Data Protection Officer & Lead Privacy Lawyer

Data Protection Officer & Lead Privacy Lawyer


Nottingham, United Kingdom

Experian have an exciting new career opportunity for an experienced Data Protection Officer & Lead Privacy Lawyer to lead the Privacy Centre of Excellence in UK Legal; acting as strategic legal advisor to senior management and our business on data protection. The new incumbent will fulfil the statutory role of data protection officer for Experian Limited and associated UK group companies

Key responsibilities include:

Providing Strategic Legal Advice

  • To lead the legal thinking that informs Experian's strategy for managing privacy by design while achieving its ambition to be cutting edge in the use of data to enable opportunities.
  • To provide strategic legal advice and insight on data protection obligations that shapes how Experian ensures it complies in its management of data and analytics.
  • To lead with legal and compliance colleagues to find ways to empower the first line of defence to get compliant products into client's hands at pace

Providing Strategic Legislative & Regulator Insight

  • To monitor and anticipate the regulatory directions and actions of the Information Commissioner's Office (ICO) and other regulators (to the extent relevant to privacy matters) & relevant legislatures and to look for trends & corrective steps and drive changes to strategy, products and data processing to respond - considering the wider implications for Experian.
  • Acting as a thought leader on privacy matters and being visible as such internally, and also demonstrate Experian's leadership in this area to clients & external professional privacy forums; to be an enabler for colleagues in our Government Affairs and PR teams

Privacy Centre of Excellence & DPO

  • To establish and maintain the Privacy Centre of Excellence, critically leading the Legal team elements and ensuring smooth liaison and collaboration with the Compliance team.
  • Fulfilling the role of Data Protection Officer through the support of the Compliance team, Global Internal Audit team and other functions within Experian to advise on and monitor compliance with the GDPR and the UK's data protection legislative and regulatory environment.
  • To advise on and support Experian's policies relating to data protection including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits.

DPO and legal-related activities

  • To provide innovative and prudent advice about data protection impact assessments (and the monitoring of their performance) and legitimate interest assessments across all business units of Experian.
  • To manage relationships with external privacy law firms and where necessary for strategic or specialist knowledge reasons, to obtain external legal advice (through a competitive fee challenge approach where appropriate)

Additional key responsibilities include:


  • To cooperate with the ICO and act as the contact point for ICO on issues relating to data processing or data breaches (as needed), including any prior consultation referred to in Article 36 GDPR and to consult, where appropriate, about any other matter related to data protection.
  • To manage a positive relationship between Experian and the ICO and work with senior management on those interactions.
  • Meet legal team's minimum standards including as to: maintaining and keeping updated files in the legal team's case management system; time recording; contributing to and updating the legal team's knowledge sharing tools; play an active part in legal team meetings and in the Experian legal & DPO communities; instructing of external lawyers.
  • To identify ways to streamline the delivery of advice, knowledge and insight through the use of IT, automation or other options.

Leadership & Management

  • Provide leadership, management and direction in relation to all areas of data protection; lead and motivate lawyers in the Privacy Centre of Excellence, and within the wider legal and compliance teams, on data protection & privacy matters; to meet Experian's leader expectations.
  • Lead Elevate Performance ensuring that all team members have stretching goals, development plans and regular performance reviews to embed a high performance culture.
  • Drive employee engagement and openly encourage two way communication flows.

Customer Centricity

  • Champion a culture that achieves the business goals, delights customers and keeps consumer advocacy at the heart of everything that Experian does.
  • Ensure that good outcomes for data subjects are at the centre of decision making; promote the development of relationships with data subjects.

Governance & Control

  • Work with leadership team to regularly and pro-actively identify business risks and issues and ensure appropriate steps to mitigate risks are in place and timely remediation of issues.
  • Delegated authority for day to day operational decisions to ensure achievement and management of KPI’s.
  • Ensure fit-for-purpose risk management processes, practices and associated accountabilities and that these are embedded through training and communication.
  • Ensure that the Privacy Centre of Excellence advised in light of Experian's conduct risk strategy and risk appetites, helps keeps the strategy and appetites under regular review, maintains appropriate information security, resilience, business continuity and disaster recovery arrangements within the framework set for the Legal team and operates within Experian UK’s policies in relation to information security, financial crime, outsourcing, complaints, vulnerable consumers, product development and other key areas of regulatory risk.
  • Ensure clearly documented fit- for-purpose operational processes.


  • Fulfil the functions required of a Data Protection Officer; lead by example and drive adherence to all regulatory requirements and apply appropriate controls in the interests of data subjects; deal with the ICO and with other regulators in an open and cooperative way and disclose appropriately any information.

The successful candidate will meet the following requirements:

  • Demonstrated, technical knowledge and expertise of data protection law and practices (ideally certified by the International Association of Privacy Professionals as "CIPP/E" or "CDPO") and applying them to innovative uses of data, ideally have experience acting as a data protection officer or their deputy; some experience of monitoring compliance with regulatory requirements and engaging with regulators.
  • Extensive experience of operational application of privacy law and advising on privacy law (such as handling data breaches, preparing or advising on data protection impact assessments/legitimate interest assessments).
  • Experience of working in a business regulated by the Financial Conduct Authority (FCA) highly desirable; must demonstrate a commitment to the use of IT and automated systems to assist in the delivery of legal services, and an understanding of the importance of knowledge management.

Essential requirements:

  • Qualification as a solicitor or barrister (in England & Wales, Northern Ireland or Scotland), qualified as a lawyer in a member state of the European Union or qualified as a lawyer in another common-law jurisdiction with a strong data protection regime.
  • 7-10 years post-qualification experience.

Apply Now

Don't forget to mention EuroLegalJobs when applying.

Share this Job

© EuroJobsites 2021

EuroJobsites is a registered company number: 4694396 VAT number: GB 880 9055 04

Registered address: EuroJobsites Ltd, Unit 8, Kingsmill Business Park, Kingston Upon Thames, London, KT1 3GZ, United Kingdom

Newsletter | Recruit | Advertise | Privacy | Contact Us

© EuroJobsites 2021

EuroJobsites is a registered company number: 4694396 VAT number: GB 880 9055 04

Registered address: EuroJobsites Ltd, Unit 8, Kingsmill Business Park, Kingston Upon Thames, London, KT1 3GZ, United Kingdom

This website uses cookies to make your experience better. Continued use of this website means you accept our cookie policy.  Accept Cookies