Data Privacy Manager

Data Privacy Manager

Application Deadline: 22 March 2025

Department: Data Privacy

Employment Type: Permanent - Full Time

Location: Poole - Head Office

Compensation: £45,000 - £65,000 / year

Description

Diversity matters We are building a brand that represents the people of the world. It’s what you do that counts, and we are always looking to expand perspectives and voices to shape our future. 
We see you, we celebrate you, we want you!
Who we are
You might know us as the inventors of the bath bomb, but there’s more to this great-smelling, partly employee-owned, family-run company than pioneering cosmetics. We believe our business should put more back into the world than it takes and demonstrate that capitalism can be a force for good.

The Living Wage Foundation’s statement 'a hard day's work deserves a fair day's pay' is one that we are proud to commit to in the UK. As an accredited Living Wage employer, we put our people first and fight cruel practices like animal testing, promote regeneration, and show that it is what’s inside that counts - whether that’s an ingredient in a product, or the minerals in a smartphone.

Purpose: With overall responsibility for the team, this role would provide leadership, management, and direction. Your deep understanding of data protection principles and practices combined with strong people management skills would ensure alignment with business objectives and a motivated, dynamic team.
Team:The Data Privacy team is a highly efficient and dedicated team working globally to support the ethical management of data throughout the business. In this role, you'll be leading a team of 6 talented individuals spread across the UK & Ireland, Germany, and Canada. Fostering strong communication and collaboration within this diverse team is essential. It’s important for the team to stay connected, informed and aligned globally to ensure consistent and effective data privacy practices across all regions.
Please note: We may close this vacancy early if we receive an overwhelming response or our business requirements change.

Key Responsibilities

• Review, maintain, and continuously improve the Lush data privacy framework.
• Conduct regular risk assessments to identify, analyse, and evaluate data privacy risks and processing activities within the organisation.
• Oversee the implementation and maintenance of data protection policies, procedures, and guidelines in line with global regulations (e.g., GDPR, PECR, CCPA, etc.).
• Ensure compliance with data subject rights (e.g., access, rectification, erasure, etc.).
• Provide expert advice and guidance on data protection matters whilst staying up to date with evolving data protection legislation and regulatory guidance.
• Work closely with key stakeholders across departments (e.g., Legal, IT & Security, Health & Safety, Leadership, Third-Party Service Providers) to integrate data privacy into business processes and engage leadership on strategic data protection practices.
• Develop and implement remediation plans to address identified risks found in audits.
• Manage data breach response plans and procedures, including investigation and notification requirements.
• Liaise with external data protection authorities and legal counsel as required.
• Raise awareness of data protection best practices across the organisation and develop training programmes for employees.
• Manage and mentor team members globally, holding regular check-ins, providing guidance and support, and fostering development, connectedness, and team wellbeing.
• Set clear goals, oversee performance management, and drive strategic initiatives that align with business objectives.
• Delegate and manage the workload of the team, ensuring clear objectives and accountability.
• Conduct regular 1:1s and performance reviews globally, providing feedback and development opportunities.
• Collaborate with stakeholders, optimise team workflows, and ensure operational excellence through continuous improvement.
• Act as a key liaison between departments, advocating for resources and representing the team in leadership discussions.
• Identify risks, manage change effectively, and cultivate an inclusive, high-performing team culture.
• When required, oversee the recruitment and onboarding of new team members.
• Promote a culture of data privacy and security across the business.

Skills, Knowledge and Expertise

• Strong strategic thinker with excellent problem-solving abilities and an analytical mindset to drive data-informed decision-making.
• Excellent communication and interpersonal skills, with the ability to collaborate effectively across departments and influence stakeholders.
• Proven leadership experience, including team management, coaching, and performance management to foster professional growth and high team engagement.
• Experience in strategic planning, process optimisation, and change management, with the ability to enhance workflow efficiency.
• Highly adaptable, able to work in a dynamic, fast-paced environment, managing multiple priorities effectively.
• Strong organisational skills with project management experience, ensuring operational excellence.
• Knowledge of data protection team functions and requirements, including an understanding of business applications.
• Strong knowledge and application of data protection legislation (e.g., GDPR, PECR, CCPA) to ensure business compliance.
• Legal understanding and experience is an advantage.
• CIPP/E, CIPP/M, or a similar data protection qualification is desirable.

Benefits

• 25 days holiday plus bank holidays
• *6 months’ full pay for parental leave (primary caregiver)
• *Enhanced paternity leave
• Bonus scheme
• Day off for weekday birthdays
• Holiday purchase scheme
• 50% discount on Lush products and spa treatments
• Cycle to work scheme
• Discounted rail and bus season tickets 
• Employee assistance programme
• *Financial childcare support on return to work
• We’re 10% Employee Owned - all colleagues play a role in protecting our ethics, our independence, contributing ideas for the future and share in the rewards of success when the company is doing well.
• Support groups, film nights, yoga, meditation sessions and much more

*qualifying period & hours required.

We believe that your information is yours and that it is Lush's responsibility to process your personal information in a secure, fair and accurate manner. Every individual processed by LUSH has certain rights over their data, which are detailed in our Privacy Notice here.