Do you have hands?on experience managing DSARs or other rights?based data protection requests under the UK GDPR?
Are you confident in reviewing, collating, and redacting large volumes of sensitive information accurately and within statutory deadlines?
The Opportunity
As part of an expanding data protection function, this opportunity has arisen due to increased demand for DSAR expertise and enhanced organisational commitment to GDPR compliance. You’ll join a forward?thinking team that values accuracy, fairness, and the responsible handling of personal information. This role offers the chance to develop your knowledge of UK data protection law, work closely with multiple business areas, and act as a trusted guardian of data rights. If you're organised, meticulous and passionate about doing things the right way, this could be the perfect move for you.
Your duties and responsibilities will be:
Receive, log and track all incoming Data Subject Access Requests and associated rights requests (e.g., rectification, erasure, restriction, portability).
Validate requester identity and ensure each request meets legislative and organisational requirements.
Coordinate with internal teams to gather, review, and compile personal data from a variety of systems.
Review documents and apply appropriate redactions to protect third?party data or legally privileged information.
Prepare and issue responses within statutory timelines, ensuring accuracy, completeness and compliance.
Maintain detailed and auditable records of DSAR activities for reporting and governance purposes.
Support compliance audits, data protection reviews, and regulatory reporting where required.
Act as the first point of contact for DSAR?related queries and provide clear guidance to internal teams.
Contribute to the refinement of processes, templates, procedures, and automation opportunities within the DSAR workflow.
Support internal awareness activities relating to data protection and individual rights.
You will have the following qualifications & experience:
Strong understanding of the UK GDPR, Data Protection Act 2018 and data subject rights.
Excellent attention to detail with the ability to handle highly sensitive information confidentially.
Strong organisational skills with the ability to manage multiple cases in parallel.
Clear written and verbal communication skills.
Experience using document review and redaction tools.It’s great if you also have the following
Previous experience in data protection, compliance, legal, governance or information security.
Experience working in regulated sectors such as financial services, healthcare or the public sector.
Familiarity with e?Discovery systems or case management platforms.
Relevant certifications (e.g., GDPR Practitioner, CIPP/E, BCS Data Protection).
The setting for the role
This role sits within a dedicated data protection or compliance team that collaborates across the organisation. You’ll work closely with colleagues in IT, Legal, HR, and operational teams, ensuring DSARs are handled efficiently, securely and in line with statutory obligations. The environment is structured, process?driven and supportive, providing a great platform for developing specialist data protection expertise while contributing directly to organisational accountability and transparency.
Millbank Holdings Ltd is an equal opportunities employer committed to creating an inclusive and diverse workforce. We welcome applications from all suitably qualified individuals, regardless of background, and encourage candidates from underrepresented groups to apply.
We are proud to be a member of the Disability Confident Scheme, and we are committed to ensuring an accessible and supportive recruitment process for everyone. If you require any adjustments at any stage, please let us know and we’ll do our best to accommodate.
Millbank operates as both an Employment Agency and an Employment Business
