<!-- Introduction --><div class="feature-text"><h2>About the job</h2><p style="margin:0cm 0cm 8pt;font-family:Calibri, sans-serif;font-size:11pt;line-height:15pt;padding:5px 0px;"><strong style="font-weight:700;"><span style="font-size:12px;font-family:'Segoe UI', sans-serif;">Data Protection Officer – cardfactory</span></strong></p><p style="margin:0cm 0cm 8pt;font-family:Calibri, sans-serif;font-size:11pt;line-height:15pt;padding:5px 0px;"><strong style="font-weight:700;"><span style="font-size:12px;font-family:'Segoe UI', sans-serif;">Salary from £55,000 + benefits package</span></strong></p><p style="margin:0cm 0cm 8pt;font-family:Calibri, sans-serif;font-size:11pt;line-height:15pt;padding:5px 0px;"><span style="font-size:12px;font-family:'Segoe UI', sans-serif;">Join us as the UK &amp; Ireland Data Protection Officer and play a pivotal role in shaping and safeguarding the privacy framework across cardfactory, funkypigeon.com and Garlanna. In this influential position, you’ll act as a trusted, independent advisor—ensuring our organisation meets its obligations under UK GDPR, EU GDPR, PECR, ePrivacy and related legislation.</span></p><p style="margin:0cm 0cm 8pt;font-family:Calibri, sans-serif;font-size:11pt;line-height:15pt;padding:5px 0px;"><span style="font-size:12px;font-family:'Segoe UI', sans-serif;">You’ll lead the way in embedding a strong culture of privacy by design, guiding stakeholders at all levels, and championing accountability across our UK and Ireland operations. As the primary contact for regulators, data subjects and internal teams, you’ll oversee compliance, identify and mitigate privacy risks, and ensure robust policies and controls are in place.</span></p><p style="margin:0cm 0cm 8pt;font-family:Calibri, sans-serif;font-size:11pt;line-height:15pt;padding:5px 0px;"><span style="font-size:12px;font-family:'Segoe UI', sans-serif;">If you’re ready to make a significant impact by driving a proactive, risk-aware approach to data protection, we’d love to hear from you.</span></p><p style="font-family:Calibri, sans-serif;font-size:11pt;margin:0cm;text-align:justify;background:#FFFFFF;padding:5px 0px;"><span style="font-size:12px;font-family:'Segoe UI', sans-serif;">At cardfactory, we believe in smart working. That means you’ll spend around two days a week at our Wakefield support centre, with the flexibility to work from home the rest of the time.</span><span style="font-size:12px;">&nbsp;</span></p><p style="margin:3pt 0cm;font-size:14px;font-family:'Segoe UI', sans-serif;text-align:justify;font-weight:bold;padding:5px 0px;"><span style="font-size:12px;">What you’ll do:</span></p><ul style="list-style-type:disc;margin-top:0px;margin-bottom:10px;"><li style="font-size:inherit;"><strong style="font-weight:700;display:unset;"><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">Data Protection Strategy:</span></strong><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">&nbsp;Develop, implement and maintain a comprehensive Data Protection Strategy aligned to organisational goals and legislation. Own and update the Record of Processing Activities (ROPA).</span></li><li style="font-size:inherit;"><strong style="font-weight:700;display:unset;"><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">Policies &amp; Documentation:</span></strong><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">&nbsp;Maintain all data protection policies, procedures and documentation, including DPIAs, privacy notices, breach logs and SAR logs. Support development of the Information Security Management System.</span></li><li style="font-size:inherit;"><strong style="font-weight:700;display:unset;"><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">Compliance Management:</span></strong><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">&nbsp;Lead audits and compliance activities to meet UK/EU GDPR, PECR and other regulatory requirements. Run the GDPR and data privacy steering committee.</span></li><li style="font-size:inherit;"><strong style="font-weight:700;display:unset;"><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">Monitoring &amp; Audit:</span></strong><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">&nbsp;Conduct ongoing assessments and internal audits to ensure adherence to data protection standards. Review contracts to ensure appropriate legal and technical safeguards.</span></li><li style="font-size:inherit;"><strong style="font-weight:700;display:unset;"><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">Regulatory Liaison:</span></strong><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">&nbsp;Act as the primary contact for the ICO, DPC and other regulatory bodies, managing enquiries, investigations and reporting duties.</span></li><li style="font-size:inherit;"><strong style="font-weight:700;display:unset;"><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">Incident &amp; Breach Management:</span></strong><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">&nbsp;Lead breach assessments, investigations and reporting, ensuring effective mitigation, documentation and communication.