Head of Data Protection

Salary: Up to 110000 depending on experience

Contract Type: Fixed term contract until Jan 2027

Work Life Balance: Hybrid 1 day per week at our Northampton office

Candidate Journey: Our goal is to reply to applications within 3 working days. Additionally we make sure to acknowledge evaluate and respond to all applications as a way of showing our appreciation for your time and effort in applying to us.

Interview Process:

1. Introductory call with a member of the recruitment team - 30 mins
2. Presentation and interview with hiring team - 1.5 hours

Are you ready to join an award-winning business that is reshaping the insurance landscape Our organisation has transformed the way customers interact with insurers establishing a benchmark for exceptional service. With our recent digital transformation we are eager to find passionate and motivated individuals to join us on our journey to success.

We firmly believe that attracting and developing talented professionals is essential for our ongoing growth and success. By investing in our team we create an environment where innovation thrives and opportunities abound.

Our aim is to innovate dominate and disrupt niche insurance on a global scale which means we are seeking innovators and individuals who embrace change with ease. Together we can drive change and make a significant impact in the industry.

The Role:

The Head of Data Protection is the organisations senior subject-matter expert on data protection responsible for ensuring the group complies with EU GDPR UK GDPR the Data Protection Act 2018 PECR and relevant international data transfer rules.

The role oversees data governance privacy risk management training incident handling and supports innovation in the role AI can play in enhancing regulatory compliance improving customer interactions and reducing cost to serve.

What will you do

Data Protection Leadership

• Serve as the organisations primary Data Protection Officer (DPO).
• Lead the data protection strategy and annual improvement plan in alignment with regulatory and business objectives.
• Act as the point of contact for the ICO data subjects underwriters and distribution partners

Governance & Compliance

• Maintain and continually improve the Data Protection Framework including policies procedures retention schedules and staff guidance.
• Ensure compliance with EU GDPR UK GDPR DPA 2018 PECR and ensuring AI technologies follow the guidance set out in the EU AI Act.
• Oversee Data Protection Impact Assessments (DPIAs) Legitimate Interest Assessments (LIAs) records of processing (RoPA) Transfer Risk Assessments (TRAs) and when required International Data Transfer Agreements (IDTAs) and standard contractual clauses (SCCs) for the EU activities.
• Lead annual privacy audits and compliance monitoring plans.

Risk Management

• Identify assess and mitigate privacy risks across operations marketing sales and partnerships with insurers and assistance companies.
• Maintain the privacy risk register and report regularly to senior management Risk Committee and Board.
• Advise on high-risk processing activities involving medical data customer profiling and fraud detection.

Incident & Breach Management

• Lead the incident response process for data breaches ensuring timely assessment containment documentation root-cause analysis and ICO notification where required.
• Train first-line teams to recognise and escalate incidents promptly

Training & Culture

• Deliver staff training awareness campaigns and role-specific guidance for sales call-centre teams marketing claims and underwriting liaison staff.
• Champion a culture of privacy-by-design and ethical data use.
• Review and approve the annual mandatory learning pathways across the group

Commercial & Partnership Support

• Review and negotiate data protection clauses in brokerinsurer agreements TPAs distribution partnerships and vendor contracts.
• Oversee data minimisation and secure data-sharing processes with insurers MGAs claims handlers and travel partners.
• Support product development digital tools AI/automation initiatives and customer journeys to ensure compliance from inception.

Monitoring Technologies & AI Compliance

• Oversee privacy compliance in marketing technologies cookies analytics and tracking tools.
• Ensure governance for AI use within underwriting support claims triage fraud screening and customer service bots (aligned to ICO expectations and EU AI Act if relevant for EU customers).

Essentials:

• Expert knowledge of UK GDPR DPA 2018 PECR and ICO regulatory guidance.
• Significant experience in data protection roles.
• Understanding of medical data processing special category data handling and claims processes.
• Strong contract and vendor management knowledge relating to data protection clauses.
• Demonstrated ability to design and implement privacy governance frameworks.
• Excellent stakeholder engagement skills at senior and operational levels

Bonus skills you may pack in your suitcase:

• Experience with the travel insurance market underwriting chains and emergency assistance providers.
• Knowledge of international data transfer and cross-border operations (e.g. global travel assistance overseas claims).
• CIPP/E CIPM BCS DP Practitioner Certificate or similar qualifications.
• Experience supporting AI or digital innovation environments
• Knowledge of the AU AI Act

Were assembling a diverse team where skills not checkboxes reign supreme regardless of race religion sex sexual orientation gender identity or disability.

Staysure Group welcomes all new starters with open arms providing training development opportunities and great benefits.