Go back
UK Health Security Agency

Data Protection Advice Officer

The closing date is 11 August 2025

Apply for this job

Job summary

The Data Protection Advice Officer position is an exciting and multifaceted role that offers the chance to work with staff across UKHSA. You will work closely with the UKHSA's Data Protection Officer and Senior Data Protection Advisor to ensure personal information is processed in a manner that is lawful, proportionate and builds public trust.

Our work ranges from preparing for future health security threats, developing tools and insights on how to best protect against them, responding to health threats every day at local, national, and international level as well as building and investing in scientific and public health capabilities to protect the country's health now and in the future. We are in search of an individual with a sound knowledge of data protection rights and obligations under the UK General Data Protection Regulation and Data Protection Act and the ability to apply this knowledge, providing strong data protection advice in a-fast paced, technology rich environment.

Previous experience of advising on data protection matters is essential although this needn't have been in a government setting. Having worked in a regulatory, legal, or Cyber security environment is desirable but not a requirement.

Main duties of the job

  • The Data Protection Advice Officer will lead work to review UKHSA's Data Protection Policy and any supporting standards and processes which support it.
  • You will report to the Senior Data Protection Advisor (SEO) and work principally with them.
  • You will also liaise with the UKHSA Data Protection Officer, teams in the Information Management and Privacy division, as well as other teams to identify key requirements and changes, taking forward the development and implementation of UKHSA Data Protection Policy, governance, assurance, and guidance throughout UKHSA.
  • You will be responsible for the implementation of the Policy throughout UKHSA, leading on the review of legislative and policy requirements for assurance, engaging with other areas and key stakeholders to understand the business needs and the promotion of Data Protection Policy.
  • The Data Protection Advice Officer will support the development and delivery of data protection training needs to support the Data Protection Security Toolkit (Training Committee, responsible for training and delivery), to co-ordinate the work of this group and support delivery of training requirements to meet data protection and Information Governance (IG) requirements as required under the UK GDPR and other training requirements of that framework.

About us

We pride ourselves as being an employer of choice, where Everyone Matters promoting equality of opportunity to actively encourage applications from everyone, including groups currently underrepresented in our workforce.

UKHSA ethos is to be an inclusive organisation for all our staff and stakeholders. To create, nurture and sustain an inclusive culture, where differences drive innovative solutions to meet the needs of our workforce and wider communities. We do this through celebrating and protecting differences by removing barriers and promoting equity and equality of opportunity for all.

Please visit our careers site for more information https://gov.uk/ukhsa/careers

Details

Date posted

23 July 2025

Pay scheme

Other

Salary

£31,997 to £43,552 a year Per annum pro rata

Contract

Permanent

Working pattern

Full-time, Part-time, Job share, Flexible working

Reference number

919-JB-303594-EXT

Job locations

London, Birmingham, Leeds or Liverpool

London

E144PU


Job description

Job responsibilities

Responsibilities will include

  • ensure data protection initiatives or processing activities receive the data protection advice and comply with data protection law.
  • support the development and delivery of key data protection activities including policy review and development, advising, and ensuring supporting activities align with lawful data protection and IG requirements, as required under the UK GDPR.
  • ensure data protection advice is provided throughout the lifecycle of the activities and all relevant stakeholders are kept updated with progress, lessons learned and outputs.
  • coordinate outcomes from key data protection activity and data protection initiatives including support to the delivery of the DSPT Training Committee, providing feedback to key stakeholders to implement identified solutions to overcome any shortfalls.
  • develop network of SMEs across the Information Governance and Cyber functions within UKHSA, DHSC and the wider IG profession.
  • Other activities as required by business need.

Essential criteria:

  • a sound knowledge of data protection obligations under the UK GDPR legislation and Data Protection Act and ability to apply this knowledge and provide data protection advice inputting to the development of data protection guidance and policies.
  • good experience of collaborating with stakeholders; evidence of good communication skills, including building good working relationships
  • Good organisational skills and ability to prioritise work in a busy environment to meet work deadlines.
  • good understanding of Information Governance, key data protection principals and how these are applied in a project or non-project environment.
  • awareness of risk and processing risks within a data protection context
  • ability to promote diversity, inclusion and equality of opportunity, respecting differences.
  • experienced and competent in the use of MS Office applications (specifically Word, Excel and PowerPoint) and SharePoint.
  • ability to interpret legal requirements from GDPR legislation, to analyse and apply to advice requirements.

