Senior TOC Data Protection Officer

Senior TOC Data Protection Officer

This role is part of the DFTO Group, overseeing data protection compliance across all TOCs.

Primary Purpose of the Job

Oversee and monitor data protection compliance across all TOCs within the DFTO Group. Act as the senior authority on data privacy across TOCs, aligning policies and practices, managing a team of TOC Data Protection Officers and embedding best practice to drive consistent compliance with UK GDPR, the Data Protection Act 2018 and other legislative and regulatory requirements. Contribute to DFTO’s overall data protection strategy and act as the statutory DPO for selected TOCs.

Key Responsibilities

• Lead and line manage TOC Data Protection Officers, providing guidance, coaching and performance oversight to build a high performing team that drives compliance across the Group.
• Act as the statutory Data Protection Officer for selected TOCs, delivering on all minimum tasks defined in the Data Protection Act 2018 (as may be updated from time to time), reporting into relevant TOC Boards and acting as the designated contact for the ICO for relevant TOC(s).
• Manage complex Data Subject Access Requests (DSARs), rectifications, erasures, objections and other rights‑based requests, ensuring they are processed efficiently, in line with internal policies and statutory deadlines, and in a manner that does not compromise the DPO’s independence.
• Provide independent advice on the completion of DPIAs, including assessment of privacy risks and mitigations and compliance with the principles of data protection by design.
• Provide independent oversight and advice in relation to personal data breaches for assigned TOCs.
• Align data protection policies, templates, and processes across all Group TOCs, working closely with TOC DPOs to drive consistency and standardisation of approach as well as high quality.
• Drive a continuous improvement culture amongst TOC data protection professionals, collating, sharing and embedding best practice across TOCs, reviewing lessons learned and implementing improvements to strengthen compliance culture.
• Establish and develop relationships with senior leadership groups across assigned TOCs, advising on data protection principles, risks, and mitigations and processes that should be put in place to reduce the risk of breaches.
• Oversee and direct delivery of training and awareness programmes across all TOCs, embedding a culture of compliance and delivering materials that enable staff to understand their data protection responsibilities.
• Provide expert support and advice on data protection issues to assigned TOC(s), acting as a key point of contact for employees needing guidance on regulations and best practices.
• Work closely with TOC DPOs to monitor data protection compliance across all TOCs, conducting audits and assessments to identify risks and improvement opportunities and challenge non‑compliant processes.
• Report compliance performance, risks, and trends across all DFTO TOCs to the Head of Data Protection, providing clear insights and recommendations for strategic decision‑making.

Knowledge, Skills, Experience & Technical Qualifications

• Demonstrable practical knowledge of data protection with experience of taking a lead role in a data protection and information governance environment.
• In‑depth knowledge of UK GDPR, DPA 2018, PECR and ICO guidance, with a strong focus on practical application in complex organisations.
• Degree level education or equivalent experience in law, data protection, information governance or a related discipline.
• Strong track record in developing and implementing data protection frameworks across multiple business units.
• Expertise in managing complex and high‑risk DSARs, DPIAs, and data breach responses.
• Excellent leadership and stakeholder engagement skills, with ability to influence at senior levels.
• Demonstrable ability to interpret and communicate legal requirements in plain language to operational teams.
• Strong analytical and problem‑solving skills – able to identify risks and propose proportionate solutions.
• Ability to work collaboratively across legal, IT, security, and operational teams to align privacy objectives.
• Commitment to continual learning and ethical standards, safeguarding confidentiality at all times.
• Desirable: Experience of line managing a team.
• Desirable: Holds a recognised data protection certification (e.g., CIPP/E or BCS Practitioner).

Vacancy Details

• Duration: Fixed Term contract/secondment to October 2027
• Reports to: Group Head of Data Protection
• Location: London Waterloo
• Salary: Up to £67,067
• Closing date: 26th April 2026

Benefits

• Annual Leave: Starting at 25 days and rising to an additional day per year of service completed within the first 5 years up to a maximum of 5 additional days (30 days).
• DC Pension Scheme: 10% Employer contribution, 5% Employee contribution.
• Opportunities to learn and network across the wider industry.

Contact

If you have any questions or reasonable adjustments, please contact amra.hurley@dftoperator.co.uk.

Please do not email any CVs to us; your application must be made by clicking the ‘Apply’ button.

Disclaimer: Candidates applying for this position on a secondment basis must inform their line manager prior to submitting their application to ensure transparency and facilitate any necessary discussions regarding workload and responsibilities.

#J-18808-Ljbffr…