Data Protection and Privacy Manager

We are seeking an experienced Data Protection Manager to lead and continuously improve our GDPR and privacy framework across Go-Ahead London.

This role goes beyond compliance. You will act as a trusted adviser, auditor, and champion of privacy by design, ensuring personal data is handled lawfully, securely, and proportionately - while enabling the business to operate effectively.

You will work closely with senior leaders, depot teams, Group colleagues, and external partners, helping embed a strong data protection culture across a large, operationally complex organisation., * Lead GDPR compliance across Go-Ahead London, covering both paper and electronic records, systems, and behaviours.

• Conduct regular audits across depots and Head Office functions, providing clear, practical recommendations and reporting outcomes to senior leaders and the Board.
• Maintain oversight of personal data breaches, ensuring prompt notification, appropriate investigation, regulatory decision-making, and preventative action.
• Own and maintain the organisation's data map, data inventory, and records of processing activities, working closely with HR, IT, Finance, and Operations.
• Review and advise on Data Sharing Agreements and third-party processing arrangements, ensuring appropriate legal basis, safeguards, and contractual protections.
• Support Subject Access Requests and individual rights requests, ensuring responses are accurate, timely, and auditable.
• Provide expert advice on Data Protection Impact Assessments (DPIAs), supporting project teams to identify risk, mitigation, and lawful processing from the outset.
• Oversee GDPR training and awareness, working with HR and Learning teams to ensure completion, quality, and accurate recording.
• Act as a key liaison with Group Data Protection and Information Security colleagues, supporting continuous improvement in information security practices.
• Ensure GDPR-related policies, standards, and guidance remain current, practical, and aligned with legal and regulatory change.
• Provide clear, confident challenge to senior stakeholders where privacy or information risk is identified.
• Represent Go-Ahead London at internal and external GDPR / privacy forums as required.

Do you have experience in Public relations?, * Strong experience in data protection, privacy, or information governance within a complex organisation.

• A practical understanding of GDPR, data protection principles, and risk-based compliance.
• Excellent communication skills, with the confidence to influence and challenge constructively at all levels.
• Experience auditing systems, processes, and behaviours, with the ability to translate findings into improvement.
• The ability to work independently across multiple locations and manage competing priorities.
• A collaborative, approachable style with a clear focus on enabling the business to do the right thing.

Desirable:

• Experience working in regulated, operational, or multi-site environments.
• Exposure to information security, access controls, or assurance frameworks.
• Professional certification in data protection or privacy (e.g. IAPP, BCS) or equivalent experience.

• The opportunity to shape privacy standards in a complex, people-focused operation
• Flexible working arrangements to support work-life balance
• A collaborative, values-driven organisation committed to doing the right thing

Job Types: Full-time, Permanent

Pay: £50,000.00-£60,000.00 per year, * Company pension

• Employee discount
• Free or subsidised travel

Work authorisation:

• United Kingdom (required)

Go-Ahead London is the capital's largest bus operator, employing over 8,000 colleagues and operating around a quarter of London's iconic red bus network on behalf of Transport for London.