Octopus Energy

Data Protection Manager – 6-9 Months FTC, Maternity Cover

Octopus Energy

contract

Posted on:

Location Type: Remote

Location: United Kingdom

Visit company website

Explore more

AI Apply
Apply

About the role

  • Compliance and Governance: Maintain and develop the company's data protection strategy, policies, procedure, and compliance framework in line with UK GDPR, the Data Protection Act 2018, and PECR.
  • Records and Risk Documentation: Lead and conduct Data Protection Impact Assessments (DPIAs), update our Records of Processing Activities (RoPA), conduct Legitimate Interest Assessments (LIAs) and any other expected activity records.
  • Subject Rights Management: Lead and conduct the end-to-end process for Data Subject Access Requests (SARs) and other data subject rights (e.g., erasure, rectification) in a timely and compliant manner.
  • Breach Management: Manage the company's data breach response plan, including investigation, reporting, remediation, and communication with the Information Commissioner's Office (ICO) and affected individuals where necessary.
  • Advisory: Act as the primary point of contact and subject matter expert for all data privacy matters, providing pragmatic advice to internal and external stakeholders, at all levels of the business.
  • Third-Party Risk: Conduct due diligence and manage data protection risks associated with third-party suppliers, including SaaS vendors, finance providers, vehicle dealerships, data brokers, and marketing partners.
  • Training and Awareness: Design and deliver engaging data protection training and awareness campaigns across the business to foster a strong privacy-aware culture.
  • Monitoring and Reporting: Monitor the evolving privacy regulatory landscape and report on the company's compliance posture and risk level.
  • ICO Liaison: Serve as a point of contact for the ICO and support the designated Data Protection Officer (DPO).

Requirements

  • A passion for Data Protection, Privacy and Information Security and an ability to explain these concepts in a clear and meaningful way to those who may not be familiar with them
  • Excellent understanding and practical experience of the principles/issues involved in Data Protection and compliance with UK GDPR legislation and the expectations of the ICO
  • Excellent understanding of the UK Data Protection Act 2018 and of the principles/issues involved in maintaining compliance
  • Forward-thinking, self-motivated and able to take responsibility for your own initiatives and drive them to implementation
  • Ability to work in a pressured environment while prioritising work in a considerate way
  • Supportive and reliable team member, with excellent attention to detail
  • Awareness of Information Security principles and requirements for ISO27001 compliance would be valuable
  • Any knowledge of the FCA or experience in the financial services industry would be valuable
Benefits
  • Don't feel like you meet all of our hiring criteria? thats OK, apply anyway! we'd love to hear from you and have a conversation.
  • Octopus Electric Vehicles, part of the Octopus Energy Group, won the Sunday Times best company to work for in 2024. We were named 6th out of the top 100 start-ups to work for by Tempo in 2025 and on Glassdoor we were voted 50 best places to work in 2022. Our Group CEO, Greg has recorded a podcast about our culture and how we empower our people
  • Wondering what the salary for this role is? Just ask us! On a call with one of our recruiters it's something we always cover as we genuinely want to match your experience with the correct salary. The reason why we don't advertise is because we honestly have a degree of flexibility and would never want salary to be a reason why someone doesn't apply to Octopus - what's more important to us is finding the right octofit!
  • Octopus Energy Group is a unique culture. An organisation where people learn, decide, and build quicker. Where people work with autonomy, alongside a wide range of amazing co-owners, on projects that break new ground. We want your hard work to be rewarded with perks you actually care about! Visit our perks hub - Octopus Employee Benefits
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Data Protection Impact Assessments (DPIAs)Records of Processing Activities (RoPA)Legitimate Interest Assessments (LIAs)Data Subject Access Requests (SARs)data breach responsedata protection strategycompliance frameworkUK GDPRData Protection Act 2018PECR
Soft Skills
communicationself-motivatedattention to detailteam collaborationproblem-solvinginitiativeadaptabilitypressure managementstakeholder engagementtraining delivery