Job Specifications
OUR MISSION
To become the car-changing destination of choice. By combining technology, media and deep automotive expertise, we've turned how people buy, sell, advertise and lease cars on its head.
What started as a simple reviews site is now one of the largest online car-changing destinations in Europe. Last year alone we grew over 50% with nearly £3bn worth of cars bought on site, while £1.8bn of cars were listed for sale through our Sell My Car service.
In the last couple of years we have gone big and acquired both Carwow Leasey, a leasing broker and Autovia, creators of AutoExpress and Evo magazines, doubling our audience overnight. Together we now have one of the biggest YouTube channels in the world with almost 10m subscribers and over 1.1 billion annual views, while we sell 1.2 million print copies of our magazines and have an annual web content reach over 350million. We also launched our successful Sell My Car business in Germany. We are continually driving to make Carwow the go-to destination for people looking to change their car.
And we’re a long way from done!
LEGAL & COMPLIANCE @CARWOW
Our fantastic legal team has been compared to a set of high-performance tyres, enabling Carwow to drive and corner at high speeds whilst keeping Carwow firmly on the road in all conditions. As the business pushes forward with bold ambitions, the legal team’s purpose is clear: to drive Carwow’s growth with integrity and confidence and that’s where you come in!
YOUR MISSION
We are a platform who sits right in the middle between consumers and OEMs/Dealers in the car-changing journey. We sit on a gold mine of data and we want to commercialise it. As Senior Data Protection Manager at Carwow, you’ll play a pivotal role in enabling the business to grow and scale at pace with integrity. This is an exciting opportunity to develop your career at a complex high-growth data thirsty marketplace business.
We are looking for a Senior Data Protection Manager who wants to do more than just maintain a register and policies. This is a rare opportunity to join a high-performing legal function as our first dedicated privacy hire and be a strategic advisor to the business as it sharpens its privacy governance programme steering the business towards further growth and an exit.
We are not at "Day Zero" we currently have an external DPO, we have established policies, templates, a RoPA, and a risk register.
We need a tech-fluent practitioner who can bridge the gap between Legal and our Product, Engineering and Marketing Teams. You will have the mandate to lift the lid on our technology stack, validate our data flows, and build the practical mechanisms that keep our business safe and moving fast.
KEY RESPONSIBILITIES
Framework development: develop and maintain a comprehensive enterprise privacy governance framework, encompassing internal policies, ROPAs, privacy notices, risk registers, and retention schedules. This role ensures our documentation aligns with the actual tech stack and processing activities while leading efforts to remediate any identified discrepancies.
Culture & Training: create a strong internal perception of privacy as a "trust builder." Design and deliver role-specific training that is engaging, commercially relevant, and free of legal jargon.
Business Partnering: develop appropriate business partnering relationships across the Marketing and Media teams and across other parts of the business and proactively take steps to support their understanding of privacy matters and their compliance. Provide expert advice to senior management and support the General Counsel in updating the Company Executives as needed.
Breach response: play a key role in leading the investigation of data breaches and liaising with regulators as appropriate.
DPAs/DSAs: support the legal team to draft and negotiate appropriate DPAs and DSAs for commercial deals.
DSARs: set the business up to be able to respond to DSARs when necessary in the most streamlined and least disruptive manner.
Retail Media and Ad Tech: work on new commercial propositions looking to leverage our data for 3rd party audience targeting and segmentation helping us to answer DDQs and design safe data sharing mechanisms.
Corporate work: support the legal team in DD exercises for M&A and during funding exercises.
Technical Integration: work closely with Data and Insights/IT/Engineering/Product teams to embed "Privacy by Design" principles and to translate complex data processing activities into clear, risk-based language for the General Counsel, Executives and business stakeholders.
Operationalise Compliance: look for ways to integrate standard compliance process (e.g. DPIAs/LIAs/DPA/DSAs) into business workflows with an eye always on streamlined automation where possible.
Multi-Jurisdictional: support our businesses in the UK, Germany, Spain and Portugal.
KEY REQUIREMENTS
Passionate about the intersection of AI and privacy, focusing on how to safeguard the organizatio
About the Company
We’re Carwow. The car-changing experts for life-changing moments.
We get it. Changing your car’s a big deal, and it usually comes at a pretty big junction in your life. So whether you’re buying, selling, or (car) window shopping, we’ll give you total confidence in your choice.
You won’t find biassed reviews or shady interests here. Just honest opinions, clear prices, and a network of trusted dealers. No haggling. No stress. No costs. Just cruising.
That’s great news for dealers, too. With access to over 3 million custome...
Know more