Data Protection Officer

Birmingham City Football Club is on the rise.

With an incredible history dating back to 1875, Birmingham City Football Club is part of an exciting period of accelerated growth and modernisation, and​is playing it's part in once-in-a-generation​opportunity to support the transformation of England's second city as part of the Sports Quarter project.​​

With significant investment across our football, commercial, and community operations, we are rebuilding the Club for long-term success — on and off the pitch.​

​

Birmingham City Football Club is seeking an experienced and forward-thinking Data Protection Officer (DPO) to lead the Club's data protection strategy and ensure that all personal data is handled lawfully, securely and transparently. This is a pivotal role in safeguarding the privacy of our supporters, staff, players and wider community, and in embedding a culture of trust, compliance and accountability across the organisation.

​

Operating with independence, authority and expertise, you will guide the Club through its data protection obligations, support strategic decision-making, and ensure robust, ongoing compliance with the UK GDPR, Data Protection Act 2018, PECR and relevant guidance from the Information Commissioner's Office (ICO).

​

This is a unique opportunity to shape how a modern football club manages, protects and uses data in a rapidly evolving regulatory landscape.

​

​

About the Role

As our Data Protection Officer, you will be the Club's leading authority on data protection and privacy. You will have oversight of the entire data lifecycle — from collection and processing to retention and deletion — ensuring transparency, accountability and best practice at every stage.

You will work across all areas of the Club including football operations, Academy, commercial, matchday, IT, People, and community functions. You will offer practical, risk-balanced guidance that enables effective delivery while protecting the rights of individuals and the interests of the Club.

​

Key Responsibilities

​

1. Policy, Governance & Data Protection Framework

• Maintain an up-to-date ROPA, retention schedules, privacy notices and other governance records
• Develop and evolve the Club's data protection framework, policies and procedures
• Embed data protection by design and by default into new systems, processes and initiatives
• Partner closely with Legal, IT Security, People and operational teams to ensure strong governance

​

2. Practice Leadership & Regulatory Assurance

​

Regulatory Guidance & Leadership

• Provide timely, risk-balanced advice on UK GDPR, DPA 2018 and PECR
• Act as the Club's primary point of contact for all data protection matters

​

High-Risk Processing & Data Rights Management

• Lead a consistent approach to DPIAs and TIAs across all departments
• Manage DSARs, redaction protocols and defensible decision-making
• Maintain Records of Processing Activities (ROPA)
• Act as the Club's primary contact for the ICO

​

Incident Management & Audit Assurance

• Coordinate responses to personal data incidents and privacy-related complaints
• Lead investigations and manage engagement with the ICO when required
• Conduct internal audits to assess compliance and drive continuous improvement
• Lead post-incident reviews and embed remedial actions

​

Third-Party & Supplier Risk Oversight

• Oversee third-party privacy risks, including vendors and technology providers such as ticketing partners, marketing systems, cloud services, scouting tools and performance-analysis platforms

​

3. Advisory & Risk Management

• Advise the Board, senior leadership and departments on obligations, risks and best practice
• Conduct privacy risk assessments and identify clear, pragmatic mitigation actions
• Provide specialist guidance on complex processing: international transfers, biometrics, CCTV, player analytics, sports science platforms and youth safeguarding data
• Support procurement and contract processes to ensure privacy requirements are clearly captured

​

4. Training, Awareness & Culture Building

• Translate legal requirements into accessible guidance, templates and checklists
• Deliver tailored training programmes across all business functions
• Promote a strong culture of proactive data protection across the Club

​

What we're looking for in you:

Required Qualifications & Experience

• Experience in data protection, legal compliance, audit or risk management
• Expert knowledge of UK GDPR, DPA 2018 and PECR
• Proven ability to develop, implement and maintain privacy governance frameworks
• Strong understanding of privacy risk management and compliance standards
• Demonstrable experience working across departments and supporting change initiatives
• Strong project management, organisational and analytical skills
• Ability to operate independently, maintain impartiality and report to senior leadership
• Excellent written and verbal communication skills, with the ability to explain complex concepts to non-specialists

​

Desired Experience

• Experience within professional football or the wider sports sector
• Familiarity with ISO 27001, ISO 27701 and ISO 31000, including audit readiness

​

Why Join Birmingham City FC?

• Play a critical role in protecting the data and privacy of our staff, players, supporters and partners
• Lead data protection strategy at a forward-thinking, ambitious football club
• Work across diverse departments and influence decision-making at every level
• Contribute to building a modern, secure, compliant data culture

​

Birmingham City FC is committed to safeguarding and promoting the welfare of children and young people. The safety and well-being of our players is our top priority, and we expect all staff to share this commitment. All successful applicants will be required to undergo a thorough background check and training in safeguarding as part of the recruitment process.​

​​

​Birmingham City FC is an equal opportunities and Disability Confident employer. We welcome applications from all sectors of the community and assess candidates solely on merit, regardless of gender, race, age, nationality, disability, sexual orientation, political or religious belief, background, or family circumstances. We promote a diverse and inclusive environment and encourage all individuals to apply. If you need any adjustments to our recruitment or interview process, please inform us when applying.

Job Types: Full-time, Permanent

Pay: £55,000.00-£70,000.00 per year

Benefits:

• Company pension
• On-site parking
• Sick pay

Work Location: In person