Data Protection Officer
Who We Are
Founded in 1882, Tottenham Hotspur is an iconic English football club, playing in the Premier League and Women’s Super League. From North London to the world, our fanbase spans continents, cultures, and generations. Spurs is a club that’s always dared to push boundaries, breaking new ground and rewriting history.
We offer world-class facilities: In 2019, we opened our state-of-the-art Stadium, a £1 billion landmark that’s the beating heart of North Tottenham’s transformation. More than just a football ground, it’s an engine of change — creating 4,000 jobs and injecting £300 million into the local economy every year.
We’re at our brightest when we’re all together. Our Club, our teams, our community.
There is only one Hotspur. Tottenham Hotspur.
The Role:
We’re currently recruiting a Data Protection Officer within our Legal, Risk and Compliance team to help us take things to the next level and advise the business as to how we can maximise our use of data in all aspects of our business in a legally compliant manner.
Location:
Lilywhite House with occasional travel to the Training Centre.
Requirements for the Role
Implementing measures and a privacy governance framework to manage data use in compliance with the UK GDPR and other relevant legislation, including developing templates for data collection, advising on and assisting with data mapping and records of data processing, and vendor management reviews.
Managing and conducting ongoing reviews of the Club’s privacy governance framework, and regular and ad hoc reporting on data privacy compliance within the organisation: including (without limitation): (i) maintaining and regularly updating the Club’s Register of Processing Activities and supporting departments in identifying and documenting their processing activities; (ii) monitoring changes in data protection laws and regulations (UK, EU, and globally where relevant) and providing solution-focussed advice to the business to ensure compliance whilst achieving commercial objectives; (iii) developing and delivering tailored data protection training and awareness campaigns across the business.
Providing commercially-minded advice and guidance on data protection matters, contributing to strategic priorities and mitigation of privacy risks.
Drafting relevant policies and procedures – implementing and embedding those policies throughout the Club through training to ensure requirements are known and adopted across the business.
Working with key internal stakeholders in the review of day-to-day operations and specific projects relating to data processing to ensure compliance with data privacy laws, and where necessary, advising on and monitoring data protection privacy impact assessments.
Reviewing vendor contracts (including relevant standard contractual clauses for international data transfers) and other data processing and data sharing arrangements.
Investigating data breaches, including actions to be taken, assessing trends and implementing any necessary improvements.
Reporting to senior management, including the Club’s Audit and Risk Committee and Executive, on data protection matters as and when required.
Overseeing, implementing and undertaking the process by which the Club responds to data subject access requests.
Managing the Club’s relationship and correspondence with the ICO.
Liaising with counterparts at other organisations, where necessary/desirable to do so.
Collaborating with the Club’s IT and technology teams to assess any potential privacy implications of adopting new technologies, systems and/or platforms.
Supporting the Club’s commercial and digital innovation projects with privacy input.
MEASURES OF PERFORMANCE:
Drive and enthusiasm, with an ability to demonstrate pro-active ownership and management of tasks and projects through to completion.
Professional with strong technical abilities, including in the use of innovative technologies, and a willingness to continue developing.
Excellent inter-personal and team working skills, that inspire trust and confidence both within the Club’s legal team and amongst its internal clients.
An ability to effectively identify and manage issues and risks, delivering compliant solutions in novel environments. Adopting a positive ‘can do’ approach when seeking solutions.
Strong commercial acumen and an ability to deliver solution-focussed and pragmatic data protection advice.
Effectively manages time and competing demands, escalates and delegates work where appropriate. Keeps senior legal team members well informed of progress on matters.
Demonstrates a confident and persuasive communication style (verbal and written) which adapts to the audience and circumstances.
Takes pride in the provision of their work. Excellent attention to detail.
Ability to present and communicate complex information in a simple and compelling way.
Well-organised, with an ability to effectively manage competing demands in an extremely fast-paced environment.
What you will bring
Data Protection qualification such as CIPP/E, CIPT, CIPM, ISEB preferred but experience is more valuable than qualifications.
At least 8 years’ experience within a compliance, legal, audit and/or risk function with recent experience in a privacy compliance role in a comparable organisation (in terms of size and legal/regulatory obligations), but it is not necessary for this to be in the sports sector.
Strong knowledge of UK and European data privacy and data protection regulation, and a good understanding of other major privacy frameworks and evolving legislation worldwide.
Well-developed and professional interpersonal skills; ability to interact effectively with people at all organisational levels of the firm.
Strong change and project management skills, including the ability to manage time well, prioritise effectively and handle multiple deadlines.
Ability to undertake large, long-term projects, develop alternative methods to complete them and implement solutions.
Detail-oriented approach is needed to recommend and implement strategic improvements on a range of data privacy and data protection issues.
The Tottenham Hotspur Way
Is to push harder, rise higher and forge greater. We involve, inspire and elevate one another to be our best selves, to produce exceptional on and off the pitch. Every day brings us opportunities to improve and make the impossible, possible.
Our values that bind us:
Dream the impossible – Impossible made possible when we think outside the box.
DARE TO CHANGE THE GAME – Relentlessly strive for glory and leave our mark on the world.
DO IT OUR WAY – Win the right way, never at all costs.
Our Responsibility to you
Safeguarding is fundamental to the success in all that we do. Successful candidates are to be reminded they would be subject to various background, DBS, and reference checks for this role.
We welcome applications from anyone regardless of age, disability, gender, race, or ethnic and national origins, religion or belief, or sexual orientation.
How to Apply
LawInSport Recruitment has been retained as exclusive agents for this position. All unsolicited, third party introductions will be forwarded directly to our team.
To apply for this position please send a covering letter which makes clear how you meet the requirements for the role, and your updated CV to This email address is being protected from spambots. You need JavaScript enabled to view it., using the subject heading 3017 Tottenham Hotspur FC - Data Protection Officer.
All applications will be considered, however, please note that due to the large number we receive, we are unable to give individual feedback, and only shortlisted candidates will be contacted.