Head of Data Protection

Salary: Up to £110,000 depending on experience

Contract Type: Fixed term contract until Jan 2027

Work Life Balance: Hybrid, 1 day per week at our Northampton office

Candidate Journey: Our goal is to reply to applications within 3 working days. Additionally, we make sure to acknowledge, evaluate, and respond to all applications as a way of showing our appreciation for your time and effort in applying to us.

Interview Process:

• Introductory call with a member of the recruitment team - 30 mins
• Presentation and interview with hiring team - 1.5 hours
  
  

Are you ready to join an award-winning business that is reshaping the insurance landscape? Our organisation has transformed the way customers interact with insurers, establishing a benchmark for exceptional service. With our recent digital transformation, we are eager to find passionate and motivated individuals to join us on our journey to success.

We firmly believe that attracting and developing talented professionals is essential for our ongoing growth and success. By investing in our team, we create an environment where innovation thrives and opportunities abound.

Our aim is to innovate, dominate and disrupt niche insurance on a global scale, which means we are seeking innovators and individuals who embrace change with ease. Together, we can drive change and make a significant impact in the industry.

The Role:

The Head of Data Protection is the organisation’s senior subject-matter expert on data protection, responsible for ensuring the group complies with EU GDPR, UK GDPR, the Data Protection Act 2018, PECR and relevant international data transfer rules.

The role oversees data governance, privacy risk management, training, incident handling, and supports innovation in the role AI can play in enhancing regulatory compliance, improving customer interactions and reducing cost to serve.

What will you do?

Data Protection Leadership

• Serve as the organisation’s primary Data Protection Officer (DPO).
• Lead the data protection strategy and annual improvement plan in alignment with regulatory and business objectives.
• Act as the point of contact for the ICO, data subjects, underwriters, and distribution partners
  
  

Governance & Compliance

• Maintain and continually improve the Data Protection Framework, including policies, procedures, retention schedules, and staff guidance.
• Ensure compliance with EU GDPR, UK GDPR, DPA 2018, PECR and ensuring AI technologies follow the guidance set out in the EU AI Act.
• Oversee Data Protection Impact Assessments (DPIAs), Legitimate Interest Assessments (LIAs), records of processing (RoPA), Transfer Risk Assessments (TRAs) and when required International Data Transfer Agreements (IDTAs) and standard contractual clauses (SCCs) for the EU activities.
• Lead annual privacy audits and compliance monitoring plans.
  
  

Risk Management

• Identify, assess, and mitigate privacy risks across operations, marketing, sales, and partnerships with insurers and assistance companies.
• Maintain the privacy risk register and report regularly to senior management, Risk Committee, and Board.
• Advise on high-risk processing activities involving medical data, customer profiling, and fraud detection.
  
  

Incident & Breach Management

• Lead the incident response process for data breaches, ensuring timely assessment, containment, documentation, root-cause analysis, and ICO notification where required.
• Train first-line teams to recognise and escalate incidents promptly
  
  

Training & Culture

• Deliver staff training, awareness campaigns, and role-specific guidance for sales, call-centre teams, marketing, claims, and underwriting liaison staff.
• Champion a culture of privacy-by-design and ethical data use.
• Review and approve the annual mandatory learning pathways across the group
  
  

Commercial & Partnership Support

• Review and negotiate data protection clauses in broker–insurer agreements, TPAs, distribution partnerships, and vendor contracts.
• Oversee data minimisation and secure data-sharing processes with insurers, MGAs, claims handlers, and travel partners.
• Support product development, digital tools, AI/automation initiatives, and customer journeys to ensure compliance from inception.
  
  

Monitoring Technologies & AI Compliance

• Oversee privacy compliance in marketing technologies, cookies, analytics, and tracking tools.
• Ensure governance for AI use within underwriting support, claims triage, fraud screening, and customer service bots (aligned to ICO expectations and EU AI Act if relevant for EU customers).
  
  

Essentials:

• Expert knowledge of UK GDPR, DPA 2018, PECR and ICO regulatory guidance.
• Significant experience in data protection roles.
• Understanding of medical data processing, special category data handling, and claims processes.
• Strong contract and vendor management knowledge relating to data protection clauses.
• Demonstrated ability to design and implement privacy governance frameworks.
• Excellent stakeholder engagement skills at senior and operational levels
  
  

Bonus skills you may pack in your suitcase:

• Experience with the travel insurance market, underwriting chains, and emergency assistance providers.
• Knowledge of international data transfer and cross-border operations (e.g., global travel assistance, overseas claims).
• CIPP/E, CIPM, BCS DP Practitioner Certificate, or similar qualifications.
• Experience supporting AI or digital innovation environments
• Knowledge of the AU AI Act
  
  

We’re assembling a diverse team, where skills, not checkboxes, reign supreme, regardless of race, religion, sex, sexual orientation, gender identity or disability.

Staysure Group welcomes all new starters with open arms, providing training, development opportunities, and great benefits.