Menu

Data Protection Officer

Job details
Posting date: 18 February 2026
Salary: Not specified
Additional salary information: From £55,000 + benefits package
Hours: Full time
Closing date: 19 March 2026
Location: Wakefield, West Yorkshire, WF2 0XG
Company: Card Factory
Job type: Permanent
Job reference: cardfac/TP/1417897/31085

Apply for this job

Summary

Job Introduction

Data Protection Officer – cardfactory

Salary from £55,000 + benefits package

Join us as the UK & Ireland Data Protection Officer and play a pivotal role in shaping and safeguarding the privacy framework across cardfactory, funkypigeon.com and Garlanna. In this influential position, you’ll act as a trusted, independent advisor—ensuring our organisation meets its obligations under UK GDPR, EU GDPR, PECR, ePrivacy and related legislation.

You’ll lead the way in embedding a strong culture of privacy by design, guiding stakeholders at all levels, and championing accountability across our UK and Ireland operations. As the primary contact for regulators, data subjects and internal teams, you’ll oversee compliance, identify and mitigate privacy risks, and ensure robust policies and controls are in place.

If you’re ready to make a significant impact by driving a proactive, risk-aware approach to data protection, we’d love to hear from you.

At cardfactory, we believe in smart working. That means you’ll spend around two days a week at our Wakefield support centre, with the flexibility to work from home the rest of the time.

What you’ll do:

  • Data Protection Strategy: Develop, implement and maintain a comprehensive Data Protection Strategy aligned to organisational goals and legislation. Own and update the Record of Processing Activities (ROPA).
  • Policies & Documentation: Maintain all data protection policies, procedures and documentation, including DPIAs, privacy notices, breach logs and SAR logs. Support development of the Information Security Management System.
  • Compliance Management: Lead audits and compliance activities to meet UK/EU GDPR, PECR and other regulatory requirements. Run the GDPR and data privacy steering committee.
  • Monitoring & Audit: Conduct ongoing assessments and internal audits to ensure adherence to data protection standards. Review contracts to ensure appropriate legal and technical safeguards.
  • Regulatory Liaison: Act as the primary contact for the ICO, DPC and other regulatory bodies, managing enquiries, investigations and reporting duties.
  • Incident & Breach Management: Lead breach assessments, investigations and reporting, ensuring effective mitigation, documentation and communication.
  • Training & Awareness: Design and deliver training initiatives, keeping colleagues informed on data protection requirements, risks and emerging trends.
  • Leadership: Advise senior leaders and business units on privacy risks and compliance. Provide leadership and mentoring to the team.
  • Supplier Risk Management: Oversee governance and risk assessments for third‑party suppliers to ensure compliance and security standards are met.
  • Collaboration & Consultancy: Act as the first point of contact for data privacy queries. Work cross‑functionally to ensure a consistent, business‑aligned approach to data protection.
  • Risk Management: Identify, assess and mitigate data privacy risks, ensuring clear reporting to the appropriate stakeholders.

What you’ll need:

  • Strong risk management capability and ability to deliver practical, commercially‑aware solutions.
  • Strong influencing skills (soft / hard / active listening etc.) – and the ability to blend and adapt them to the situation and intended audience.
  • Able to implement a holistic security program of strategy, policies, processes and technologies.
  • Being able to balance legislative requirements taking into consideration a commercial viewpoint
  • People management skills to direct and manage a small team of data privacy specialists.

Experience:

  • 5+ years’ experience in a DPO role, managing privacy operations complaints with the GDPR and PECR.
  • Experience leading, developing and managing teams.
  • Familiarity with Microsoft Purview, One Trust and other similar DSAR management and tooling.
  • Experience working in fast-paced and complex environments, working across multiple business units.
  • Experience with ISO 27001, ISO27701, ISAE 3000/3402 or other information security standards and frameworks.

About the Company

Card Factory is the UK’s leading specialist retailer of greetings cards, dressings, and gifts with over one thousand stores across the UK and Ireland.  In 2020 we launched our exciting 5-year business strategy including our vision of becoming a true Omni-channel retailer.  This strategy sees significant investment into our colleagues across the business creating multiple opportunities to join a fast-paced environment and be part of our exciting journey. 

In return, we offer a wide range of benefits to support your physical, mental, and financial wellbeing.

Benefits

  • Pension
  • 15% Card Factory colleague discount in-store and online
  • Save As You Earn scheme
  • Financial Wellbeing Support
    • Financial Education Tools
    • Salary Advance
  • Seasonal incentive schemes
  • Retail Management Apprenticeship Programmes with local providers with access to a virtual internal network for learning together
  • Discounted gym membership, mobile phone contracts, and car leasing
  • Discounts across 100’s of UK retailers
  • Employee Assistance Programme – access to tools to support mental, physical, and financial wellbeing
  • Enhanced Maternity, Paternity, and Adoption leave

This is an exciting role with genuine prospects for the right candidate. If this role describes you and your career aspirations, click apply now.

For any questions email: vacancies@cardfactory.co.uk (we do not accept CVs/Applications via email)

We reserve the right to close this vacancy once sufficient suitable applications have been received. We advise applying early to avoid disappointment as applications will be reviewed regularly.

No agencies, please.

undefinedundefined undefined

Sportswift Ltd T/A Card Factory

#VP25

Apply for this job