Data Protection Officer

Job Title: Data Protection Officer

Location: Wilmslow 

Hours of Work: Full Time (Flexible Working Available)

Salary: Up to £45,000

This is a really exciting time to join us! Our business has grown rapidly, and we now have eight companies serving over 40,000 clients. Not only do we offer clients products that they need, want and value, we do it from an industry leading client retention and colleague engagement base.

We are Citation.  We offer colleagues and clients an opportunity they will not gain at many other businesses.  We are interested in growth, investment and service excellence, we have never and will never grow our business by cost cutting or tying people up in bureaucracy.  We don’t do politics – we want people focused upon actions and delivery.  We don’t do micro-management – we empower, support and innovate.  We are leaders, not empire builders and we love our business.

Citation is one of the UK’s biggest providers of Health & Safety, HR, Employment Law and ISO services to businesses. We are far from your average service provider as our colleagues bring their great personalities to work, not just their policies!


The Role

This position will be a critical role in complying with Citations obligations under the Data Protection Act 2018 and the GDPR.  The candidate will be responsible for ensuring Citations continued compliance with applicable data protection laws. The role will also hold responsibility for compliance and maintenance of Citations ISO 9001 standard.


If you want a role that you can make your own, where you can make a real positive business impact and work for a Company full of great colleagues, then this could be the role for you.  Cultural fit is critical as is technical knowledge and experience. Finding the balance between legal understanding, practical application, influencing and commercial awareness is tricky but essential. We’re looking for someone who can not only help us ensure compliance but is savvy enough to drive through the business benefits of this role.


The Person

Regulatory Essentials (Article 39 GDPR):

  1. The Data Protection Officer shall be responsible for the following:


  • to inform and advise the Company (and employees who carry out processing) of its’ obligations pursuant to this Regulation and to other Union or Member State data protection provisions;


  • to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;


  • to provide advice where requested as regards the data protection impact assessment and monitor its performance pursuant to Article 35;


  • to cooperate with the supervisory authority;


  • to act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36, and to consult, where appropriate, with regard to any other matter.


  1. The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.


Essential skills:

  • Robust practical understanding and application of data protection and information governance practices.
  • Advise on compliance with the relevant National and European legislation
  • Implementation of Group data protection and information governance polices
  • Upkeep of data maps and record of processing activity
  • Maintain agreed company specific documentation
  • Provide operational information and guidance on the processing of personal data
  • Complete all Subject Access Requests (SAR) and the exercising of other rights available to individuals
  • Be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc.)
  • Provide advice and support to the Executive and Operations Boards on any Data Protection related tasks/issues/projects
  • Provide MI to the Board’s
  • Work with the Product Team to develop DP products for market including the PIA process
  • Management and evaluation of third-party relationships with suppliers and processors ensuring appropriate due diligence has been carried out, correct decisions made and contracts in place
  • Undertake all audits, impact assessments and health checks
  • Work with the Group DPO on data related issues
  • Liaise with IT function and Group DPO on Information Security related tasks such as risk assessments
  • Provide training and support to colleagues
  • Management of Citation’s ISO 9001 certification – e.g. internal audits, management reviews
  • Works collaboratively with a range of people to support the wider business agenda
  • Proactively identifies areas for improvement, shares lessons learnt with colleagues and encourages others to do the same



Education & Experience:

  • Relevant Qualification e.g. Data Protection Practitioners’ Certificate, preferably BCS or ISEB
  • In-depth understanding of GDPR, DPA, PECR
  • Experienced dealing with data breaches
  • Methodical, balanced, calm and engaging in approach
  • Has excellent attention to detail
  • A proved track record of quickly establishing good working relationships and gaining credibility with a range of internal customers
  • Experienced in undertaking complex analysis and problem solving and communicate the results clearly
  • Ability to communicate effectively with customers and colleagues both verbally and in writing switching styles, tones and platforms as required
  • Doesn’t get stage fright when presenting to the board or colleagues
  • Understanding of ISO27001 or information security principles – desirable
  • Experience in managing ISO 9001 compliance – desirable
  • Knowledge of the B2B Business Consultancy sector – desirable


What you get from us?

Working for Citation you will receive 25 days holiday plus bank holidays, corporate gym membership discounts, private healthcare, your birthday off work, the opportunity to purchase extra leave, pension contributions and more.

It’s a great place to work because of the people we employ. Fun, professional and supportive, we want likeminded individuals who love to love their job (no ‘mood hoovers’ here thanks!). So, if our culture sounds like a good fit for you and you want to be part of our success story, then send us your details.


Pop in your details and we'll call you straight back

We'll get back to you as soon as we can.