Desirable criteria:

  • Experience of working in a Regulatory, Legal or Cyber security environment.

Selection Process Details:

This vacancy is using Success Profiles and will assess your Behaviours

Stage 1: Application & Sift

Please note you will not be able to upload your CV. You must complete the application form in as much detail as possible. Please do not email us your CV.

You will be required to complete an application form. You will be assessed on the listed 8 essential criteria, and this will be in the form of a:

  • Application form (Employer/ Activity history section on the application)
  • 1250-word supporting statement.

This should outline how your skills, experience, and knowledge, provide evidence of your suitability for the role, with reference to the essential criteria.

The Application form and supporting statement will be marked together.

Longlisting: In the event of a large number of applications we will longlist into 3 piles of:

  • Meets all essential criteria these will be taken through to shortlisting
  • Meets some essential criteria
  • Meets no essential criteria

Shortlisting: In the event of a large number of applications we will shortlist on a sound knowledge of data protection obligations under the UK GDPR legislation and Data Protection Act and ability to apply this knowledge and provide data protection advice inputting to the development of data protection guidance and policies.

Desirable criteria may be used in the event of a large number of applications/large amount of successful candidates

If you are successful at this stage, you will progress to interview & assessment

Please do not exceed 1250 words. We will not consider any words over and above this number.

Feedback will not be provided at this stage.

Stage 2: Interview (success profiles)

You will be invited to a single remote interview.

Behaviours will be tested at interview.

The Behaviours tested during the interview stage will be:

  • Working Together
  • Delivering at Pace
  • Changing and Improving (lead behaviour)
  • Communicating and Influencing

Interviews will be held week commencing 1st September 2025. Please note, these dates are subject to change.

Eligibility Criteria

External

Open to all external applicants (anyone) from outside the Civil Service (including by definition internal applicants).

Security Clearance Level Requirement

Successful candidates must pass a disclosure and barring security check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is Basic Personnel Security Standard

Location

Hybrid any Core HQ

This role is being offered as hybrid working based at any of our Core HQs. We offer great flexible working opportunities at UKHSA and operate using a hybrid working model where business needs allow. This provides us with greater flexibility about how and where we work, to get the best from our workforce. As a hybrid worker, you will be expected to spend a minimum of 60% of your contractual working hours (approximately 3 days a week pro rata, (averaged over a month) working at one of UKHSA's core HQs (Birmingham, Leeds, Liverpool, and London).

Our core HQ offices are modern and newly refurbished with excellent city centre transport link and benefit from benefit from co-location with other government departments such as the Department for Health and Social Care (DHSC).

Job description

Job responsibilities

Responsibilities will include

  • ensure data protection initiatives or processing activities receive the data protection advice and comply with data protection law.
  • support the development and delivery of key data protection activities including policy review and development, advising, and ensuring supporting activities align with lawful data protection and IG requirements, as required under the UK GDPR.
  • ensure data protection advice is provided throughout the lifecycle of the activities and all relevant stakeholders are kept updated with progress, lessons learned and outputs.
  • coordinate outcomes from key data protection activity and data protection initiatives including support to the delivery of the DSPT Training Committee, providing feedback to key stakeholders to implement identified solutions to overcome any shortfalls.
  • develop network of SMEs across the Information Governance and Cyber functions within UKHSA, DHSC and the wider IG profession.
  • Other activities as required by business need.

Essential criteria:

  • a sound knowledge of data protection obligations under the UK GDPR legislation and Data Protection Act and ability to apply this knowledge and provide data protection advice inputting to the development of data protection guidance and policies.
  • good experience of collaborating with stakeholders; evidence of good communication skills, including building good working relationships
  • Good organisational skills and ability to prioritise work in a busy environment to meet work deadlines.
  • good understanding of Information Governance, key data protection principals and how these are applied in a project or non-project environment.
  • awareness of risk and processing risks within a data protection context
  • ability to promote diversity, inclusion and equality of opportunity, respecting differences.
  • experienced and competent in the use of MS Office applications (specifically Word, Excel and PowerPoint) and SharePoint.
  • ability to interpret legal requirements from GDPR legislation, to analyse and apply to advice requirements.

