Public Services > Central Government

HMRC wants to hire new Data Protection leader to pilot GDPR compliance

Matteo Natalucci Published 21 November 2017

£118k role will be responsible for department’s data governance strategy, data quality & data protection


HM Revenue and Customs (HMRC) is looking for a Data Protection Officer (DPO) to help provide alignment and coverage across the organisation to comply with forthcoming EU General Data Protection Regulation (GDPR) activity as well as manage all aspects of GDPR across the department.

HMRC is one of the largest government departments and one of the UK’s biggest organisations. Almost every individual and business in the UK is a direct customer of HMRC, which collects around £540bn a year in revenue from 50m individual customers and 5m businesses across the UK.

According to the new role’s candidate pack , HMRC has embarked on a major transformation programme to redirect more of HMRC’s people and resources to compliance activities, modernising systems and reengineering processes to become more customer-orientated. HMRC are bringing 61,000 staff together from 170 to 13 modern offices across the country.

HMRC said that in response to the EU legislation regarding GDPR, the Information Commissioners Office (ICO) has proposed that GDPR should be implemented into UK Law to replace the Data Protection Act in order that data privacy regulations are harmonised across the EU by May 2018.

HRMC added in the vacancy note, “We believe GDPR cannot be a “one size fits all” approach and we require an individual with the passion and drive to continuously improve and influence key stakeholders within our organisation to adopt new processes and policies to meet the needs to be GDPR compliant.”

HRMC  went on, “Since exiting our IT outsourcing contract in June 2017 we are now able to fully understand our data, systems and processes and are working to ensure we (HMRC) are GDPR compliant and minimise any risk posed to an organisation the size of the HMRC.”

It then listed a series of potential data protection challenges it would need to tackle with the help of the new data protection leader.

  • We currently hold over 2.5bn pieces of data on individuals and businesses residing within the UK and how do we ensure we are compliant to GDPR legislation?
  • We recently moved 99m Tax & NI accounts from old legacy systems into a new virtualised service.
  • We interact over 2m individuals or business via our online Cha[t][bot and record these conversations to help prevent fraud, but how do we store these conversations and use the data?
  • We are currently leading the way in Government with the use of automation and how we hold data to enable the use of such technology.
  • Working with other Government organisations, how do we ensure that all data held and shared meets the GDPR legislation?

HMRC said it will be appointing the data protection officer (DPO) to be HMRC’s representative for all interaction with the regulator, the Information Commissioner’s Office (ICO). It said the DPO will report directly into the Executive Committee to provide assurance on HMRC’s implementation of and compliance to GDPR.

The new role is expected to provide alignment and coverage across the wider organisation on GDPR activity as well as manage all aspects of GDPR across HMRC, including resource requirements, implementation of best practices, procedures, tools, checklists, monitoring, metrics and reporting.

The DPO will also be responsible for delivering GDPR advice, leadership, and recommendations for operational solutions, including sustainability, auditability, measurement, metrics and reporting.  

The role will sit within the Cyber Security & Information Risks (CSIR) Directorate but will also report to HMRC’s Executive Committee (ExCom).

Jon Ashton, Director, Cyber Security & Information Risks and Head of Profession for Government Security, said, “I am looking for an inspirational leader who is up for the challenge of building and leading a new team to support the execution of HMRC’s GDPR obligations, drawing on resources from across the organisation and working with other DPOs in the public and private sector”.

Ashton added, “This is a demanding role with significant leadership and assurance responsibilities across the whole span of data protection and data privacy issues. This exciting high profile role is an opportunity to lead HMRC on its journey towards compliance with GDPR, working across HMRC and with the Information Commissioners Office, the UK’s regulatory authority for data protection”.

Applications close on December 15 with interviews scheduled to start in January 2018.

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.