Data Privacy Officer

Package

• Competitive Salary
• Based in Liverpool Head Office

Employee Benefits

• Full-time colleagues receive 28 days of annual leave (inclusive of bank holidays), increasing to 33 days after 5 years of service. Annual leave is pro-rated for part-time or alternative working arrangements.
• Discounted onsite gym 
• Contributable company pension scheme
• 10% store discount at all our retail stores
• Death in Service Benefit
• Long service recognition scheme
• MyHB colleague benefits platform with access to:
  • Discounts UK wide on retail, leisure, hospitality venues 
  • Employee Assistance Programme with 24/7 confidential counselling and advice line 
  • Completely confidential services to you.
  • Low-cost voluntary insured health cash plans and cancer cover 

Job Introduction

We are looking for a Data Privacy Officer to join our newly established Privacy and Information Governance team based at our Liverpool Head Office. Supporting data protection, privacy and information governance across our back-office, distribution and retail operations, this role is central to strengthening compliance and building customer and colleague trust.

You will work cross-functionally with stakeholders at all levels of the business to embed a comprehensive data protection compliance programme, balancing operational and commercial priorities with regulatory requirements to support continued growth.

Job Overview

• Provide day-to-day privacy and data protection advice and support across multiple business functions to help drive the organisation’s data protection compliance programme.
• Support the review and updating of Records of Processing Activities (RoPAs) and Data Protection Impact Assessments (DPIAs) in line with technological and operational change.
• Advise on lawful bases for processing, profiling activities and customer analytics, ensuring compliance with PECR requirements relating to email marketing, cookies and tracking technologies.
• Review and advise on third-party data sharing and processing agreements.
• Manage and coordinate responses to data subject requests, ensuring statutory deadlines and legal accuracy are maintained, and support complaint handling and engagement with the Information Commissioner’s Office where required.
• Assist with the investigation, containment and reporting of suspected data breaches, including maintaining breach logs and supporting risk assessments and remediation actions.
• Provide guidance on the use of CCTV and emerging technologies such as facial recognition within retail environments, including appropriate retention periods.
• Advise on employee data processing, including subject access requests, monitoring, absence data and special category or criminal offence data.
• Review, develop and advise on privacy notices, policies, procedures and colleague training to promote a culture of accountability and privacy by design.
• Maintain compliance trackers and registers, produce regular reports for senior management and monitor legislative and regulatory developments.

Minimum Criteria To Apply

• A recognised data protection qualification (such as IAPP CIPP/E, BCS or PDP Data Protection Practitioner), or working towards one, with practical knowledge of GDPR, the Data Protection Act 2018 and PECR.
• Experience of involvement with organisational change and transformation.
• Degree-level education or equivalent professional experience desirable.
• Experience within retail or e-commerce environments desirable.
• Experience responding to data subject requests, managing statutory deadlines and supporting suspected data breaches or incident management.
• Experience completing or reviewing Data Protection Impact Assessments (DPIAs) and drafting privacy notices, policies and procedures.
• Strong written and verbal communication skills with the ability to engage confidently with stakeholders at all levels.
• Excellent organisational skills with the ability to manage multiple workstreams and competing priorities in a fast-paced environment.
• High attention to detail, commercial awareness and a pragmatic approach to problem solving.
• Integrity, discretion and a clear understanding of confidentiality requirements.
• Proficiency in Microsoft Word, Excel, PowerPoint and Microsoft Teams.
• Experience delivering training or awareness sessions.