Legal and Data Protection Manager

Location: North West (hybrid working available) The Opportunity An established and operationally complex organisation is seeking a Legal & Data Protection Manager to provide practical, commercially focused legal and compliance support across a wide range of business activities. This is a hands‑on role combining commercial contracts, governance and data protection , offering real autonomy, visibility and stakeholder exposure. The successful candidate will act as a trusted internal adviser, embedding legal, contractual and GDPR best practice into day‑to‑day decision‑making.

Key Responsibilities Provide clear, pragmatic legal and compliance advice to procurement, projects and operational teams. Draft, review, amend and negotiate a broad range of commercial, supplier, framework and construction‑related contracts . Advise on risk allocation, liabilities and contractual disputes, including supplier challenges and claims.

Support governance frameworks and ensure policies and processes remain legally compliant and up to date. Embed UK GDPR requirements into commercial and operational activities. Manage the full lifecycle of Data Subject Access Requests (DSARs) .

Lead Data Protection Impact Assessments (DPIAs) and identify proportionate mitigation strategies. Oversee data breach investigations, documentation and remediation actions. Maintain privacy documentation including privacy notices, policies and retention schedules.

Liaise with external advisers, suppliers, contractors and public‑sector stakeholders where required. Line manage a Legal & Compliance Support Officer and contribute to data protection training across the business. About You You will be an experienced legal or compliance professional with a strong commercial mindset and the ability to balance legal risk with operational realities.

Key requirements include: Proven experience drafting and negotiating commercial contracts (exposure to construction contracts is desirable). Sound knowledge of compliance, governance and regulatory interpretation. Hands‑on experience delivering GDPR processes (DSARs, DPIAs, breach management and privacy documentation).

Ability to communicate complex legal issues clearly to non‑legal stakeholders. Strong organisational skills with the confidence to manage competing priorities. Comfortable working autonomously within an in‑house environment.

Desirable but not essential: Experience with NEC and/or JCT contract forms. Data protection qualifications (e.g. CIPP/E, CIPM).

Formal legal qualification (experience is valued over title). Why Apply? Competitive salary of £55k-£60k Superb benefits package, including a final salary pension Broad, integrated legal role covering contracts, compliance and data protection High visibility and influence across a large, operational organisation Opportunity to shape governance and compliance frameworks Hybrid working and long‑term stability