Desirable criteria:

  • Experience of working in a Regulatory, Legal or Cyber security environment.

Selection Process Details:

This vacancy is using Success Profiles and will assess your Behaviours

Stage 1: Application & Sift

Please note you will not be able to upload your CV. You must complete the application form in as much detail as possible. Please do not email us your CV.

You will be required to complete an application form. You will be assessed on the listed 8 essential criteria, and this will be in the form of a:

  • Application form (Employer/ Activity history section on the application)
  • 1250-word supporting statement.

This should outline how your skills, experience, and knowledge, provide evidence of your suitability for the role, with reference to the essential criteria.

The Application form and supporting statement will be marked together.

Longlisting: In the event of a large number of applications we will longlist into 3 piles of:

  • Meets all essential criteria these will be taken through to shortlisting
  • Meets some essential criteria
  • Meets no essential criteria

Shortlisting: In the event of a large number of applications we will shortlist on a sound knowledge of data protection obligations under the UK GDPR legislation and Data Protection Act and ability to apply this knowledge and provide data protection advice inputting to the development of data protection guidance and policies.

Desirable criteria may be used in the event of a large number of applications/large amount of successful candidates

If you are successful at this stage, you will progress to interview & assessment

Please do not exceed 1250 words. We will not consider any words over and above this number.

Feedback will not be provided at this stage.

Stage 2: Interview (success profiles)

You will be invited to a single remote interview.

Behaviours will be tested at interview.

The Behaviours tested during the interview stage will be:

  • Working Together
  • Delivering at Pace
  • Changing and Improving (lead behaviour)
  • Communicating and Influencing

Interviews will be held week commencing 1st September 2025. Please note, these dates are subject to change.

Eligibility Criteria

External

Open to all external applicants (anyone) from outside the Civil Service (including by definition internal applicants).

Security Clearance Level Requirement

Successful candidates must pass a disclosure and barring security check.

Successful candidates must meet the security requirements before they can be appointed. The level of security needed is Basic Personnel Security Standard

Location

Hybrid any Core HQ

This role is being offered as hybrid working based at any of our Core HQs. We offer great flexible working opportunities at UKHSA and operate using a hybrid working model where business needs allow. This provides us with greater flexibility about how and where we work, to get the best from our workforce. As a hybrid worker, you will be expected to spend a minimum of 60% of your contractual working hours (approximately 3 days a week pro rata, (averaged over a month) working at one of UKHSA's core HQs (Birmingham, Leeds, Liverpool, and London).

Our core HQ offices are modern and newly refurbished with excellent city centre transport link and benefit from benefit from co-location with other government departments such as the Department for Health and Social Care (DHSC).

Person Specification

Application form and supporting statement

Essential

  • Application form and supporting statement

Behaviours

Essential

  • Changing and Improving (lead behaviour)
  • Working Together
  • Delivering at Pace
  • Communicating and Influencing
Person Specification

Application form and supporting statement

Essential

  • Application form and supporting statement

Behaviours

Essential

  • Changing and Improving (lead behaviour)
  • Working Together
  • Delivering at Pace
  • Communicating and Influencing

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

UK Health Security Agency

Address

London, Birmingham, Leeds or Liverpool

London

E144PU


Employer's website

https://www.gov.uk/government/organisations/uk-health-security-agency (Opens in a new tab)

Employer details

Employer name

UK Health Security Agency

Address

London, Birmingham, Leeds or Liverpool

London

E144PU


Employer's website

https://www.gov.uk/government/organisations/uk-health-security-agency (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Recruitment Team

Recruitment Team

recruitment@ukhsa.gov.uk

Details

Date posted

23 July 2025

Pay scheme

Other

Salary

£31,997 to £43,552 a year Per annum pro rata

Contract

Permanent

Working pattern

Full-time, Part-time, Job share, Flexible working

Reference number

919-JB-303594-EXT

Job locations

London, Birmingham, Leeds or Liverpool

London

E144PU


Supporting documents

Privacy notice

UK Health Security Agency's privacy notice (opens in a new tab)