Deputy Data Protection Officer NEW

City, Leeds
Pharmacy2U
Role: Deputy Data Protection Officer

Location: Leeds, LS15 / Perivale, UB6 OR Bardon, LE67 (Hybrid requirements; Once per week at your closest site & Attendance at a monthly team meeting at one of these sites. Travel expenses are covered when meetings are held away from your usual base)

Salary: £50,000 – £60,000 per annum DOE, plus extensive benefits

Contract type: Permanent

Employment type: Full time

Working hours: 37.5 hours per week, Monday to Friday

Do you want to work for the nation’s largest online pharmacy ensuring excellence for all our patients? We’re a market leader in the pharmacy world, with 25 years’ experience, helping over 1.4 million patients in England manage their NHS prescriptions from request through to delivery. We are Great Place to Work certified as we consider colleague experience a top priority every day. Our people are fundamental to our success and ensuring we achieve our vision to be a world leading, patient-centric digital healthcare provider. We are committed to continuing to develop a positive, open and honest working environment for all.

As Deputy Data Protection Officer (DDPO) you will be the DPO’s right hand, championing privacy by design across a fast-growing organisation of more than 1,000 colleagues.

This is an opportunity to shape novel initiatives in AI-enhanced dispensing, personalised health services and advanced analytics within a culture that values creativity and continuous improvement.

What’s in it for you?

Occupational sick pay

Enhanced maternity and paternity pay

Contributory pension

Discounted insurance (Aviva)

Employee discount site

Discounted gyms (via our blue light card and benefits schemes)

Employee assistance programme

In-house mental health support

Free onsite parking

Health and wellbeing initiatives

Social events throughout the year

Cycle to work scheme

Green car scheme (subject to minimum earnings)

Registration fees paid (GPhC, NMC, CIPD etc)

Long service bonus

Refer a friend bonus

Blue light card

Hybrid working

Commitment to CPD/training

25 days annual leave increasing with service

Annual leave buy and sell scheme

Discounts & Exclusive offers at The Springs, Leeds

25% Discount & health & beauty purchases

25% Discount on Pharmacy2U Private Online Doctor Services

What you’ll be doing?

Offer timely, clear and balanced privacy advice across the group, aligning regulatory duties with commercial goals

Lead DPIAs, Legitimate Interest Assessments and other risk assessments, maintaining robust records of processing activities

Manage data-subject rights workflows, acting as escalation point for complex cases

Draft privacy responses within bids, tenders and due-diligence questionnaires

Oversee international data transfers and ensure contracts include appropriate safeguards and standard clauses

Support and, when required, lead incident response: investigation, containment, mitigation and regulatory or data-subject notifications

Develop, maintain and continually improve the privacy management programme (policy framework, training, monitoring and audit)

Horizon-scan for legal, regulatory and technological developments, advising stakeholders on readiness and implementation

Work closely with Information Asset Owners and risk owners, embedding accountability for personal-data processing throughout the organisation

Prepare reports, presentations and dashboards for governance committees, the Executive team and (when needed) external regulators

Coach and mentor other information-governance staff, fostering a collaborative learning environment

Who are we looking for?

Degree (or equivalent) in law, information management, computer science or related discipline or Undergraduate with relevant working experience

Recognised privacy certification (e.g. CIPP/E, CIPM, BCS Practitioner Certificate)

Up-to-date knowledge of UK GDPR, DPA 2018, PECR and relevant ICO guidance

Extensive data-protection or privacy experience, preferably in a regulated or health-tech environment

Demonstrable experience leading DPIAs and privacy-by-design initiatives on transformative projects

Hands-on involvement in incident management, regulatory engagement and stakeholder training

Exposure to contract reviews, international data-transfer mechanisms and vendor-risk management

Knowledge of AI/ML governance and emerging EU data-governance frameworks

Familiarity with NHS DSP Toolkit, PECR and health-marketing regulation

What happens next?

Please click apply and if we think you are a good match, we will be in touch to arrange an interview.

Applicants must prove they have the right to live in the UK.

All successful applicants will be required to undergo a DBS check.

Unsolicited agency applications will be treated as a gift.