Data Protection Officer

💳 Capital on Tap was founded with the mission to help small business owners and make their lives easier. Today, we provide an all-in-one business credit card & spend management platform that helps business owners save time and money. Capital on Tap proudly serves over 200,000 businesses across the world and our goal is to help 1 million small businesses by 2030.

We are looking for an exceptional Data Protection Officer to join our FinTech in London. This is a strategic leadership role for someone who thrives on using cutting-edge technology and AI to transform data protection from a compliance function into a business enabler. You'll protect the company by finding innovative ways to achieve commercial goals while maintaining the highest standards of data protection compliance.

The ideal candidate will have deep expertise in UK data protection regulation, strong technical fluency, and take a pragmatic, problem-solving and a risk based approach that acts with urgency - because data protection processes must enable the business but never slow it down.

• →Strategic Leadership: Serve as the primary data protection authority (act as the designated DPO under Article 37 of the UK GDPR and UK data protection law), providing strategic guidance to senior leadership on privacy risks and opportunities across all business functions. 
• →Business Enablement: Work closely with Product, Engineering, Marketing, and Commercial teams to find compliant pathways for new initiatives, ensuring data protection accelerates rather than hinders business goals
• →Technology & Automation: Lead the implementation of state-of-the-art AI technologies and automation tools to streamline data protection activities, from DPIA automation to intelligent data discovery and rights fulfillment
• →Regulatory Compliance: Ensure full compliance with UK GDPR, DPA 2018, PECR, Data Use and Access Act (DUAA), CCPA/CPRA  and emerging regulations, while staying ahead of regulatory developments and their business implications
• →Risk Management: Conduct and oversee Data Protection Impact Assessments (DPIAs), manage data breach responses, and implement privacy-by-design principles across all technology platforms
• →Monitoring: Monitor and assess data processing activities to ensure ongoing compliance. Assessing the lawful basis for processing activities and ensuring appropriate documentation is in place. Maintain and regularly review the organisation’s Record of Processing Activities (ROPA) to ensure completeness and accuracy.
• →Stakeholder Management: Act as the primary contact point for regulators (ICO), work closely with internal and external legal counsel, and represent the company in privacy-related matters
• →Team Development: Build and lead a high-performing data protection team, fostering a culture of innovation, urgency, and business partnership
• →International Expansion: Support the company's US operations and international growth by navigating complex cross-border data transfer requirements and multi-jurisdictional compliance
• →Vendor Management: Lead privacy due diligence for third-party vendors and partnerships, ensuring contractual protections align with business risk appetite
• →Training & Culture: Drive privacy awareness across the organisation through targeted training programs and embed privacy considerations into business-as-usual processes

• Deep Regulatory Expertise: Comprehensive knowledge and hands-on experience with UK data protection regulations (GDPR, DPA 2018, PECR, DUAA), with the ability to interpret complex requirements and provide pragmatic business guidance
• FinTech/Tech Background: Proven experience in financial services or technology companies, understanding the unique privacy challenges of regulated financial products  (including an understanding of consumer duty and vulnerability) and high-growth tech environments. 
• Technical Fluency: Strong technical acumen with experience using data protection tools, privacy management platforms, and automation technologies to streamline compliance processes
• AI & Innovation: Experience with or strong willingness to adopt cutting-edge AI technologies for privacy operations, from automated risk assessments to intelligent data processing
• Problem-Solving Mindset: Pragmatic approach to complex privacy challenges, with a track record of finding creative solutions that balance compliance requirements with customer outcomes and business objectives
• Urgency & Business Focus: Demonstrated ability to work at pace in fast-moving environments, with a philosophy that compliance should enable rather than block business progress
• Leadership Experience: Proven ability to lead cross-functional initiatives, influence senior stakeholders, and build high-performing teams
• Strategic Thinking: Experience translating regulatory requirements into business strategy, with the ability to anticipate future privacy challenges and opportunities

• Professional Qualifications: A recognised data protection qualification such as IAPP’s CIPP/E, CIPM, CIPT, C-DPO, or a BCS Practitioners certificate in Data Protection.
• US Privacy Expertise: Knowledge of CCPA/CPRA, state-level US privacy laws, and experience managing multi-jurisdictional compliance programs
• Professional Qualifications: AIGP - A certified AI Governance Professional would be highly desirable. 
• Regulatory Relationships: Existing relationships with privacy regulators or experience managing regulatory inquiries
• International Experience: Experience with international data transfers, adequacy decisions, and global privacy frameworks
• Experience: Minimum of 2 years experience acting in a DPO capacity within a financial services or technology organisation. 

Diversity & Inclusion 🌈
We welcome, consider and encourage applications from anyone who shares our commitment to inclusivity. Join us in creating a space where authenticity thrives, and everyone can do their best work.

Great Work Deserves Great Perks
We try not to take ourselves too seriously (all the time) so we make sure our office is decked out with a pool table, arcade machine, beer tap, and a couple of office dogs thrown in for good measure. Check out our benefits:

🏥 Private Healthcare including dental and opticians services through Vitality
✈️ Worldwide travel insurance through Vitality
🎁 Anniversary Rewards (£250, £500, £750, 4-week fully paid sabbatical)
👛 Salary Sacrifice Pension Scheme up to 7% match
🏖️ 28 days holiday (plus bank holidays)
📖 Annual Learning and Wellbeing Budget
👪 Enhanced Parental Leave
🚲 Cycle to Work Scheme
🚂 Season Ticket Loan
💬 6 free therapy sessions per year
🐶 Dog Friendly Offices
🍫 Free drinks and snacks in our offices

Check out more of our benefits, values and mission here.

Interview Process 🤝
🤝 First stage: 30 minute intro and values call with Talent Partner (Video call)
🤝 Second stage: 60 minute technical interview with senior stakeholders (Video Call)
🤝 Final stage: 60 minute leadership and strategic thinking interview with executive team (In Person)

Other Useful Info
👍 Check out our 'Top Tips' for interviewing.
✔️ Keep updated on new job opportunities by following us on Linkedin.
📧 Email careers@capitalontap.com if you have any questions.

Excited to work here? Apply!
If you'd like to lead data protection innovation at one of Europe's fastest-growing FinTechs, then click apply and we will aim to get back to you within 3 working days.