Data Protection Compliance Wizard – Thorntons

Data Protection Compliance Wizard

Flexible on site

Thorntons’ data protection team is made up of experts specializing in data, privacy and security and provides advice to a range of clients from small technology companies to large enterprises and public bodies on data protection matters. . We also offer fully outsourced Data Protection Officer services to our clients and, due to the growing demand for these services, we now have the option of a Data Protection Compliance Assistant joining the team. Our hybrid working approach allows for a mix of working from home and in the office. For this role, your base office can be one of our Thorntons offices

where every day is different

You will help the extended team work with clients across a wide range of industries, including technology, healthcare, research and development, retail, education, professional services and beyond. You will participate in data protection audits and data protection impact assessments, analyzing risks from a business perspective and making actionable recommendations. You will also help draft privacy notices, cookie notices and data protection policies; Research complex data protection issues and assist clients with freedom of information, subject access and all other data subject requests.

About you

You will be an experienced data protection professional or have experience working in a heavily regulated environment and a strong desire to develop an in-depth knowledge of data protection laws. The ideal candidate for this position will have a degree in law, information security or risk management or a CIPP qualification and/or experience in data protection or an information security compliance role. You must have a positive attitude, good teamwork skills and be confident to engage with customers. Excellent time management and organizational skills are essential. You will also have the ability to absorb and interpret detailed regulations, convey information clearly and succinctly, and the ability to balance risk with business considerations.

About Us

Thorntons is one of Scotland’s largest and most respected full-service law firms, working with a wide range of clients in the private, public and third sectors. The strength of our foundations and diversity combine with an innovative, people-centric approach, differentiating Thorntons from many other law firms and resulting in significant growth in recent years, with ambitious plans for future expansion. Throughout our expansion, we have focused on our customers, our colleagues and our communities, and people are at the heart of everything we do.

We are progressive and ambitious. Although we expect high standards from our employees, we recognize and appreciate the contribution they make to our business – and to our success. We see the whole person, not just the person in the workplace – and we recognize that our employees lead busy lives outside of work. It’s just common sense: do your best for our people and they’ll do their best for us. At Thorntons we pride ourselves on doing the right thing, and as two-time winners of the Scottish Business Insider Employer of the Year awards, you can see why our people choose and enjoy a career at Thorntons.


  • Monday to Friday, 9 a.m. to 5 p.m., 35 hours per week.


  • Competitive salary
  • Investment in training, development and career advancement opportunities
  • 25 days of vacation (increasing with seniority up to 30 days) plus 7 public holidays
  • Contributory pension scheme
  • Health Care Cash Plan
  • Corporate discounts
  • Cycling to work

Please apply online at or send a CV to people The deadline for submitting applications is Monday, May 23 at 9 a.m.

job description

Data Protection Compliance Wizard

Reports to: Partner and Director, Data Protection Services

This role within the Thorntons Data Protection team exists in response to the growing demand for data protection services. The role provides an opportunity for an experienced Data Protection Assistant to assist the extended team in working with a portfolio of corporate clients spread across a wide range of industries including technology, healthcare, R&D , retail, education, professional services and beyond. In addition to providing data protection services to our broader clients, the team provides standalone services such as DSR as a service, DPIA support, training and outsourced DPO service.

main responsibilities

  • Support the provision of data protection officer services and broader data protection support to corporate customers.
  • Support the Data Protection team in carrying out data protection audits of our clients’ compliance processes against the requirements of UK GDPR and the Data Protection Act 2018.
  • Analyze data protection risks and make practical recommendations to reduce and mitigate these risks.
  • Undertake data protection impact assessments with a commercial mindset and provide practical recommendations.
  • Write privacy notices, cookie notices and data protection policies.
  • Research complex data protection issues as needed by team members.
  • Assist clients in processing complex access to information requests, subject access requests, and all other data subject requests within required timelines.
  • Provide support to the Thorntons Risk and Compliance team in achieving their internal data protection compliance objectives.

Knowledge, skills and experience

The incumbent will possess the following knowledge, skills and experience:

  • Proactive data protection compliance professional, able to provide essential support to the data protection compliance team
  • Detailed understanding of the requirements of the UK General Data Protection Regulation and the Data Protection Act 2018
  • Degree in law, information security or risk management or CIPP qualification and/or experience in a data protection or information security compliance role.
  • Minimum of 3 years of experience in the field of data protection compliance.
  • Experience working in a regulated environment.
  • Excellent problem-solving skills – with the ability to pay close attention to detail.
  • Ability to quickly absorb and interpret detailed regulations and relay key points in simple, clear language.
  • Excellent interpersonal skills – confident engagement with clients.
  • Experience in providing training.
  • Pragmatic approach with sound judgment and the ability to balance risk and a wide range of business considerations.
  • Ability to work under tight deadlines and manage multiple projects simultaneously.
  • Excellent time management and organizational skills.
  • team player
  • Willingness to work to develop in-depth knowledge of data protection laws

Leave a Reply