Data Protection & Privacy Manager

Data Protection & Privacy Manager *Location: London (multi-site across depots & Head Office)Contract: Full time and PermanentSalary: £50k to £60k depending on experience.Reporting to: People and Operations ManagerAbout Us**Go-Ahead London* is the capital's largest bus operator, employing over 8,000 colleagues and operating around a quarter of London's iconic red bus network on behalf of Transport for London.With a complex, people-focused operation spanning multiple depots, systems, and partners, protecting personal data is critical to everything we do.The RoleWe are seeking an experienced Data Protection Manager to lead and continuously improve our GDPR and privacy framework across Go-Ahead London.This role goes beyond compliance. You will act as a trusted adviser, auditor, and champion of privacy by design, ensuring personal data is handled lawfully, securely, and proportionately - while enabling the business to operate effectively.You will work closely with senior leaders, depot teams, Group colleagues, and external partners, helping embed a strong data protection culture across a large, operationally complex organisation.Key Responsibilities

• Lead GDPR compliance across Go-Ahead London, covering both paper and electronic records, systems, and behaviours.
• Conduct regular audits across depots and Head Office functions, providing clear, practical recommendations and reporting outcomes to senior leaders and the Board.
• Maintain oversight of personal data breaches, ensuring prompt notification, appropriate investigation, regulatory decision-making, and preventative action.
• Own and maintain the organisation's data map, data inventory, and records of processing activities, working closely with HR, IT, Finance, and Operations.
• Review and advise on Data Sharing Agreements and third-party processing arrangements, ensuring appropriate legal basis, safeguards, and contractual protections.
• Support Subject Access Requests and individual rights requests, ensuring responses are accurate, timely, and auditable.
• Provide expert advice on Data Protection Impact Assessments (DPIAs), supporting project teams to identify risk, mitigation, and lawful processing from the outset.
• Oversee GDPR training and awareness, working with HR and Learning teams to ensure completion, quality, and accurate recording.
• Act as a key liaison with Group Data Protection and Information Security colleagues, supporting continuous improvement in information security practices.
• Ensure GDPR-related policies, standards, and guidance remain current, practical, and aligned with legal and regulatory change.
• Provide clear, confident challenge to senior stakeholders where privacy or information risk is identified.
• Represent Go-Ahead London at internal and external GDPR / privacy forums as required.

• Strong experience in data protection, privacy, or information governance within a complex organisation.
• A practical understanding of GDPR, data protection principles, and risk-based compliance.
• Excellent communication skills, with the confidence to influence and challenge constructively at all levels.
• Experience auditing systems, processes, and behaviours, with the ability to translate findings into improvement.
• The ability to work independently across multiple locations and manage competing priorities.
• A collaborative, approachable style with a clear focus on enabling the business to do the right thing.

Desirable:

• Experience working in regulated, operational, or multi-site environments.
• Exposure to information security, access controls, or assurance frameworks.
• Professional certification in data protection or privacy (e.g. IAPP, BCS) or equivalent experience.

Why Join Us?

• A role with real influence across a major London employer
• The opportunity to shape privacy standards in a complex, people-focused operation
• Flexible working arrangements to support work-life balance
• A collaborative, values-driven organisation committed to doing the right thing

Job Types: Full-time, PermanentPay: £50,000.00-£60,000.00 per yearBenefits:

• Company pension
• Employee discount
• Free or subsidised travel