanding to support your colleagues, the wider Department and its suppliers.
Draft and support responses to senior leader briefings specifically relating to Individuals Rights and Data Breaches.
Support the team with general data protection duties, including:
Advising on Data Protection Impact Assessments (DPIAs).
Advise the business on privacy risks under UK GDPR and DPA 2018, with a focus on Part 3 (law enforcement processing) in the context of international cooperation.
Responding to security incidents, customer complaints, and supplier processing queries.
Contributing to policy development and internal governance boards.
A proactive, team-oriented approach with the ability to work independently and suggest innovative solutions. Strong communication and stakeholder engagement skills, with the ability to influence across organisational boundaries.
Resilience and adaptability in a fast-paced, evolving environment.
Essential Criteria:
A professional qualification or equivalent experience in data protection. A strong interest in, and relevant professional qualification or equivalent experience in, data protection and/or information governance.
Proven ability to interpret and apply data protection legislation, including the UK GDPR, Data Protection Act 2018, and Data (Use and Access) Act 2025, translating complex legal requirements into clear, practical advice tailored to business needs.
Demonstrable experience in reviewing and advising on Data Protection Impact Assessments (DPIAs), including assessing risks and recommending proportionate mitigations in a complex organisational setting.
Strong stakeholder engagement and influencing skills, with the confidence to challenge constructively and provide independent advice across a wide range of stakeholders.
Proficiency in Microsoft Office 365 tools.
Desirable Criteria:
Proven ability to interpret and communicate complex legal provisions in a clear, accessible way.
Experience in risk management and handling complaints.
Experience in international data transfers, risk management, and cross-border compliance.
Behaviours
We'll assess you against these behaviours during the selection process:
Managing a Quality Service
Communicating and Influencing
Delivering at Pace
Making Effective Decisions
No two days are the same in this exciting and evolving role! One day you might be reviewing privacy risks related to a proposed new IT service, and the next you could be assessing how a change in data protection legislation could impact HMRC.
You will be assigned to the Policy, Advice and International Team, which is responsible for the provision of a large swathe of data protection advice, including policy direction, supporting International data sharing practices, assisting with the data protection aspects of security incidents, customer complaints, Individual’s Rights and IT systems. If successful, it is expected that you will be allocated to one of three mini teams working alongside a Grade 7 Data Protection Advisory Lead working within the IT Technical and Policy areas. You will be expected to demonstrate the willingness to apply data protection expertise flexibly depending on the needs of the team at any one time.
Person specification
Management of the Functional Mailboxes and Management of HO Data Protection Advisors. Be the point of escalation for complex Data Protection matters. You will also be expected to monitor emerging trends and produce management information.
Understanding the customer / business viewpoint and provide an independent oDPO response to complex complaints or enquiries.
You will also provide input to appropriate HMRC boards, internal committees and governance structures, and help to provide responses to Parliamentary Questions, FOIs and senior leader briefings in relation to data protection risks and issues;
You will work strategically across HMRC and wider Government to ensure HMRC is consistent with and represented in, the development of wider UK data protection policies now we have left the EU.
You will undertake research independently and as part of a wider team, analysing complex or novel business scenarios and thinking laterally and practically to identify data protection issues and risks and make recommendations for change. For example, you could be working on assessing the data protection risks arising from a technology project or a commercial outsourcing contract , in understanding the impacts of new guidance around complaints handling, identifying risks associated with international data flows and third-country assessments or looking at individual rights, data protection incidents and policy.
As a Data Protection Manager, you will be expected to become fully conversant with the main principles of data protection legislation and have the ability to translate and confidently communicate that understanding to support your colleagues, the wider Department and its suppliers.
Draft and support responses to senior leader briefings specifically relating to Individuals Rights and Data Breaches.
Support the team with general data protection duties, including:
Advising on Data Protection Impact Assessments (DPIAs).
Advise the business on privacy risks under UK GDPR and DPA 2018, with a focus on Part 3 (law enforcement processing) in the context of international cooperation.
Responding to security incidents, customer complaints, and supplier processing queries.
Contributing to policy development and internal governance boards.
A proactive, team-oriented approach with the ability to work independently and suggest innovative solutions. Strong communication and stakeholder engagement skills, with the ability to influence across organisational boundaries.
Resilience and adaptability in a fast-paced, evolving environment.
Essential Criteria:
A professional qualification or equivalent experience in data protection. A strong interest in, and relevant professional qualification or equivalent experience in, data protection and/or information governance.
Proven ability to interpret and apply data protection legislation, including the UK GDPR, Data Protection Act 2018, and Data (Use and Access) Act 2025, translating complex legal requirements into clear, practical advice tailored to business needs.
Demonstrable experience in reviewing and advising on Data Protection Impact Assessments (DPIAs), including assessing risks and recommending proportionate mitigations in a complex organisational setting.
Strong stakeholder engagement and influencing skills, with the confidence to challenge constructively and provide independent advice across a wide range of stakeholders.
Proficiency in Microsoft Office 365 tools.
Desirable Criteria:
Proven ability to interpret and communicate complex legal provisions in a clear, accessible way.
Experience in risk management and handling complaints.
Experience in international data transfers, risk management, and cross-border compliance.
Behaviours
We'll assess you against these behaviours during the selection process:
Managing a Quality Service
Communicating and Influencing
Delivering at Pace
Making Effective Decisions