Data Protection Analyst
Data Protection Analyst
MISSION STATEMENT
To support the organisation’s compliance with the UK GDPR and Data Protection Act 2018 by
handling operational and administrative data protection tasks including SARs, DPIAs, data
breach logs, and training coordination, also supporting the DPO in proactive risk
identification, policy development, audit preparation, and reporting. This role is key in
reducing our dependency on external consultants for routine matters, while maintaining high
standards of privacy and data governance.
Key Activities
1. Subject Access Requests (SARs) & Data Rights
Receive and log SARs and other data rights requests (e.g., rectification, erasure,
objection).
Coordinate with internal teams to gather data and ensure timely, accurate responses.
Use redaction tools and apply exemptions under guidance from the DPO or
consultant.
Maintain the data breach log and monitor for trends or risks.
Assist with breach investigations, gathering information and escalating to the DPO
when required.
Coordinate follow-up actions and support notification to ICO (if required).
Coordinate reviews of cookie banners, website privacy notices, and online data
capture forms.
Support internal and external audit preparation, including evidence gathering and
follow-up actions
Maintain dashboards or reports on key data protection metrics (e.g., SARs, Breaches,
ROLE PROFILE
Training)
Provides regular updates to the DPO and Quality lead.
ROLE PROFILE
PERSON SPECIFICATION
CRITERIA EVIDENCED
QUALIFICATIONS Required Desirable Application Interview
CIPP/E (Certified Information Privacy X
Professional – Europe)
CIPM (Certified Information Privacy X
Manager).