Data Protection Officer

JobsCloseBy Editorial Insights

Fortius Clinic and Affidea UK seek an experienced Data Protection Officer to provide independent UK GDPR and Data Protection Act 2018 oversight, with direct access to senior leadership and a mandate to embed data protection across the UK healthcare footprint. You will govern policies, maintain ROPAs, lead DPIAs, manage DSARs and breach response, oversee data sharing and international transfers, and promote privacy by design in IT and AI projects while aligning with NHS DSP Toolkit and ICO guidance. The ideal candidate holds a recognised DPO qualification, a full UK driving licence, and is willing to travel. To apply, tailor your CV to demonstrate hands-on DPIAs, ROPAs, DSARs, breach management, and evidence of influencing senior stakeholders, regulatory experience, and training delivery; emphasise healthcare familiarity and clear communication.

Affidea UK and Fortius Clinic are looking for an experienced and highly motivated Data Protection Officer (DPO) to act as our organisation’s designated DPO under the UK GDPR and Data Protection Act 2018.

This is a key leadership role with independent oversight, direct access to senior leadership, and functional alignment with the Group Data Protection Officer. You will play a critical role in embedding a culture of data protection excellence across the organisation, ensuring the consistent implementation of Affidea’s group data protection framework within the UK.

Requirements

Key Responsibilities

Governance & Compliance

• Act as the named DPO under UK GDPR and the Data Protection Act 2018

• Develop, maintain, and continuously improve data protection policies, frameworks, and procedures

• Monitor compliance, including NHS Data Security and Protection (DSP) Toolkit requirements

• Maintain and oversee the Record of Processing Activities (ROPA)

• Lead and oversee Data Protection Impact Assessments (DPIAs)

• Ensure implementation of data protection standards, privacy notices, retention frameworks, and local controls

• Maintain clear documentation and escalate significant risks to senior leadership and Group DPO

Regulatory Engagement

• Serve as the primary contact for the Information Commissioner’s Office (ICO)

• Manage regulatory audits, investigations, and enquiries

• Track regulatory developments and provide expert guidance

Data Subject Rights & Incidents

• Oversee responses to DSARs and other data subject rights requests

• Lead data breach response, including assessment and notification where required

• Maintain and report on incident and breach logs

Third Parties & Contracts

• Advise on data processing agreements, data sharing agreements, and international data transfers

• Conduct due diligence on third-party processors

• Provide data protection input into procurement, contracts, and technology implementation

Culture, Training & Advisory

• Deliver and oversee tailored data protection training across the organisation

• Advise clinical, operational, and digital teams on data protection matters

• Promote privacy by design and default

• Support governance around AI use and emerging technologies

• Participate in or chair Information Governance forums

About You

Qualifications

• Recognised data protection qualification (e.g. CIPP/E, BCS Certificate in Data Protection, IAPP)

• Full UK driving licence

• Willingness to travel regularly across UK sites

Experience

• Strong expertise in UK GDPR and Data Protection Act 2018

• Experience engaging with the ICO

• Hands-on experience managing:

  • DPIAs

  • ROPAs

  • DSARs

  • Data breaches

• Experience working in a regulated environment (healthcare preferred)

• Knowledge of NHS information governance standards (DSP Toolkit, Data Security Standards)

• Proven ability to influence senior stakeholders

• Experience embedding privacy in digital, IT, or AI-driven projects

Skills & Competencies

• Strong communication and stakeholder management skills

• Ability to translate legal requirements into practical, risk-based advice

• High attention to detail with strong documentation capabilities

• Proactive, solutions-focused mindset

• Solid understanding of IT systems and cybersecurity fundamentals

• Proficiency in Microsoft 365 and digital tools

Why Join Us?

• Play a strategic, high-impact role in a leading healthcare organisation

• Work closely with senior leadership and contribute to organisational governance

• Influence how data protection supports innovation, including digital and AI initiatives

• Be part of a collaborative environment committed to high standards of care and compliance