Data Protection Officer
Job Summary
Job description
Affidea UK and Fortius Clinic are looking for an experienced and highly motivated Data Protection Officer (DPO) to act as our organisations designated DPO under the UK GDPR and Data Protection Act 2018.
This is a key leadership role with independent oversight direct access to senior leadership and functional alignment with the Group Data Protection Officer. You will play a critical role in embedding a culture of data protection excellence across the organisation ensuring the consistent implementation of Affideas group data protection framework within the UK.
Job requirements
Key Responsibilities
Governance & Compliance
Act as the named DPO under UK GDPR and the Data Protection Act 2018
Develop maintain and continuously improve data protection policies frameworks and procedures
Monitor compliance including NHS Data Security and Protection (DSP) Toolkit requirements
Maintain and oversee the Record of Processing Activities (ROPA)
Lead and oversee Data Protection Impact Assessments (DPIAs)
Ensure implementation of data protection standards privacy notices retention frameworks and local controls
Maintain clear documentation and escalate significant risks to senior leadership and Group DPO
Regulatory Engagement
Serve as the primary contact for the Information Commissioners Office (ICO)
Manage regulatory audits investigations and enquiries
Track regulatory developments and provide expert guidance
Data Subject Rights & Incidents
Oversee responses to DSARs and other data subject rights requests
Lead data breach response including assessment and notification where required
Maintain and report on incident and breach logs
Third Parties & Contracts
Advise on data processing agreements data sharing agreements and international data transfers
Conduct due diligence on third-party processors
Provide data protection input into procurement contracts and technology implementation
Culture Training & Advisory
Deliver and oversee tailored data protection training across the organisation
Advise clinical operational and digital teams on data protection matters
Promote privacy by design and default
Support governance around AI use and emerging technologies
Participate in or chair Information Governance forums
About You
Qualifications
Recognised data protection qualification (e.g. CIPP/E BCS Certificate in Data Protection IAPP)
Full UK driving licence
Willingness to travel regularly across UK sites
Experience
Strong expertise in UK GDPR and Data Protection Act 2018
Experience engaging with the ICO
Hands-on experience managing:
DPIAs
ROPAs
DSARs
Data breaches
Experience working in a regulated environment (healthcare preferred)
Knowledge of NHS information governance standards (DSP Toolkit Data Security Standards)
Proven ability to influence senior stakeholders
Experience embedding privacy in digital IT or AI-driven projects
Skills & Competencies
Strong communication and stakeholder management skills
Ability to translate legal requirements into practical risk-based advice
High attention to detail with strong documentation capabilities
Proactive solutions-focused mindset
Solid understanding of IT systems and cybersecurity fundamentals
Proficiency in Microsoft 365 and digital tools
Why Join Us
Play a strategic high-impact role in a leading healthcare organisation
Work closely with senior leadership and contribute to organisational governance
Influence how data protection supports innovation including digital and AI initiatives
Be part of a collaborative environment committed to high standards of care and compliance
All done!
Your application has been successfully submitted!
Youve already applied for this job
We appreciate your interest in this position. Unfortunately you have already applied for this job.
Required Experience:
Unclear Seniority
About Company
Fortius Clinic is the largest Private Orthopaedic Treatment Centre in London, Specialising in orthopedic surgery, Sports Medicine & Sports injury.