The Data Protection Lead supports the organisation and the appointed Data Protection Officer (DPO) in delivering and embedding the organisation’s data protection framework. The role works with business stakeholders to coordinate compliance activities, maintain governance documentation, and assist in embedding privacy-by-design principles into business processes.

Multi-site operation so UK travel would be expected as and when necessary.

The role supports business teams in documenting processing activities and clearly defining their use of personal data.

The DPO retains responsibility for advising, monitoring compliance, and reporting to senior management in accordance with Article 39 UK GDPR.

Other duties may be required of the post holder in addition to those listed above and below, to ensure that the requirements of the business are met at all times.

Key Responsibilities:

• Maintain and update Records of Processing Activities (ROPA), data retention schedules, policies, procedures and related governance documentation.
• Support business teams in documenting new or amended processing activities and ensuring required governance artefacts are completed.
• Maintain accurate compliance records to support accountability obligations.
• Manage and respond to data subject rights requests, including rights of access, rectification, erasure, restriction, objection, and data portability.
• Coordinate information gathering across relevant teams and ensure responses are issued within statutory timeframes.
• Review material and apply appropriate redactions to protect third-party personal data and confidential information in line with established procedures.
• Escalate complex legal considerations, exemption assessments, or high-risk matters to the Data Protection Officer (DPO) where required.
• Support business stakeholders in embedding privacy-by-design principles into new projects, systems, and operational changes.
• Coordinate and facilitate Data Protection Impact Assessments (DPIAs), including gathering relevant information, documenting risks, and tracking mitigation actions.
• Ensure DPIAs are completed where required and submitted to the DPO for review and advice.
• Escalate high-risk or residual risk processing activities to the DPO and relevant governance forums.
• Support the coordination and documentation of personal data breach investigations.
• Maintain incident records and ensure prompt internal reporting of suspected breaches.
• Escalate potential notifiable breaches to the DPO for assessment under UK GDPR reporting requirements.
• Support preparation of information required for regulatory notification where directed by the DPO.
• Support the coordination and delivery of data protection training and awareness initiatives across the organisation.
• Promote understanding of data protection responsibilities and good practice within business teams.
• Identify recurring compliance themes or training gaps and escalate to the DPO where further guidance or intervention may be required.
• Act as a point of contact for routine data protection queries and provide guidance in line with established policies and DPO advice.
• Promote consistent data protection practices across business operations.

Ideally, we are looking for:

• Practical experience supporting data protection or compliance activities within a UK GDPR environment.
• Experience managing and responding to data subject rights requests, including reviewing and redacting documentation.
• Experience maintaining governance documentation such as Records of Processing Activities (ROPA), DPIA logs, or incident registers.
• Experience coordinating across multiple business stakeholders to gather information and track actions.
• Working knowledge of UK GDPR and the Data Protection Act 2018.
• Experience supporting Data Protection Impact Assessments (DPIAs).
• Exposure to incident management or personal data breach processes.
• Experience delivering or coordinating compliance training.
• Experience within a regulated or customer-data-driven environment.
• Strong organisational and documentation skills.
• Attention to detail, particularly in reviewing and redacting personal data.
• Ability to communicate clearly with non-legal stakeholders.
• Confidence escalating issues appropriately.
• Practical, solution-focused mindset.
• Company car provided due to UK wide travel.

In return we’ll offer:

As a permanent Greenhous employee, you will be entitled to:

• 30 Days Holiday Including 8 Bank Holidays
• Company Sick Pay That Increases With Length Of Service
• Pension With Greenhous Contribution
• Career Development Opportunities
• Employee Discounts On A Range Of Products And Services Including Holidays, Days Out And Supermarket Shops
• Qualified Mental Health First Aiders
• Free Will Writing Service
• Free Mortgage Advice Service
• Free Eye Tests For VDU Users
• Free Flu jabs if you are ineligible through the NHS
• On-Site Parking (Site Specific)
• Cycle To Work Scheme
• EAP – Employee Assistance Program

Who are we:

Greenhous is firmly established as one of the largest dealer groups in the UK and has over 100 years’ experience in the franchised dealer world. We are a leader in the supply of dealer services for some of the world’s leading manufacturers.

Our network of Car and Commercial dealerships now stretches across Shropshire, Staffordshire and the West Midlands and includes a number of different franchises including Vauxhall, Nissan and DAF.