×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Data Security Data Analyst

Senior Data Protection Compliance Specialist

Job in Greater London, London, Greater London, W1B, England, UK
Listing for: marshmallow
Full Time position
Listed on 2026-06-12
Job specializations:
  • IT/Tech
    Data Security, Data Analyst
Salary/Wage Range or Industry Benchmark: 100000 - 125000 GBP Yearly GBP 100000.00 125000.00 YEAR
Job Description & How to Apply Below
Location: Greater London

We’re on a mission to make migration easy.

We started building Marshmallow in 2017. Since then, we’ve grown from 3 to 700+ people, gained unicorn status, raised ~£140M over three funding rounds, turned profitable, insured millions of drivers and lent millions in car loans.

But we’re only just getting started. Our goal is to become one of the largest financial services providers in the world. Over the next 10 years we’ll grow exponentially, not only by scaling our existing products, but also by building new ones.

To achieve our goals we need incredibly ambitious, commercially driven people who never settle for ‘good enough’. Marshmallowers are hungry for autonomy and ownership, and would rather improve than coast. Everyone raises standards and has an impact, with a focus on collective success over self‑interest.

We’ve created an environment where curious, tenacious people win and grow together. If that sounds motivating, this could be the place for you.

About the Role

We are looking for a skilled and experienced Senior Data Protection Compliance Specialist to strengthen our data protection function. Working closely with our designated Data Protection Officer (DPO) and wider Legal, Risk, Compliance and Technology teams, you will play a central role in driving and embedding a robust culture of data protection compliance across the organisation.

This is a senior hands‑on role with significant scope and visibility. You will be a subject matter expert and trusted partner to the business — shaping policies, managing complex compliance work streams, and supporting the DPO in meeting the organisation's obligations under UK GDPR and the Data Protection Act 2018. Whilst you will not hold the formal DPO designation, you will operate at a high level of autonomy and expertise.

What you’ll be doing

Data Protection Compliance:

  • Support and deputise for the DPO across day-to-day compliance activities, acting as a senior point of expertise for the business.

  • Lead the organisation's DPIA programme, conducting and reviewing assessments for new and changed processing activities and presenting outcomes to senior stakeholders.

  • Own and maintain the organisation's Record of Processing Activities (RoPA), ensuring accuracy, completeness, and regular review.

  • Manage the end‑to‑end handling of Data Subject Access Requests (DSARs) and other data subject rights requests, ensuring timely and legally compliant responses.

  • Lead on personal data breach management: triage, investigation, remediation tracking, and advising on ICO notification decisions in conjunction with the DPO.

  • Advise business functions on lawful bases for processing, consent management, data retention, and data minimisation.

Policy, Training & Governance:

  • Develop, maintain, and implement data protection policies, procedures, and guidance documents, keeping them current with legislative and regulatory changes.

  • Design and deliver engaging data protection training and awareness programmes for staff across all business areas, including tailored sessions for high‑risk teams.

  • Support the embedding of privacy‑by‑design and privacy‑by‑default principles in new projects, products, and systems.

Third Parties & Transfers:

  • Review and negotiate data processing agreements (DPAs) and data sharing agreements, working closely with Legal and Procurement colleagues.

  • Advise on international data transfer mechanisms including IDTAs, Transfer Risk Assessments (TRAs), and Binding Corporate Rules.

  • Manage the organisation's supplier due diligence process from a data protection perspective.

Monitoring & Horizon Scanning:

  • Monitor the regulatory landscape, including ICO guidance, enforcement action, and relevant case law, and translate developments into actionable organisational recommendations.

  • Assist in preparing for and managing ICO audits, investigations, or engagement as required.

Your Expertise

Essential:

  • Substantial experience (typically 5+ years) in a data protection compliance role, with a track record of managing complex work streams independently.

  • Expert knowledge of UK GDPR, the Data Protection Act 2018, and PECR, and their practical application in a business context.

  • Hands‑on experience conducting DPIAs,…

Position Requirements
10+ Years work experience
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search