</span></li><li style="font-size:inherit;"><strong style="font-weight:700;display:unset;"><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">Training &amp; Awareness:</span></strong><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">&nbsp;Design and deliver training initiatives, keeping colleagues informed on data protection requirements, risks and emerging trends.</span></li><li style="font-size:inherit;"><strong style="font-weight:700;display:unset;"><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">Leadership:</span></strong><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">&nbsp;Advise senior leaders and business units on privacy risks and compliance. Provide leadership and mentoring to the team.</span></li><li style="font-size:inherit;"><strong style="font-weight:700;display:unset;"><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">Supplier Risk Management:</span></strong><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">&nbsp;Oversee governance and risk assessments for third‑party suppliers to ensure compliance and security standards are met.</span></li><li style="font-size:inherit;"><strong style="font-weight:700;display:unset;"><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">Collaboration &amp; Consultancy:</span></strong><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">&nbsp;Act as the first point of contact for data privacy queries. Work cross‑functionally to ensure a consistent, business‑aligned approach to data protection.</span></li><li style="font-size:inherit;"><strong style="font-weight:700;display:unset;"><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">Risk Management:</span></strong><span style="font-family:'Segoe UI', sans-serif;font-size:12px;">&nbsp;Identify, assess and mitigate data privacy risks, ensuring clear reporting to the appropriate stakeholders.</span></li></ul><p style="margin:0cm 0cm 8pt;font-family:Calibri, sans-serif;font-size:11pt;padding:5px 0px;"><strong style="font-weight:700;"><span style="font-size:12px;font-family:'Segoe UI', sans-serif;">What you’ll need:</span></strong></p><ul style="list-style-type:disc;margin-top:0px;margin-bottom:10px;"><li style="font-size:inherit;"><span style="line-height:106%;font-family:'Segoe UI', sans-serif;font-size:12px;display:unset;">Strong risk management capability and ability to deliver practical, commercially‑aware solutions.</span></li><li style="font-size:inherit;"><span style="line-height:106%;font-family:'Segoe UI', sans-serif;font-size:12px;display:unset;">Strong influencing skills (soft / hard / active listening etc.) – and the ability to blend and adapt them to the situation and intended audience.&nbsp;</span></li><li style="font-size:inherit;"><span style="line-height:106%;font-family:'Segoe UI', sans-serif;font-size:12px;display:unset;">Able to implement a holistic security program of strategy, policies, processes and technologies.</span></li><li style="font-size:inherit;"><span style="font-family:'Segoe UI', sans-serif;font-size:12px;display:unset;">Being able to balance legislative requirements taking into consideration a commercial viewpoint</span></li><li style="font-size:inherit;"><span style="font-family:'Segoe UI', sans-serif;font-size:12px;display:unset;">People management skills to direct and manage a small team of data privacy specialists.</span><strong style="font-weight:700;"><span style="font-size:12px;font-family:'Segoe UI', sans-serif;"> </span></strong></li></ul><p style="margin:0cm 0cm 0.0001pt;font-family:Calibri, sans-serif;font-size:11pt;line-height:normal;vertical-align:baseline;padding:5px 0px;"><strong style="font-weight:700;"><span style="font-size:12px;font-family:'Segoe UI', sans-serif;">Experience:</span></strong></p><ul style="list-style-type:disc;margin-left:26px;margin-top:0px;margin-bottom:10px;"><li style="font-size:inherit;"><span style="font-size:12px;display:unset;">5+ years’ experience in a DPO role, managing privacy operations complaints with the GDPR and PECR.</span></li><li style="font-size:inherit;"><span style="font-size:12px;display:unset;">Experience leading, developing and managing teams.</span></li><li style="font-size:inherit;"><span style="font-size:12px;display:unset;">Familiarity with Microsoft Purview, One Trust and other similar DSAR management and tooling.&nbsp;</span></li><li style="font-size:inherit;"><span style="font-size:12px;display:unset;">Experience working in fast-paced and complex environments, working across multiple business units.</span></li><li style="font-size:inherit;"><span style="font-size:12px;display:unset;">Experience with ISO 27001, ISO27701, ISAE 3000/3402 or other information security standards and frameworks.</span></li></ul></div><!-- Apply Button --><a href="https://careers.cfjobs.co.uk/members/?j=31085&amp;lang=en&amp;" class="btn btn-apply apply_bottom">Apply<i class="fas fa-chevron-right" aria-hidden="true"></i></a>