Data Privacy and Security Professional

Job Description

Job Req ID: 59908

Posting Date: 23rd June 2026

Closing Date: 3rd Aug 2026

Location: London or Birmingham

About the role

The role of Data Privacy and Security Professional supports the Data Privacy and Information Architect and the strategy covering data handling and the use of policies, procedures, working practices to assist in raising awareness of compliance with legislation regulating all aspects of the storage, use and disclosure of personal data

This role requires 3 days in office & can be based in either Birmingham or London

Due to hiring manager annual leave, application updates will be from 4th Aug onwards with interviews scheduled in for the following weeks. Thank you for your understanding

What you’ll be doing

• Support delivery of GDPR-compliant data privacy practices across Corporate Units Digital, ensuring personal data is processed lawfully, fairly, and transparently.
• Review and support Privacy Impact Assessments (PIAs/DPIAs), identifying and mitigating privacy risks, with clear escalation of high-risk processing (e.g. AI, monitoring, cross-border transfers).
• Maintain oversight of data lifecycle management, including classification, retention, minimisation, and secure disposal in line with regulatory and BT policies.
• Provide guidance to stakeholders on controller vs processor roles, lawful basis, and appropriate governance controls.
• Review and challenge solutions to ensure privacy by design and default principles are embedded in systems, processes, and change initiatives.
• Support assurance activities by validating that data protection controls, contractual safeguards (e.g. DP clauses), and supplier obligations meet GDPR requirements.
• Identify and assess privacy risks (including colleague data risks), ensuring appropriate mitigation actions, audit trails, and evidence are in place.
• Collaborate with Legal, Security, Procurement, and global privacy teams to ensure consistent regulatory compliance across jurisdictions.
• Deliver clear, pragmatic privacy advice and communications to stakeholders, promoting awareness and accountability across the business.
• Contribute to continuous improvement of data governance frameworks, PIA processes, and privacy controls, ensuring audit readiness.

Essential Skills / Experience

• Strong understanding of Data Protection (GDPR / UK GDPR) – Strong understanding of data protection principles, lawful bases, data subject rights, international transfers, and accountability requirements.
• Experience supporting or delivering data protection and privacy compliance activities (e.g. DPIAs/PIAs, risk assessments, or governance reviews).
• Demonstrated ability to identify, assess, and manage privacy or data risks, including working through ambiguity and escalating where appropriate.
• Experience working with cross-functional stakeholders (e.g. Legal, Security, Procurement, Technology) to achieve compliant and practical outcomes.
• Communication Skills – Able to translate regulatory requirements into clear, business-friendly guidance and actionable outcomes.

Desirable Skills / Experience

• Professional Certification (e.g. CIPP/E) – Demonstrates recognised expertise in European data protection law and practical application within business environments.
• Privacy Risk Management – Ability to identify, assess, and articulate privacy risks, and define proportionate, defensible mitigation actions.
• Privacy by Design & DPIA Capability – Experience embedding privacy requirements into solutions and leading/supporting DPIAs for complex processing activities (including AI and monitoring use cases).
• Regulatory & Contractual Awareness – Understanding of data protection clauses, supplier risk, and the role of Procurement and Legal in ensuring compliant agreements.
• Stakeholder Engagement & Challenge – Confident in providing clear guidance and constructive challenge to business teams while maintaining strong working relationships.
• Data Governance & Lifecycle Management – Knowledge of data classification, retention, minimisation, and secure handling practices.
• Audit & Assurance Mindset – Ability to evidence compliance, support audit activities, and ensure decisions are documented, traceable, and defensible.
• Analytical & Problem-Solving Skills – Ability to interpret complex scenarios, resolve ambiguity, and escalate appropriately where governance decisions are required.
• Ability to challenge and influence business decisions constructively, ensuring alignment with regulatory and policy requirements.
• Track record of delivering outcomes in complex or unclear environments, balancing business needs with compliance obligations.
• Experience contributing to or operating within regulated environments, with an understanding of audit, assurance, and evidencing requirements.
• Strong experience in building effective working relationships and navigating organisational dynamics while maintaining professional integrity.
• Exposure to data governance practices, including data classification, retention, minimisation, and secure handling.

Our Package

• On target 10% on target bonus​
• BT Pension scheme, minimum 5% Employee contribution, BT contribution 10%​
• From January 2025, equal family leave: receive 18 weeks at full pay, 8 weeks at half pay and 26 weeks at the statutory rate. It’s for all parents, no matter how your family is made up.​
• Enhanced women’s health support: including help with menopause symptoms, cancer screenings, period care and more.​
• 25 days annual leave (not including bank holidays), increasing with service​
• 24/7 private virtual GP appointments for UK colleagues​
• 2 weeks carer’s leave ​
• World-class training and development opportunities​
• Option to join BT Shares Saving schemes.​

BT Group is the UK’s leading communications group and the holding company behind some of the country’s most recognised brands – including BT, EE, Openreach and Plusnet. Our purpose is as simple as it is ambitious: we connect for good. Our customers include consumers, small, medium and large businesses, public sector organisations and other communications providers.

BT Group’s role is about setting direction, unlocking value and creating the conditions for our brands and businesses to thrive.

Having come through the most capital-intensive phase of our fibre investment, our focus now is on what comes next – simplifying how we operate, using technology and AI to work smarter, and organising ourselves to serve customers better and grow sustainably. Group teams shape strategy, policy, brand, capital allocation and transformation, helping the whole organisation perform at its best.

We have a singular culture that unites all our people: we are customer-first challengers, who are committed, clear and connected. These behaviours unite us as one team to deliver for our colleagues, our customers, our stakeholders and the country. Joining BT Group means working at the heart of a business that matters to the UK, with the opportunity to shape decisions, influence outcomes and help set the future course of one of the country’s most important companies.