Fortius Clinic
Data Protection Officer
Data Protection Officer
Posted yesterday
LondonPermanentHybridFull-TimeLead
Posted yesterday
Description
Data Protection Officer
Requirements
Key Responsibilities
Governance & Compliance
Regulatory Engagement
Data Subject Rights & Incidents
Third Parties & Contracts
Culture, Training & Advisory
About You
Qualifications
Experience
Skills & Competencies
Why Join Us?
Affidea UK and Fortius Clinic are an equal opportunities employer.
Requirements
Key Responsibilities
Governance & Compliance
- Act as the named DPO under UK GDPR and the Data Protection Act 2018
- Develop, maintain, and continuously improve data protection policies, frameworks, and procedures
- Monitor compliance, including NHS Data Security and Protection (DSP) Toolkit requirements
- Maintain and oversee the Record of Processing Activities (ROPA)
- Lead and oversee Data Protection Impact Assessments (DPIAs)
- Ensure implementation of data protection standards, privacy notices, retention frameworks, and local controls
- Maintain clear documentation and escalate significant risks to senior leadership and Group DPO
Regulatory Engagement
- Serve as the primary contact for the Information Commissioner's Office (ICO)
- Manage regulatory audits, investigations, and enquiries
- Track regulatory developments and provide expert guidance
Data Subject Rights & Incidents
- Oversee responses to DSARs and other data subject rights requests
- Lead data breach response, including assessment and notification where required
- Maintain and report on incident and breach logs
Third Parties & Contracts
- Advise on data processing agreements, data sharing agreements, and international data transfers
- Conduct due diligence on third-party processors
- Provide data protection input into procurement, contracts, and technology implementation
Culture, Training & Advisory
- Deliver and oversee tailored data protection training across the organisation
- Advise clinical, operational, and digital teams on data protection matters
- Promote privacy by design and default
- Support governance around AI use and emerging technologies
- Participate in or chair Information Governance forums
About You
Qualifications
- Recognised data protection qualification (e.g. CIPP/E, BCS Certificate in Data Protection, IAPP)
- Full UK driving licence
- Willingness to travel regularly across UK sites
Experience
- Strong expertise in UK GDPR and Data Protection Act 2018
- Experience engaging with the ICO
- Hands-on experience managing: DPIAs, ROPAs, DSARs, Data breaches
- Experience working in a regulated environment (healthcare preferred)
- Knowledge of NHS information governance standards (DSP Toolkit, Data Security Standards)
- Proven ability to influence senior stakeholders
- Experience embedding privacy in digital, IT, or AI-driven projects
Skills & Competencies
- Strong communication and stakeholder management skills
- Ability to translate legal requirements into practical, risk-based advice
- High attention to detail with strong documentation capabilities
- Proactive, solutions-focused mindset
- Solid understanding of IT systems and cybersecurity fundamentals
- Proficiency in Microsoft 365 and digital tools
Why Join Us?
- Play a strategic, high-impact role in a leading healthcare organisation
- Work closely with senior leadership and contribute to organisational governance
- Influence how data protection supports innovation, including digital and AI initiatives
- Be part of a collaborative environment committed to high standards of care and compliance
Affidea UK and Fortius Clinic are an equal opportunities employer.
Fortius Clinic
The UK's leading orthopaedic and sports medicine group providing world class care for all patients.
LondonPrivate Healthcare251 - 500
Fortius Clinic
Join a rapidly growing clinic founded by doctors, where you'll work with over 200 world renowned specialists, push the boundaries of medical science, and expand your expertise in a high performance environment rated Outstanding by CQC.