Deputy Data Protection Officer

• The Data Protection Officer sits within GRAFT (Finance) and provides Data Privacy advice to all areas of DCMS including ALBs, relating to new and non day to day activities.
• Within Ddat the Office of Data Protection( ODPT) resides, the ODPT provides day to day advice on Data Privacy to DCMS, Data Privacy complex matters are sent from the ODPT to the DPO for review and comments.
• New projects which are not day to day activities are reviewed for Data Privacy requirements by the DPO.
• The role of the Deputy DPO will enable a strengthening of strategic analysis along with compliance audits to be undertaken.

Key Responsibilities include:

• Act as a point of contact for a number of central workstreams; providing expert advice and guidance on the application of data protection legislation.
• Assisting the DPO in all tasks, including acting as the primary data protection contact in their absence.
• Contribute to help to ensure the application of data protection law and reliance on appropriate legal gateways to data processing, mindful of the potential risks and outcomes associated with such.
• When required, review and advise upon Data Protection Impact Assessments (DPIAs), Data Sharing Agreements and Memoranda of Understanding to mitigate privacy risks and advise on potential solutions and changes to processes/policies proposed to aid both their legal and practical application.
• Maintain and revise DCMS data privacy registers.
• Build and maintain excellent working relationships with key colleagues within DCMS, and other government departments.
• Arranging and completion of data privacy audits, along with the implementation of Onetrust Privacy solution within DCMS, and the upkeep of the department Record of Processing Activity.

The ideal candidate would have the following key skills and experience, please note that desirable skills will only be used in the event of tied candidates:

Essential requirements:

• Making Effective Decisions: to demonstrate focus on using technical expertise and data protection knowledge to provide sound, risk based advice.
• Knowledge of data protection practices within complex, regulated environments.
• Experience of influencing and collaborating with diverse stakeholders to resolve complex privacy issues and ensure service delivery.

Desirable skills:

• Experience of interpreting and applying regulatory standards or working within a compliance-led framework.
• Experience of delivering training.
• Knowledge of existing working practices including technical security standards, risk management frameworks, and compliance auditing

We are running an information session where prospective applicants can find out more about the role. This will be hosted by DCMSs Data Protection Officer, and will take place on:

• 16th June 2026 at 12:00 noon

The session will be an opportunity to hear more about the role, the team and wider directorate and the department. It will also be an opportunity for you to ask any questions.

Please register your interest before 1st June 2026 by filling out this Registration formand you will be sent an invitation. Invites will only be sent after this deadline has passed.

Please note that the session will not be recorded and will not focus on the DCMS recruitment process - please direct any queries that you have on this topic (timelines, reasonable adjustments, onboarding etc) to [email protected]