Data Privacy Advisor

In the Crick's Legal Team.

Part of Crick Operations.

Key information

Job reference
£43,300 - £49,000 with benefits, subject to skills and experience
Application close date
07 December 2022, 23:59 GMT
Hours per week
36 (full time)
Posted 07 November 2022

Data Privacy Advisor

Reports to: Head of Legal (Corporate and Commercial)

This is a full time, permanent position on Crick terms and conditions of employment


Discoveries to change lives

The Francis Crick Institute is one of the world’s leading biomedical research institutes. You will help the Crick deliver its scientific mission in compliance with legal, charitable and regulatory requirements.

You will be part of the Crick’s Legal, Governance and Compliance team (also known as LGC).  We are a full-service function responsible for legal, contractual, regulatory, data protection and company secretarial matters. We provide commercial legal advice and transactional support for all parts of the Crick.  We oversee data privacy compliance jointly with the Information Technology team.  We also provide a full secretariat service to the boards and committees of the Crick and its subsidiaries.

This is a busy role in a friendly team where collegiality, professionalism and attention to detail are key. Working closely with the Data Protection Lead/Officer and Head of Legal, you will  manage and maintain a programme for compliance with regulation and help to embed a culture of learning and improved ways of working. You will also help deliver LGC’s strategy, working closely with legal and other colleagues to establish best practice and new ways of working. The work will be varied, reflecting the different types of relationships with commercial and academic organisations and our ambition for our legal operations to be best in class.

Key Responsibilities

These are the key areas. You may be asked to undertake other relevant tasks in line with organisational requirements:


  • Support the Data Protection Lead/Head of Legal to deliver a compliance roadmap, maintain the Crick’s privacy framework, update processes, monitor compliance and increase staff learning and awareness.
  • With ITO, co-chair the Data Governance Committee and work with key stakeholders to ensure continued embedding of data privacy considerations and increased expertise.
  • Maintain data privacy policies, processes and procedures in line with applicable legislation and the Crick’s needs. 
  • Monitor adherence and support an annual review and approval process.
  • Help to develop and promote ongoing learning and awareness of data privacy and other compliance topics.
  • Produce management information for relevant boards and committees.
  • Deputise for the Data Protection Lead/Officer as required.

As a subject-matter expert:

  • Be the key contact in LGC for data protection enquiries from across the Crick.
  • Provide advice and expertise on data privacy (eg DPA 2018, GDPR, PECR, FOI requests, privacy by design and by default, DPIAs, data incident investigation, DSAR management). 
  • Handle complex cases and review/draft/advise on privacy provisions across a wide range of operational and research contracts (eg supplier, collaboration and data sharing agreements).
  • Undertake and/or review DPIAs for key projects, DSARs, erasure and other rights requests and lead investigations into potential data breaches.
  • Ensure the Crick’s Register of Processing Activities is up to date by providing support and guidance to Crick teams to help them maintain their listings in the Crick’s ROPA.
  • Keep abreast of legal developments in data privacy and other compliance topics and related guidance issued by UK & Irish authorities.
  • Help to create and share contract templates, resources and other internal guidance and training to promote awareness and regulatory compliance.  Instruct external counsel.
  • Maintain internal register of laws and regulations applying to Crick and help to provide/procure advice on those, as required.
  • As a member of LGC, provide advice and support on projects and transactions, as required.

Key experience and competencies

The post holder should embody and demonstrate our core Crick values: bold, imaginative, open, dynamic and collegial, in addition to the following:

Essential knowledge, skills and experience

  • Graduate (or equivalent).
  • A commitment to the Crick’s vision and values.
  • A sound understanding of the legal and regulatory context in which the Crick operates, gained through experience.
  • A sound knowledge of legal and regulatory frameworks around data (eg DPA 2018, PECR (E-Privacy) and GDPR regulations), as well as related governance, best processes and practice.
  • Experience of supporting data protection compliance in practice (eg DSAR, DPIA, data security and breach management).
  • Ability to think strategically, plan and deliver projects. Ability to assess complex scenarios so as to give high-quality advice and identify pragmatic solutions.
  • Confident to challenge ways of doing things.
  • A strong commitment to organisational effectiveness. Ability to handle a varied workload, competing demands and tights deadlines in a fast-moving environment.  Methodical in approach and with an excellent attention to detail.
  • Good interpersonal skills (eg tact, integrity, confidentiality, patience). Ability to build personal credibility quickly and develop and maintain effective relationships, including working with people with differing perspectives and needs.
  • Communicates effectively in writing and in speech with a concise, compelling writing style and strong written accuracy. Ability to present complex information in clear and simple communications to all levels of the organisation. Good legal drafting skills.
  • Confident use of technology (eg Microsoft, document management platforms, Slack, ServiceNow & Trello etc) to promote awareness, share knowledge and support compliance.
  • Works effectively in a collegiate environment, consulting with colleagues to share expertise and ideas to deliver new outcomes. Flexible, motivated and resilient. Acts authentically and consistently, developes self-awareness by seeking feedback from others.
  • Confident in producing and delivering MI to senior management.


  • Completed the LLB or GDL.
  • Practitioner Certificate in Data Protection or relevant alternative
  • Experience of a legal/company secretarial department, ideally in a charity or academic environment.
  • Familiarity with company and charity governance; anti-bribery, and competition law.

Your working relationships:

  • Broad-base user group (scientific and non-scientific staff)
  • All Science teams - Group leaders, Scientists, STP leads, Translations, Grants, BRF and research administration staff.
  • All Operations teams - Sourcing, IT&S, Building Services, Public Engagement, Human Resources, Grants, Finance, Insurance and Philanthropy.