Job Description

The Welsh Ambulance Services NHS Trust is an ambitious and innovative organisation, with a strong digital, data and technology team looking for a Data Protection Compliance Manager to support us in delivering excellent care, improving outcomes, and enhancing the experience of our patients and staff all driven by the safe and lawful use of data and personal information.
This individual will work as part of our Information Governance team, contributing to exciting initiatives, ensuring privacy by design, and guiding development of the organisation's systems to be compliant with UK GDPR and the Data Protection Act.
Note: this is a predominantly 'home working' position, although occasional travel to a WAST site may be required.
Main duties of the job
The post holder will ensure that the Trust has a managed and coordinated approach to Data Protection and will be responsible for a wide range of projects and policy areas relating to the management and development of our Data Protection compliance framework.
You will utilise your highly specialist knowledge and skills to overseeing and audit the Trust's compliance with the NHS Wales Information Governance Toolkit, advise senior leaders and stakeholders on issues of compliance, and act as a point of contact for Data Protection queries and investigations internally and externally.
The ability to speak Welsh is desirable for this post; English and/or Welsh speakers are equally welcome to apply.
About us
#RemarkablePeople
Our workforce is made up of over 4,000 remarkable people who contribute to the delivery of world-class patient care across Wales, 24 hours a day, 365 days a year. Whether you work in a patient-facing role or within our range of support services, the work that you do enables us to provide high quality care, wherever and whenever we're needed.
The Trust recognises the need for its workforce to represent the diversity of the population it serves across the whole of Wales and seeks to create an environment where diversity is celebrated and inclusivity matters. We are also keen to break down any barriers into the Trust, and would encourage applications from under-represented groups, including those from Black, Asian and Minority Ethnic communities, LGBTQ+ communities and disability groups.
Careers within the Welsh Ambulance Services University NHS Trust are diverse and varied, with opportunities arising right across the service. Whatever your skills and background, you're sure to find a career with us which is fulfilling, challenging, and rewarding.
In line with the Trust's Starting Salary Procedure, all applicants will start at the bottom of the band for the position applied for, but can apply for a higher salary if they have previous experience relevant to the position.
Details
Date posted
19 December 2025
Pay scheme
Agenda for change
Band
Band 6
Salary
39,263 to 47,280 a year per annum
Contract
Permanent
Working pattern
Full-time, Home or remote working
Reference number
020-AC139-1225
Job locations
Hybrid working
home working or WAST base
NP44 3AB
Job description
Job responsibilities

• To monitor compliance with the GDPR and Trust policies, systems and processes against European and Member States Data Protection Law.
• Sufficient understanding of the processing operations carried out in the NHS, as well as the information systems and data security and data protection needs of the Trust.
• To execute the Trust work plan and departmental actions in place for the Trust to maintain compliance with GDPR.
• To collate evidence for demonstrating compliance with the NHS Wales IG Toolkit online self-assessment.
• To provide advice to the Trust and its employees on compliance obligations.
• To advise and undertake data protection impact assessments and to monitor their performance.
• The contact details of the data protection officer will be published on the Trusts privacy notices, that the post holder will be responsible for writing and publishing.
• To provide support, advice and assurance of compliance to the Information Governance Steering Group, a formal sub-committee and Trust Executive Directors when required.
• To support programmes of work from inception to ensure that data protection is addressed by default and in the design of new systems and information processes.
• To ensure that the teams within departments are appropriately trained and maintain their expertise and draft documentation / templates and processes in line with legislation.

You will be able to find a full Job description and Person Specification attached within the supporting documents or please click Apply now to view in Trac. Job description
Job responsibilities

• To monitor compliance with the GDPR and Trust policies, systems and processes against European and Member States Data Protection Law.
• Sufficient understanding of the processing operations carried out in the NHS, as well as the information systems and data security and data protection needs of the Trust.
• To execute the Trust work plan and departmental actions in place for the Trust to maintain compliance with GDPR.
• To collate evidence for demonstrating compliance with the NHS Wales IG Toolkit online self-assessment.
• To provide advice to the Trust and its employees on compliance obligations.
• To advise and undertake data protection impact assessments and to monitor their performance.
• The contact details of the data protection officer will be published on the Trusts privacy notices, that the post holder will be responsible for writing and publishing.
• To provide support, advice and assurance of compliance to the Information Governance Steering Group, a formal sub-committee and Trust Executive Directors when required.
• To support programmes of work from inception to ensure that data protection is addressed by default and in the design of new systems and information processes.
• To ensure that the teams within departments are appropriately trained and maintain their expertise and draft documentation / templates and processes in line with legislation.

You will be able to find a full Job description and Person Specification attached within the supporting documents or please click Apply now to view in Trac.
Person Specification
Qualifications
Essential

• Degree in relevant subject or equivalent experience
• Detailed specialist knowledge of GDPR & other legislation
• Evidence of ongoing professional development

Desirable

• Masters degree in an Information Management related field

Experience
Essential

• Experience working within a variety of regulatory and legislative frameworks
• Knowledge of and experience supporting NHS IG agenda, NHS systems, and challenges
• Ability to analyse and interpret highly complex information, present recommendations and identify solutions
• Experience in the investigation and management of incidents
• Experience using performance management and/or improvement methodology

Desirable

• Experience implementing IG related policies and procedures in a complex organisation

Person Specification
Qualifications
Essential

• Degree in relevant subject or equivalent experience
• Detailed specialist knowledge of GDPR & other legislation
• Evidence of ongoing professional development

Desirable

• Masters degree in an Information Management related field

Experience
Essential

• Experience working within a variety of regulatory and legislative frameworks
• Knowledge of and experience supporting NHS IG agenda, NHS systems, and challenges
• Ability to analyse and interpret highly complex information, present recommendations and identify solutions
• Experience in the investigation and management of incidents
• Experience using performance management and/or improvement methodology

Desirable

• Experience implementing IG related policies and procedures in a complex organisation

Skills Required