Data Privacy and Compliance Specialist

Houseful

Data Privacy & Compliance Specialist for Alto Software Group ensuring compliance with UK GDPR and handling data privacy requests. Collaborating with teams on privacy awareness and data protection impact assessments.

Posted 6/23/2026full-timeLondon • 🇬🇧 United KingdomMid-LevelSeniorWebsite

About the role

Key responsibilities & impact

Manage the end-to-end lifecycle of Data Subject Access Requests (DSARs), Right to Erasure (RTBF), and Portability requests — from intake and verification through to fulfilment within the statutory one-month timeframe.
Perform meticulous reviews of personal data extracts, applying UK GDPR exemptions and carrying out necessary redactions to protect third-party privacy.
Act as first responder to privacy-related complaints from customers, employees, and third parties, handling each case with empathy and legal precision.
Support the DPO/Head of Legal in investigating potential data breaches, assessing risk to individuals, and preparing documentation for the ICO where required.
Maintain and update the Record of Processing Activities (ROPA) under Article 30, ensuring all data flows across the business are accurately documented.
Support departmental leads in completing Data Protection Impact Assessments (DPIAs) for new projects, tools, and product changes.
Provide pragmatic, accessible guidance to commercial, marketing, people, and product teams — translating legal obligation into practical action.
Deliver bite-sized privacy awareness sessions to staff, reducing human-error risk and building a data-conscious culture across the business.

Requirements

What you’ll need

Experience in a dedicated data protection or privacy compliance role within a UK-based organisation.
Deep working knowledge of UK GDPR, the Data Protection Act 2018, PECR, and the Data Use and Access Act (DUAA).
Hands-on experience handling DSARs end to end — including redaction, application of exemptions, and meeting statutory deadlines.
Familiarity with ROPA maintenance and conducting or supporting DPIAs.
Experience with redaction software and case management tools; comfortable navigating business systems to locate personal data across platforms.
Strong written communication skills — able to produce clear, legally accurate responses to individuals and regulators.
A calm, methodical approach to complaint handling and incident response, particularly under time pressure.
A relevant qualification (e.g. BCS Certificate in Data Protection, CIPP/E, or equivalent) is a plus.

Benefits

Comp & perks

**Hybrid — 2 days/week in London HQ**
**Everyday Flex** — greater flexibility over where and when you work
**25 days annual leave** — plus extra days for years of service
**Day off for volunteering & Digital detox day**
**Festive Closure** — business closed between Christmas and New Year
**Cycle to work and electric car schemes**
**Free Calm App membership**
**Enhanced Parental leave**
**Fertility Treatment Financial Support**
**Group Income Protection & private medical**
**Gym on-site in London**
**7.5% pension contribution by company**
**Discretionary annual bonus up to 10%** — of base salary
**Talent referral bonus up to £5K**

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

UK GDPRData Protection Act 2018PECRData Use and Access Act (DUAA)Data Subject Access Requests (DSARs)redactionRecord of Processing Activities (ROPA)Data Protection Impact Assessments (DPIAs)privacy compliancedata breach investigation

Soft Skills

empathylegal precisionstrong written communicationcalm approachmethodical approachcomplaint handlingincident responsepragmatic guidancebuilding data-conscious culturereducing human-error risk

Certifications

BCS Certificate in Data ProtectionCIPP/E