Group Data Protection Officer

We are seeking a highly skilled and experienced Group Data Protection Officer (GDPO) to oversee and implement our organization’s data protection strategy, ensuring compliance with data protection regulations, including the UK GDPR, EU GDPR (where applicable), and the UK Data Protection Act 2018.

You will be a senior leader responsible for ensuring data privacy is embedded in the organization's culture, policies, and processes, safeguarding personal data in line with industry best practices. Working closely with senior leaders, legal teams, technology teams, and external regulators, the GDPO will provide expert advice and oversight for all matters related to data protection and privacy.

Key Responsibilities

• Lead the development and implementation of the Group-wide Data Protection Framework and Strategy, ensuring compliance with UK GDPR, EU GDPR, and other relevant data privacy laws.

• Provide expert guidance to senior management and the board on data protection risks, compliance obligations, and continuous improvement initiatives.

• Champion a strong data protection culture across the organization, acting as the principal advocate for privacy and information security.

• Oversee compliance and governance, ensuring all data processing activities are properly documented and legally compliant.

• Maintain and update key governance materials, including ROPAs, privacy notices, retention schedules, and policies.

• Advise business units and project teams on data protection implications of new initiatives, data sharing, and technology deployments.

• Act as primary liaison with regulators, including the UK ICO, handling audits, consultations, and data breach notifications.

• Lead responses to data subject requests such as SARs and right to erasure, ensuring appropriate handling of personal data breaches.

• Deliver training and awareness programmes to build employee understanding of privacy risks and regulatory compliance requirements.

• Oversee third-party and vendor compliance, including data protection clauses, DPIAs, and ongoing risk monitoring.

About you

• A degree in Law, Information Security, Compliance, or a related field (or equivalent experience)

• Professional certifications such as CIPP/E, CIPM, CIPT, or equivalent are highly desirable

• Strong experience in data protection, privacy, or a similar compliance/governance role, ideally in a regulated environment (e.g., financial services, legal, or technology)

• Deep understanding of the UK GDPR, EU GDPR, and other relevant privacy laws across the European Union and the UK

• Proven track record in managing regulatory relationships, data breach incidents, and compliance audits or assessments

• Expertise in data protection laws, principles, and operations, with the ability to translate legal requirements into practical business processes

• Strong leadership and stakeholder engagement skills, with the ability to influence decisions at senior management and board levels

• Excellent communication, interpersonal, and negotiation skills

• Proficiency in managing data protection tools and conducting audits, assessments, and remediation plans

• Risk management mindset with strong analytical and problem-solving capabilities

About Arrow Global Group

Great talent comes in many forms, and we’re committed to building a diverse and inclusive team. Whilst a number of our roles do require specific qualifications and experience, and industry knowledge, we also value potential, unique perspectives, and transferable skills. If you’re excited about this opportunity but don’t meet every requirement, we’d still love to hear from you. 

 We occasionally collaborate with recruitment agencies to fill niche or specialist roles. However, we do not accept agency terms or pay fees for speculative CVs submitted directly to our hiring managers or outside our Applicant Tracking System.

If you are a recruitment agency interested in partnering with us for candidate supply, please reach out to recruitment@arrowglobal.net