Back to vacancies




£70K - £75K + Benefits + Bonus


Ref: 4018D

Our Client, a national Law Firm, is recruiting a Data Protection Manager to provide support towards compliance with our certifications and accreditations, including ISO27001 and Cyber Essentials Plus, as well as clients' requirements around data protection and will collaborate closely with the Information Security Manager to ensure that data protection compliance is considered alongside cyber/information security.  Duties include; 

  • Ensuring that risks around data protection compliance are properly identified and appropriately managed to ensure compliance with our regulatory obligations and those of our clients
  • Ensuring that data protection policies, controls and procedures are appropriately aligned with the business, ISO management standard and other certifications as well as client requirements.  
  •  Engage with the Data & Architecture team, Information Security Manager, system owners and business users to ensure that data protection obligations are defined and documented into effective and consistent processes, including ongoing maintenance of ROPAs and Information Asset Register
  • In conjunction with the Data & Architecture team and the Information Security Manager, effectively manage data protection impact assessments (DPIA) for new processes or suppliers
  •  Analysing risks, trends and developments associated with data protection, providing advice and guidance to the users and the business, and providing reports and metrics to the Exec 
  • Providing expert guidance in raising awareness and in developing our data protection training to increase the risk awareness within our firm and ensuring that our policies, controls and processes are embedded
  • Supporting the internal and external audit programme to ensure that the remediation actions required are completed within a timely and effective manner 
  •  Ensuring that the impact of client requirements regarding data protection are properly assessed and supporting the business to provide the appropriate responses to client requests, such as tender/assurance questionnaires 
  • Appropriately assessing the data protection risks associated with high risk suppliers and third parties to ensure compliance with our regulatory obligations, certifications/accreditations and our client requirements 
  • Collaborating with other stakeholders across the business to identify areas of risk and gaps in compliance with information governance standards·   
  • Considering data sharing frameworks and supporting with data sharing agreements with third parties
  •  Providing expert guidance to the Risk & Compliance team in their incident and breach management of data protection issues, including data subject access requests and the rights of data subjects in accordance with legislative requirements including escalation, mitigation, reporting and lessons learnt 

You should have a good understanding of current and future legislative requirements of data protection including the Data Protection Act, GDPR and Digital Information Bill with several years previous DP experience ideally gained from a law firm or other professional services (accountancy, surveyors etc) environment.

NB the firm has offices nationally within England and the role can be based at any of these or else be fully home based in England or Wales but with a monthly in person team meeting at one of the offices (sorry -  not Scotland or NI unfortunately, due to travelling cost & time).


So, if that sounds like you, then please send your details to our MD, David Symes FCA, at (including home address or post code & a contact no) however please note we cannot reply to all applications so only successful applications will be contacted (although under no circumstances are your details ever passed on without your specific permission).



Apply Here



Compliance Recruitment Solutions Limited (CRS) are acting as an employment agency in relation to this role.

The recruiter has stated that all applicants for this job should be able to prove that they are legally entitled to work in the UK. Through application, all candidates signify their acceptance of the above information and confirm that the information they provide is true and accurate to the best of their knowledge.