Does your business need support during the Covid-19 outbreak? Visit our support section

Data protection executive

We are recruiting for a data protection executive based out of Cardiff.

Job purpose                                                   

The Data Protection Executive will help ensure DBW meets its Accountability and Governance requirements under the UK GDPR by supporting the Risk Assurance Manager in providing oversight of the management of data privacy and protection risks across DBW.

At the heart of the GDPR is a ‘privacy by design’ approach.  The Director of Risk, Compliance & Legal is the current Data Protection Officer and the Compliance team provides the necessary support alongside the DPO to ensure the principles of GDPR protection flows through all activities carried out across the business.

As a regulated financial institution with growing numbers of staff, it is vital that DBW is clear on what data is held, how it is processed, where it is retained and disposed of.  The Data Protection Executive will provide guidance and challenge on data privacy and protection matters, based on knowledge of the GDPR and data protection legislation, combined with an up to date understanding of emerging issues and regulatory changes.

This work will also provide its internal and external auditors, Audit and Risk Committee, and all other Stakeholders the assurance that appropriate GDPR related Policies, procedures and controls are appropriate in their design and operating effectively.

Main duties and responsibilities

  • Support the development of existing policy documentation and related practical guidance notes in the following areas: GDPR, Information Management and Security, Procurement.  
  • Work with the Risk Assurance Manager to implement a review programme to monitor operational compliance in the context of Data Protection and Privacy and report against key risk metrics.
  • Conduct compliance audits on data protection controls across DBW to ensure they operating effectively. Provide recommendations for improvements and support issue remediation actions.
  • Provide assistance with the development and ongoing maintenance of the business Information Asset Register.
  • Ensure Information Retention schedules are kept uptodate and working closely with the Data Architect help facilitate compliance with retention schedules, making use of automated tolls and technology where possible.
  • Promote the importance of the consideration of GDPR regulation in all project work across the organisation (by providing practical examples). Support with DPIAs and making recommendations to the business to strengthen controls.
  • Support third party vendor management to ensure data protection risks are considered from initial engagement and from an ongoing compliance perspective.
  • Manage the incident log and undertake investigations into data breaches, ensuring appropriate internal escalation, including the production of any required reports and provision of data for regulatory investigation.
  • Support in the promotion of awareness of information management across the Group developing and facilitating training
  • Work closely with the Compliance team to develop data privacy reporting for management, Audit & Risk Committee, auditors and the regulator as required.

Knowledge, skills, abilities and experience


  • Good knowledge of GDPR regulation and data protection principles
  • Strong project management skills and the ability to work unsupervised managing multiple projects
  • Understanding of design and application of risk management frameworks and able to identify risk
  • Strong verbal and written communication skills with the ability to influence effectively
  • Drive and determination to complete work to a high standard
  • Strong problem-solving skills, with a tenacious approach; accurate with strong attention to detail
  • IT literate and able to use Microsoft Office Packages


  • Relevant Data Protection qualifications e.g. Practitioner Certificate in Data Protection.
  • Experience of practical application of the data protection principles within the financial sector
  • Familiarity with IT security system and curiosity in emerging technology privacy and data protection concerns
  • The ability to apply a range of research techniques to gather relevant information
  • Offer briefings and advice following research


To apply for this role, please go to