Skip to main content
Ref no:
Aberdeen, AB10
£35,000 - £41,000 per year pro rata
Contract Type:
Position Type:
Part Time
25 hours per week
Work From Home:

This position has expired.


HEFESTIS is a not-for-profit Shared Service organisation, jointly owned by member institutions across the University and College sector. It provides shared services to institutions and where applicable to sector owned bodies. Our core vision is "to be the shared service partner of choice for sustainably delivering information and change management services across the UK Further and Higher Education sectors".

HEFESTIS has established a successful Data Protection Officer (DPO) Shared Service, currently comprising nine Data Protection Officers who serve a large proportion of Further and Higher Education institutions across Scotland. Each Data Protection Officer fulfils the statutory obligations of the role for one or more institutions and/or associated bodies. The Data Protection Officers work virtually as a team, providing a peer network of support, with many years of experience across a variety of backgrounds. This allows individuals to grow professionally as well as providing an effective and resilient resource for our members.

The role

We are looking to recruit a Data Protection Officer for organisations in the north-east of Scotland. You will be the named Data Protection Officer, with a reporting line to an appropriate member of the senior management team at each institution as well as to the HEFESTIS Head of Service. You will be expected to work a hybrid pattern of on-site and remote working as agreed with clients and in-line with government guidance and advice.

This role will provide the opportunity to guide institutions so that data protection is well-managed, supporting compliance and best practice to protect the privacy rights of data subjects. This role offers the independence and responsibility of a Data Protection Officer as outlined under UKGDPR, with the benefits of being part of a knowledgeable, experienced, and well-respected team.

The key aspects of this role include but are not limited to:

  • Provide experience, expertise and guidance in data protection law including UKGDPR.
  • To review and periodically update each institution’s data protection policy and supporting procedures/guidance.
  • To have knowledge of case law and ICO regulatory action and disseminate this through recommending actions and issuing guidance.
  • To provide reports to senior management teams, compliance checks and audits.
  • To achieve a fundamental understanding of the sector, ensuring delivery of pragmatic, proportionate and workable guidance and support.
  • Participation in operational meetings and advising on the impact of regulations on institutions.
  • Raise awareness of data protection and provide training to institutional staff as required.
  • Tailor service delivery by considering each institution’s environment/circumstances.
  • Contextualise guidance in different functional areas within institutions, ensuring advice is consistent with that provided to other shared service members.
  • Support and develop data protection assessment tools and templates and share them across DPO-Share Service and/or utilise tools and templates developed by other DPOs in the Team to maximise efficiency across the service.
  • Undertake data security incident/breach investigations and report matters to senior management.
  • Cooperate with and act as a single point of contact for the ICO where appropriate.
  • Provide a central/single point of contact during an investigation (should an incident/breach impact more than one Member institution).
  • Available by phone for urgent enquiries (e.g. data incidents/breaches).
  • Use balanced judgement to prioritise and deal with competing demands.
  • Provide consistency of advice across institutions as part of the Service team.

The Person

The post holder must be able to work as part of the DPO-Share Service, engaging with and supporting the team to develop the service. In addition to this, you must be able to cooperate and gain the trust and respect of staff at all levels across your institutions as well as other stakeholders.

As such, candidates will be required to demonstrate capability and experience in a significant number of the following areas:

Experience and Skills

  • A detailed knowledge of data protection legislation, including UKGDPR and the Data Protection Act, is essential.
  • A strong background in data protection, information governance, legislation and/or policy development is essential, preferably with a recognised qualification.
  • A genuine passion for data protection.
  • Experience of conducting compliance audits would be beneficial.
  • An understanding of the Higher and Further Education sector would be beneficial although not essential.
  • Experience of working in or with the public sector.


  • Excellent verbal and written communication and presentation skills.
  • Analytical background with attention to detail.
  • Openness, transparency, and the ability to engender trust.
  • Self-assured and capable.
  •  Skills in negotiating and influencing, with the ability to identify common ground and solutions.
  • Demonstrable commitment to the Equality and Diversity in all aspects of the company’s operation.


  • Part-time (approx. 25 hours per week)
  • Competitive Salary: £35,000 – £41,000 per annum pro-rated for part-time hours
  • Annual leave: 26 days annual leave plus 14 fixed/floating days per annum pro-rated for part-time hours.
  • Benefits: Membership of the company pension scheme, access to the company benefits suite including cycle-to-work scheme, and gym discounts.

How to Apply

Applications should be made by forwarding your CV (two pages maximum) with a one page covering letter outlining why you would like to work for HEFESTIS, noting your current salary level and notice period to  Interviews will be held virtually via Microsoft Teams.