Role :Data Privacy Compliance Manager
Location : Warwick
Duration :Contract
Role Summary
Lead day-to-day privacy compliance delivery for a UK client portfolio, focusing on HCM migration and digital transformation programmes (HRIS/HCM implementations, integrations, data conversions, cloud migrations, and managed services). Ensure alignment with UK data protection requirements and contractual obligations. Support negotiation of privacy, security, and data-processing terms with the client and third-party suppliers.
Key Responsibilities
1) Privacy Governance and Compliance (UK)
• Act as primary privacy compliance lead for engagement.
• Ensure alignment with UK GDPR and the Data Protection Act 2018.
• Translate regulatory and contractual requirements into practical delivery controls; embed privacy-by-design.
• Advice on special category data (health data) and HR data processing.
2) Project Delivery Enablement (HCM Migration / Digital Transformation)
• Review and approve key artefacts: data flow maps, integration designs, cutover plans, access models.
• Define and oversee non-production environment controls (masking, pseudonymisation).
• Conduct cross-border transfer analysis and implement appropriate safeguards.
3) DPIAs, Risk Assessments, and Assurance
• Lead and coordinate Data Protection Impact Assessments (DPIAs).
• Maintain the privacy risk register; track mitigations to closure.
• Prepare evidence packs and reporting for audits and assurance reviews.
4) Incident and Breach Support
• Triage, investigate, and contain privacy incidents.
• Coordinate breach notifications per legal and contractual timelines.
• Drive corrective and preventive actions to completion.
5) Contracting and Negotiation (Client and Suppliers)
• Draft, review, and negotiate Data Processing Agreements (DPAs) and UK GDPR Article 28 terms.
• Manage subprocessor/supplier DPAs, international transfer arrangements, and change orders.
• Maintain the subprocessor register and manage approval workflows.
6) Stakeholder Management and Reporting
• Serve as trusted adviser to client Privacy/IG, Security, and HR teams.
• Deliver regular compliance reporting and status updates to leadership.
• Provide targeted briefings and training to project and operational teams.
Required Experience and Qualifications
5–10+ years of experience in privacy compliance, data protection, or privacy risk management.
Demonstrated expertise in UK GDPR and the Data Protection Act 2018.
Delivery support experience for HCM/HRIS implementations, migrations, or digital transformation programmes.
Track record of negotiating DPAs and supplier privacy terms.
Hands-on experience leading DPIAs and privacy risk assessments.
Healthcare or hospital client experience, including handling special category (health) data and HR data.
Preferred
CIPP/E, CIPM, or equivalent privacy certification.
Familiarity with public sector information governance expectations and standards.
Experience with Workday, Oracle HCM, or SAP SuccessFactors environments.
Multi-vendor and subcontracting engagement experience.
Key Skills
Contract negotiation and commercial awareness.
Ability to operationalise legal and regulatory requirements into practical controls.
Effective stakeholder management across technical and non-technical audiences.
Strong written and verbal communication.
Pragmatic, risk-based decision-making under delivery pressure.