Data Protection Manager
Role details
Job location
Tech stack
Job description
We are a platform who sits right in the middle between consumers and OEMs/Dealers in the car-changing journey. We sit on a gold mine of data and we want to commercialise it. As Senior Data Protection Manager at Carwow, you'll play a pivotal role in enabling the business to grow and scale at pace with integrity. This is an exciting opportunity to develop your career at a complex high-growth data thirsty marketplace business.
We are looking for a Senior Data Protection Manager who wants to do more than just maintain a register and policies. This is a rare opportunity to join a high-performing legal function as our first dedicated privacy hire and be a strategic advisor to the business as it sharpens its privacy governance programme steering the business towards further growth and an exit.
We are not at "Day Zero" we currently have an external DPO, we have established policies, templates, a RoPA, and a risk register.
We need a tech-fluent practitioner who can bridge the gap between Legal and our Product, Engineering and Marketing Teams. You will have the mandate to lift the lid on our technology stack, validate our data flows, and build the practical mechanisms that keep our business safe and moving fast., * Framework development: develop and maintain a comprehensive enterprise privacy governance framework, encompassing internal policies, ROPAs, privacy notices, risk registers, and retention schedules. This role ensures our documentation aligns with the actual tech stack and processing activities while leading efforts to remediate any identified discrepancies.
- Culture & Training: create a strong internal perception of privacy as a "trust builder." Design and deliver role-specific training that is engaging, commercially relevant, and free of legal jargon.
- Business Partnering: develop appropriate business partnering relationships across the Marketing and Media teams and across other parts of the business and proactively take steps to support their understanding of privacy matters and their compliance. Provide expert advice to senior management and support the General Counsel in updating the Company Executives as needed.
- Breach response: play a key role in leading the investigation of data breaches and liaising with regulators as appropriate.
- DPAs/DSAs: support the legal team to draft and negotiate appropriate DPAs and DSAs for commercial deals.
- DSARs: set the business up to be able to respond to DSARs when necessary in the most streamlined and least disruptive manner.
- Retail Media and Ad Tech: work on new commercial propositions looking to leverage our data for 3rd party audience targeting and segmentation helping us to answer DDQs and design safe data sharing mechanisms.
- Corporate work: support the legal team in DD exercises for M&A and during funding exercises.
- Technical Integration: work closely with Data and Insights/IT/Engineering/Product teams to embed "Privacy by Design" principles and to translate complex data processing activities into clear, risk-based language for the General Counsel, Executives and business stakeholders.
- Operationalise Compliance: look for ways to integrate standard compliance process (e.g. DPIAs/LIAs/DPA/DSAs) into business workflows with an eye always on streamlined automation where possible.
- Multi-Jurisdictional: support our businesses in the UK, Germany, Spain and Portugal.
Requirements
- A CIPP/E and CIPM from the IAPP.
- Passionate about the intersection of AI and privacy, focusing on how to safeguard the organization during tech adoption while leveraging AI to enhance and automate privacy operations.
- A team player with a growth mindset, high EQ and low ego, excited to be part of a scale-up high growth company, where every day brings new challenges and opportunities.
- Significant experience of working in-house balancing privacy compliance with commercial objectives.
- Ability to understand the law and grasp new data protection concepts quickly and to distil and explain them in a clear and easy to understand way whilst building a privacy programme.
- To be able to work in a fast paced environment, with teams that move and pivot quickly.
- Fluency in English and strong communication skills are essential, together with a proactive, persuasive and adaptable manner.
- To be driven to ensure the Legal and Compliance Team are viewed as genuine partners of the business and to take the initiative of building key relationships. Ability to lead cross-functional projects.
- To be used to autonomy and independent working and thinking.
- A track record of working with all levels of the organisation, including senior management.
BONUS POINTS
- Experience working in a tech platform/marketplace environment.
- Experience in Mar-Tech/Ad-Tech.
- Experience in the automotive industry.
Benefits & conditions
- Competitive comp package
- 28 days' holiday plus bank holidays, increasing to 35 with length of service, plus extras for house moves, weddings and more!
- Employee-friendly share options
- Pension scheme via Royal London - up to 5% company contribution
- Vitality private healthcare insurance
- Life Assurance - 4x annual salary
- Monthly coaching sessions with Spill - our mental wellbeing partner
- Inclusive parental, partner and shared parental leave, including up to 20 weeks' full pay maternity and shared parental leave, and 8 weeks' full partner pay, as well as fertility treatment and pregnancy loss policies
- Bubble childcare support and discounted nanny fees for little ones
- 'Work from abroad for a month' annual scheme
- Generous learning and development budget
- £500/€550 home office budget
