Data Protection Officer

Were Capital on Tap
Capital on Tap started because small businesses were underserved. Big banks were slow their products werent fit for purpose and small business owners often couldnt access what they needed. We set out to fix that.

Today were a financial platform - not just a credit card company. We offer a best-in-class business credit card SME-focused spend management platform a savings product that hit 1 billion in funds within its first year and a growing suite of tools and financial products that make running a small business easier.

1000 employees 20bn in annual card spend 200000 customers 17000 Trustpilot reviews averaging 4.7 stars and were profitable. Weve done a pretty good job so far but were just getting started!

Were Capital on Tap

Capital on Tap was founded with the mission to help small business owners and make their lives easier. Today we provide an all-in-one business credit card & spend management platform that helps business owners save time and money. Capital on Tap proudly serves over 200000 businesses across the world and our goal is to help 1 million small businesses by 2030.

Why Join Us
We empower you to be innovative and solve complex problems. Take ownership make an impact and thrive in our scaling and agile environment.

This is a Hybrid role based in Cardiff requiring a minimum of 3 days in the office per week.

The Data Protection Team at Capital on Tap

The Data Protection team plays a crucial role in enabling Capital on Taps commercial objectives while ensuring full compliance with global data protection regulations. As our Data Protection Officer youll lead a team that includes Data Protection Analysts and Administrators working at the intersection of technology compliance and business enablement.

The Role

We are looking for an exceptional Data Protection Officer to join our FinTech in London. This is a strategic leadership role for someone who thrives on using cutting-edge technology and AI to transform data protection from a compliance function into a business enabler. Youll protect the company by finding innovative ways to achieve commercial goals while maintaining the highest standards of data protection compliance.

The ideal candidate will have deep expertise in UK data protection regulation strong technical fluency and take a pragmatic problem-solving and a risk based approach that acts with urgency - because data protection processes must enable the business but never slow it down.

What youll be doing

• Strategic Leadership: Serve as the primary data protection authority (act as the designated DPO under Article 37 of the UK GDPR and UK data protection law) providing strategic guidance to senior leadership on privacy risks and opportunities across all business functions.
• Business Enablement: Work closely with Product Engineering Marketing and Commercial teams to find compliant pathways for new initiatives ensuring data protection accelerates rather than hinders business goals
• Technology & Automation: Lead the implementation of state-of-the-art AI technologies and automation tools to streamline data protection activities from DPIA automation to intelligent data discovery and rights fulfillment
• Regulatory Compliance: Ensure full compliance with UK GDPR DPA 2018 PECR Data Use and Access Act (DUAA) CCPA/CPRA and emerging regulations while staying ahead of regulatory developments and their business implications
• Risk Management: Conduct and oversee Data Protection Impact Assessments (DPIAs) manage data breach responses and implement privacy-by-design principles across all technology platforms
• Monitoring: Monitor and assess data processing activities to ensure ongoing compliance. Assessing the lawful basis for processing activities and ensuring appropriate documentation is in place. Maintain and regularly review the organisations Record of Processing Activities (ROPA) to ensure completeness and accuracy.
• Stakeholder Management: Act as the primary contact point for regulators (ICO) work closely with internal and external legal counsel and represent the company in privacy-related matters
• Team Development: Build and lead a high-performing data protection team fostering a culture of innovation urgency and business partnership
• International Expansion: Support the companys US operations and international growth by navigating complex cross-border data transfer requirements and multi-jurisdictional compliance
• Vendor Management: Lead privacy due diligence for third-party vendors and partnerships ensuring contractual protections align with business risk appetite
• Training & Culture: Drive privacy awareness across the organisation through targeted training programs and embed privacy considerations into business-as-usual processes

Were looking for

Essential Requirements:

• Deep Regulatory Expertise: Comprehensive knowledge and hands-on experience with UK data protection regulations (GDPR DPA 2018 PECR DUAA) with the ability to interpret complex requirements and provide pragmatic business guidance
• FinTech/Tech Background: Proven experience in financial services or technology companies understanding the unique privacy challenges of regulated financial products (including an understanding of consumer duty and vulnerability) and high-growth tech environments.
• Technical Fluency: Strong technical acumen with experience using data protection tools privacy management platforms and automation technologies to streamline compliance processes
• AI & Innovation: Experience with or strong willingness to adopt cutting-edge AI technologies for privacy operations from automated risk assessments to intelligent data processing
• Problem-Solving Mindset: Pragmatic approach to complex privacy challenges with a track record of finding creative solutions that balance compliance requirements with customer outcomes and business objectives
• Urgency & Business Focus: Demonstrated ability to work at pace in fast-moving environments with a philosophy that compliance should enable rather than block business progress
• Leadership Experience: Proven ability to lead cross-functional initiatives influence senior stakeholders and build high-performing teams
• Strategic Thinking: Experience translating regulatory requirements into business strategy with the ability to anticipate future privacy challenges and opportunities

Desirable:

• Professional Qualifications: A recognised data protection qualification such as IAPPs CIPP/E CIPM CIPT C-DPO or a BCS Practitioners certificate in Data Protection.
• US Privacy Expertise: Knowledge of CCPA/CPRA state-level US privacy laws and experience managing multi-jurisdictional compliance programs
• Professional Qualifications: AIGP - A certified AI Governance Professional would be highly desirable.
• Regulatory Relationships: Existing relationships with privacy regulators or experience managing regulatory inquiries
• International Experience: Experience with international data transfers adequacy decisions and global privacy frameworks
• Experience: Minimum of 2 years experience acting in a DPO capacity within a financial services or technology organisation.

Diversity & Inclusion
We welcome consider and encourage applications from anyone who shares our commitment to inclusivity. Join us in creating a space where authenticity thrives and everyone can do their best work.

Great Work Deserves Great Perks
We try not to take ourselves too seriously (all the time) so we make sure our office is decked out with a pool table arcade machine beer tap and a couple of office dogs thrown in for good measure. Check out our benefits:

Private Healthcare including dental and opticians services through Vitality
Worldwide travel insurance through Vitality
Anniversary Rewards (-week fully paid sabbatical)
Salary Sacrifice Pension Scheme up to 7% match
28 days holiday (plus bank holidays)
Annual Learning and Wellbeing Budget
Enhanced Parental Leave
Cycle to Work Scheme
Season Ticket Loan
6 free therapy sessions per year
Dog Friendly Offices
Free drinks and snacks in our offices

Check out more of our benefits values and mission here.

Interview Process
First stage: 30 minute intro and values call with Talent Partner (Video call)
Second stage: 60 minute technical interview with senior stakeholders (Video Call)
Final stage: 60 minute leadership and strategic thinking interview with executive team (In Person)

Other Useful Info
Check out our Top Tips for interviewing.
Keep updated on new job opportunities by following us on Linkedin.
Email if you have any questions.

Excited to work here Apply!
If youd like to lead data protection innovation at one of Europes fastest-growing FinTechs then click apply and we will aim to get back to you within 3 working days.

Other Info
Check out ourTop Tips for interviewing.
Keep updated on new job opportunities by following us on Linkedin.
Email if you have any questions.

Excited to work here Apply!
If youd like to progress your career within our fast growing profitable fintech then click apply and we will aim to get back to you within 3 working days (during busy periods this could take up to 5 working days.)