Job Description
Main purpose of job:
As a Data Protection Manager within the First Line of Defence (1LOD) in Operations at CAF UK, you will serve as a subject matter expert (SME) on data protection and privacy. While your primary focus will be on supporting the Operations function, the nature of the role means your remit extends across CAF UK. You will be responsible for embedding data protection principles into operational processes, ensuring compliance with UK GDPR and related legislation. You will work closely with the Second Line of Defence (2LOD), including Risk, Compliance, and the Data Protection Officer (DPO), to ensure a coordinated and effective approach to managing data protection risks across the organisation.
Key Job Responsibilities:
Data Protection Governance & Compliance
- Act as the primary point of contact for data protection matters within Operations, while supporting broader CAF UK-wide compliance efforts.
- Ensure operational processes and procedures align with CAF UK’s Data Protection Policy, UK GDPR, and other applicable data protection laws.
- Maintain and support the development of Records of Processing Activities (RoPAs), ensuring they are accurate and reflective of both operational and wider organisational practices.
- Contribute to the development and implementation of data protection standards and frameworks that apply across CAF UK.
- Collaborate with 2LOD to ensure consistent interpretation and application of data protection requirements across all business areas.
Risk Management & Control
- Identify and assess data protection risks within operational processes, systems, and third-party relationships, with consideration for their impact across CAF UK.
- Design and implement proportionate and effective controls to mitigate identified risks, ensuring they are embedded into day-to-day operations and scalable across the organisation.
- Support the business in completing risk assessments and control testing related to personal data handling and processing.
- Monitor and report on data protection risks and control effectiveness, escalating issues where appropriate to ensure CAF UK-wide visibility.
- Work closely with 2LOD to ensure alignment with the enterprise risk management framework and contribute to organisation-wide risk reporting.
Advisory & Stakeholder Engagement
- Provide subject matter expertise to operational teams and other business areas across CAF UK on data protection queries, including lawful bases for processing, data minimisation, retention, and consent.
- Support business initiatives, change programmes, and new product development by advising on data protection considerations and completing Data Protection Impact Assessments (DPIAs).
- Act as a key liaison between Operations and the Data Protection Officer (DPO), Legal, and Compliance teams, ensuring timely and accurate information sharing across the organisation.
- Build strong relationships with stakeholders across CAF UK to promote a consistent and proactive approach to data protection.
- Represent Operations in cross-functional working groups and forums, contributing to CAF UK- wide data protection initiatives.
Incident Management & Reporting
- Support the identification, investigation, and resolution of data protection incidents and personal data breaches within Operations, while ensuring lessons learned are shared across CAF UK.
- Ensure incidents are logged, assessed, and escalated in accordance with internal procedures and regulatory requirements.
- Work with 2LOD and other stakeholders to conduct root cause analysis and implement corrective and preventative actions that benefit the wider organisation.
- Maintain detailed records of incidents, investigations, and outcomes to support audit and regulatory reporting.
- Contribute to the continuous improvement of incident response processes and playbooks across CAF UK.
Training & Awareness
- Develop and deliver tailored training sessions and materials for operational teams, with content that can be adapted and shared across CAF UK.
- Promote a culture of privacy awareness and accountability through regular communications, campaigns, and engagement activities.
- Support the rollout of organisation-wide data protection training and awareness initiatives led by 2LOD or the DPO.
- Provide coaching and support to colleagues across CAF UK to embed privacy by design and default into business practices.
- Monitor training effectiveness and identify opportunities to improve knowledge and behaviours across the organisation.
At CAF you will receive:
- Permanent hybrid ways of working where roles allow
- Six weeks holiday plus bank holidays
- A wide range of development opportunities to support personal and professional growth
- Pension scheme with better-than-market employer contribution options
- Social impact benefit schemes
How to apply
The closing date for applications is 29 August 2025
Interview date: from 1 September 2025
Please complete the form below, attach your CV and Cover letter, then click ‘Submit Application’ if applying via our website or send your CV and cover letter to recruitment@cafonline.org quoting reference number DM103
