Data Protection Assistant

Posted 9 hours 11 minutes ago by DfT Operator

Permanent
Full Time
Public Sector Jobs
London, United Kingdom
Job Description
Overview

Data Protection Assistant - (Maternity Cover 9 months)

About DFT Operator

DFTO is the government's public sector rail owning group. Its purpose is to bring all currently privately-owned train operators into public ownership in advance of the creation of Great British Railways in 2027 - and deliver improvements in the here and now by unifying and integrating train operations under common public ownership.

DFTO has over 23,000 employees, runs over 6,000 services a day and delivers over 450 million customer journeys across its networks every year. This accounts for 26% of total UK passenger journeys and 30% of passenger miles.

Major improvements are being delivered by DFTO train operators (TOCs) that are already under public ownership - these are LNER, Northern, TransPennine Express (TPE), Southeastern, South Western Railway (SWR) and c2C.

This is an incredibly exciting time to join DFTO as we transition previously privately owned train operators into public ownership and onward into Great British Railway, bringing track and train closer together.

Our journey is to deliver safe, secure and sustainable transport to everyone, everywhere. At the heart of this promise is improving journeys and providing customers with an excellent service, while supporting the industry to build a more passenger-focused railway.

Our vision is to unify and strengthen train operators under the DFTO banner. By working collaboratively, we aim to become industry-leading in safety, customer service, financial sustainability and operational performance.

Vacancy Details
  • Duration: 9 months maternity cover
  • Location: Hybrid
  • Salary: £30,242 pro rata
  • Reporting to: Group Data Protection Officer within legal
Primary Purpose of Job

To deliver day-to-day data protection services across DFTO's operating companies, taking responsibility for the complete handling of Data Subject Access Requests (DSARs) and other statutory rights requests from receipt to final response, in line with legal deadlines and quality standards. The role safeguards compliance by maintaining accurate local data protection records, supporting routine operational checks, and co-ordinating information gathering from multiple teams. Allocated to operating companies as required, the postholder ensures that processes are applied consistently, statutory obligations are met, and potential compliance risks are identified and escalated promptly.

Key Competencies
  • Applied knowledge of UK GDPR, DPA 2018, and information rights principles in day-to-day DSAR handling and local compliance activity, with a commitment to ongoing learning.
  • Strong organisational skills to manage multiple statutory requests and related compliance tasks to deadline.
  • Excellent attention to detail when reviewing and redacting personal data, ensuring accuracy and compliance with legal requirements.
  • Clear and professional written and verbal communication skills for internal and external audiences.
  • Competence in Microsoft 365 (Outlook, Excel, Word, SharePoint) and ability to use case management and redaction tools effectively.
  • Ability to work collaboratively with teams across different operating companies, building constructive relationships.
  • Discretion and professionalism when handling personal or sensitive information.
  • Adaptability to changing priorities and allocation to different operating companies based on business need
Key Responsibilities
  • Rights request delivery
    • Deliver the full DSAR process for allocated operating companies from receipt to completion, including logging, co-ordinating searches, collating results, redacting personal data, and issuing responses within statutory deadlines.
    • Process other rights requests (e.g. rectification, erasure, restriction) in line with legal requirements and DFTO procedures, escalating complex cases as required.
    • Maintain complete, auditable records of all requests and correspondence to demonstrate compliance.
  • Local compliance record-keeping
    • Maintain and update local Records of Processing Activities (ROPA), Information Asset Registers, and other operational compliance documentation to ensure accuracy and currency.
    • Align local records with DFTO templates and update promptly following organisational or process changes.
    • Gather and prepare evidence to support internal audits, inspections, and assurance reviews.
  • Operational liaison and co-ordination
    • Act as the local contact point for routine data protection queries, providing clear guidance within defined procedures and escalating more complex matters to the relevant Analyst or Group DPO.
    • Co-ordinate information gathering from local teams to support Data Protection Impact Assessments (DPIAs), Legitimate Interests Assessments (LIAs), and other compliance work led by the Group DPO or Analysts.
    • Maintain an organised and accessible local filing system to support efficient retrieval of compliance records and evidence.
  • Awareness and training support
    • Deliver short, locally tailored induction and refresher sessions using approved DFTO materials.
    • Track local completion rates for mandatory training and escalate non-compliance promptly.
  • Process improvement and flexibility
    • Identify recurring issues in request handling or records management and propose practical improvements to the relevant Analyst or Group DPO.
    • Work flexibly across different operating companies to meet operational priorities and statutory deadlines.
Knowledge, Skills, Experience & Technical Qualifications

Knowledge

  • Applied knowledge of UK GDPR, DPA 2018, and information rights principles in day-to-day DSAR handling and local compliance activity, with a commitment to ongoing learning.
  • Understanding of the statutory processes and practical requirements for fulfilling DSARs and handling sensitive personal data securely.

Skills

  • Strong organisational skills to manage multiple statutory requests and compliance tasks to deadline.
  • Excellent attention to detail when reviewing and redacting personal data, ensuring accuracy and compliance.
  • Clear and professional written and verbal communication skills for internal and external audiences.
  • Competence in Microsoft 365 (Outlook, Excel, Word, SharePoint) and ability to use case management and redaction tools effectively.

Experience

  • Experience in an administrative or compliance role involving the handling of sensitive or confidential information.
  • Prior experience with DSARs or similar statutory request processes is desirable.

Qualifications

  • No formal qualification required; relevant training in data protection or information governance is an advantage.
Benefits
  • Annual Leave: Starting at 25 days and rising to an additional day per year of service completed within the first 5 completed years up to a maximum of 5 additional (30 days)
  • DC Pension Scheme: 10% Employer contribution, 5% Employee contribution
  • Opportunities to learn and network across the wider industry

Additional Information

Contact: If you have any questions or require reasonable adjustments, please contact Dean Palmer.

About our people and the recruitment process - We're an inclusive employer of choice and we welcome applications from everyone! We encourage our colleagues to work flexibly, as we know traditional working patterns don't always fit. If you want to consider working flexibly, just let us know and we'll do our best to help and invest in your career with us, whilst you have a healthy work life balance.

Disclaimer: Candidates applying for this position on a secondment basis must inform their line manager prior to submitting their application. This is to ensure transparency and facilitate any necessary discussions regarding workload and responsibilities.