The successful candidate will have a passion for Data Governance and possess a thorough understanding and knowledge of UK and EU data compliance, controls and procedures as the role will be responsible for delivering the data governance requirements across the Charity including GDPR (General Data Protection Regulation) /DPA 2018 (Data Protection Act) and PECR (Privacy and Electronic Communications Regulation). Due to the high visibility of the role to both external regulatory bodies and internal stakeholders at all level, you should be able to demonstrate effective written and verbal communication skills. KEY ACCOUNTABILITIES: Ensure that the processing of personal data is compliant in line with the GDPR / DPA 2018 and PECR, following regulatory guidance Lead on the completion of ethics applications and data sharing agreements which allow us both share our data and use external data to accelerate our progress Lead on the development and training of teams across The Charity to ensure data governance policies and practices are embedded throughout the organisation Facilitate and promote the use of Data Protection Impact Assessments (DPIAs), Legitimate Interests Assessments (LIAs), Data Sharing Agreements (DSAs), confidentiality agreements and individual privacy notices, including the management of cookies. Offer practical privacy advice on innovative business initiatives, such as Generative AI, automation and personalisation. Draft internal policies, procedures and guidance materials while maintaining compliance documentation. Manage the DPO inbox, escalate issues as necessary and handle all data subject rights requests, while maintaining a master list for tracking purposes. Develop resources and conduct training sessions to improve understanding and application of data protection principles. Regularly update our knowledge library to ensure accessible resources and tools for data protection. Maintain the Information Asset Register, Record of Processing Activities (RoPA), and Data Retention Schedule to ensure that they are up-to-date and accurate. Support project planning and management to ensure best practice and legal frameworks including the code of fundraising practice and other regulations Oversee the management of medium and large-scale personal data incidents, including investigation, response, notification assessment and remediation. Ensure compliance with contracts through monitoring, auditing and risk assessment Develop and enhance controls and procedures regulatory frameworks evolve Ensure we continue to meet our high NHS data compliance standards Support the resolution of the challenges arising from cross-country data regulations as The Charity expands more globally The post holder will also; Contribute to achieving the objectives of The Brain Tumour Charity. Undertake any additional and ad hoc tasks as required. Participate in team meetings and other meetings as required. Monitor and evaluate activities and provide written reports. Represent The Charity at external events in a professional manner. Work within an equal opportunities framework. Adhere to all The Charity’s policies, procedures and working requirements. Work closely with the EDI team on initiatives related to data availability, transparency, accuracy and other data protection goals. Please note that the responsibilities listed are not exhaustive and this job description may be subject to change as the role evolves over time. The Brain Tumour Charity particularly encourages applications from minority ethnic groups and underrepresented communities.