DPO-Share Service

Data Protection Analyst Vacancy  


Highlands & Islands 

Salary  –  circa £24K- £32k per annum


HEFESTIS has established a successful Data Protection Officer (DPO) Shared Service, which is currently expanding and comprises seven DPO’s who serve a large proportion of Further and Higher Education institutions across Scotland. The Data Protection Team operate virtually, providing a peer network of support, with many years of experience from a variety of backgrounds. This allows individuals to grow professionally as well as providing an effective and resilient resource for our members.

The role

We are looking to recruit a Data Protection Analyst to meet the needs of one of our member institutions. You will be an efficient Administrator who has strong stakeholder engagement skills, excellent attention to detail and a passion for data protection and compliance. You will work closely with an experienced HEFESTIS DPO with a reporting line to an appropriate member of the senior management team at the Member institution as well as to the HEFESTIS Head of Service. You will be expected to work from home, providing on-site support where needed and as current government guidance and advice allows.

In this role you will be responsible for ensuring the day-to-day administration of data protection across the institution, from co-ordinating, collating and recording of data subject requests, maintaining data incident and breach logs, redaction of documents prior to release and acting as an ambassador for compliance with data protection policies and procedures.

This role offers the benefits of being part of a knowledgeable, experienced, and well-respected data protection team while working directly with one of our DPO’s providing opportunities for on-the-job learning and development.

The key aspects of this role include but are not limited to:

  • Support staff to fulfil and respond to data subject rights requests including subject access requests (SAR’s) in a timely and appropriate manner.
  • Maintain data protection records, including logs for SARs and other Data Subject Requests, Data Security Incidents/Breaches, Data Protection Impact Assessments and FOISA.
  • To ensure compliance with policies, processes, and procedures throughout the organisation with day-to-day management of the data protection regime.
  • Engage with key stakeholders and promote data protection best practice and a culture of compliance across the institution. This will include support to different departments, under the direction of the DPO or Institutional lead.
  • Support the DPO to respond to day-to-day requests for advice from across the institutions and provide timely and accurate responses.
  • Support the DPO and institutions with any investigations resulting from data incidents or breaches, collecting, and analysing information, making recommendations, and supporting remediation as required.
  • Assist the DPO to maintain a scheduled program of work to ensure compliance with all regular data protection activity, including but not limited to reviewing policies, processes, procedures and Privacy Notices, supporting staff to complete and contributing to Data Protection Impact Assessments (DPIA’s), Legitimate Interest Assessments (LIA’s) and Record of Processing Activity (ROPA).
  • Participate in audit and compliance activities to identify areas requiring improvement and highlight good practice.
  • Providing support responding to Freedom of Information requests (FOISAs).

The Person

This role would suit someone who already has experience in a compliance analyst role or with a data protection administration background. You should be highly organised, reliable, motivated, and looking to pursue a career in data protection compliance. The post holder must be able to work as part of the HEFESTIS Data Protection Share Service, engaging with the team regularly. In addition to this, you must be able to cooperate and gain the trust and respect of staff at all levels within your institution as well as other stakeholders.

As such, candidates will be required to demonstrate capability and experience in a significant number of the following areas:

Experience and Skills:

  • Experience of data protection administration including subject access requests and maintaining records is essential.
  • A strong background in data protection, information governance or records management is essential, preferably with a recognised qualification.
  • Experience of engaging with and managing stakeholders.
  • A genuine passion for data protection.
  • Experience of participating in audits and compliance activity would be beneficial.
  • An understanding of the Higher and Further Education sector would be beneficial although not essential.
  • Experience of working in or with the public sector.


  • Excellent verbal and written communication skills.  
  • Highly organised.
  • Attention to detail.
  • Sound judgement.
  • Ability to establish and maintain a high degree of confidentiality.


  • Competitive Salary: £24,000 – £32,000 per annum.
  • Annual leave: 26 days annual leave plus 14 fixed/floating days per annum
  • Benefits:  Membership of the company pension scheme, access to the company benefits suite including cycle-to-work scheme, and gym discounts.

How to Apply

Deadline for applications is 5pm on Thursday 30th September.  Applications should be made by forwarding your CV (two pages maximum) with a one page covering letter outlining why you would like to work for HEFESTIS, noting your current salary level and notice period to jobs@hefestis.ac.uk.

Interviews will likely be held virtually via Microsoft Teams.