A day in the life

As a Data Protection Lead, you will play a key role in supporting our UK business by providing commercially focused data protection advice. You will guide teams and leaders to ensure compliance with data protection regulations while protecting customer data and enabling business growth.

You will lead the provision of data protection guidance, collaborating with business teams on strategic initiatives to ensure data protection requirements are embedded in all key processes. This role requires you to support business leaders in balancing regulatory compliance with operational efficiency and driving the implementation of a robust data protection framework.

Our UK business has undergone significant transformation over the past year. We’ve reshaped the Many Group by streamlining our UK operations and exiting the US market. We’ve stabilised our loss ratio, reset operations, and are nearly finished reorganising our Senior Leadership Team (SLT). With these foundations in place, we’re now focused on driving growth in the 2025/26 financial year. The Risk and Compliance team plays a vital role in enabling this growth by providing high-quality, agile, and commercially focused risk oversight and regulatory guidance.

Reporting directly to the Group Head of Risk and Compliance, this is an opportunity to work at the intersection of regulatory compliance and innovation, ensuring ManyPets continues to grow while protecting the data of our customers.

Your responsibilities

• Foster a culture of privacy awareness and robust controls across ManyPets.
• Develop and operate the data protection framework, helping business leaders identify, manage, and mitigate key risks.
• Provide proactive input into AI strategy and governance, advising on new tools and solutions, and representing Risk & Compliance at the AI Council.
• Ensure the data protection framework evolves with business changes and emerging risks.
• Own the DPIA process, driving cross-functional collaboration with Engineering, Data, and Legal teams.
• Support the Operations function in managing customer data, DSAR requests, and other rights requests.
• Ensure that customers are informed of their data rights and how their personal data is being used, promoting transparency and trust.
• Conduct regular risk assessments to identify potential vulnerabilities in data protection practices and work proactively to mitigate these risks.
• Develop and deliver data protection training and awareness activities across the organisation.
• Provide data protection reporting to boards, offering a high-quality, accurate view of the risk landscape.
• Offer timely, high-quality challenge and support to resolve breaches and control failures, strengthening the control environment and safeguarding customer and business outcomes.
• Collaborate with business stakeholders to ensure data protection is integrated into daily operations and growth initiatives.
• Work closely with IT and Security teams to align data protection with security protocols, ensuring that data is protected throughout its lifecycle.
• Leverage internal relationships to deliver actionable insights that manage data protection risk in a proportionate and pragmatic way while fostering innovation.
• Represent Risk & Compliance at governance forums, shaping projects and initiatives with a focus on pragmatic risk management and regulatory requirements.
• Build and maintain resilient relationships with external stakeholders, including partners, regulators, and auditors.
• Act as a key stakeholder in business change projects, advising on and mitigating data protection risks during implementation.
• Stay abreast of changes in data protection regulations (e.g., GDPR, UK Data Protection Act) and ensure that the organisation is consistently compliant with evolving legal requirements.
• Conduct regular internal audits to ensure data protection compliance and readiness for any external audits or assessments (e.g., by regulators or third parties).
• Lead by example, modelling company values and inspiring others to follow.

Your skills and experience

• You’re an established data protection professional with several years’ experience of data protection advice within a general insurer or intermediary.
• You have deep knowledge of the general insurance market and customer journey, particularly:
  • Data protection law and regulation
  • Risk reporting and MI skills
  • Supporting breach and issue resolution
• You are knowledgeable of applicable regulations for our industry, including the FCA landscape.
• You have a keen interest in technology with a focus on AI/ML and the operation of these within an insurance context.
• You’re able to assimilate a range of management data, compiling information into conclusions and actionable plans in a way that everyone can understand.
• You'll have an impeccable understanding of and English - written and verbal – and be able to write reports and updates with minimal support, in a clear and connected way.
• You’ll have a good understanding of insurance.
• We'd love it if you had a relevant degree, ICA diploma or certification however your commercial experience are just as valuable!

The interview process

This position has a three-step interview process, which will be held via Zoom.

• Stage 1 – an informal meeting with our People team. We’ll explain more about the role and how your experience matches up with what we need.
• Stage 2 – you’ll meet our Group Head of Risk and Compliance and our Legal Counsel. This will be a longer interview up to 90 minutes and we’ll ask you to complete a short presentation task. We’ll also ask you some competency and behavioural questions.
• Stage 3 – we may ask you to meet us again for a final round, if you or we feel it would be beneficial before we progress to an offer.

Smell good?

Apply for the Data Protection Manager opportunity.