With an incredible history dating back to 1875, Birmingham City Football Club is part of an exciting period of accelerated growth and modernisation, and is playing it’s part in once-in-a-generationopportunity to support the transformation of England’s second city as part of the Sports Quarter project.
With significant investment across our football, commercial, and community operations, we are rebuilding the Club for long-term success — on and off the pitch.
Birmingham City Football Club is seeking an experienced and forward-thinking Data Protection Officer (DPO) to lead the Club’s data protection strategy and ensure that all personal data is handled lawfully, securely and transparently.
You will oversee the full data lifecycle, from collection and processing to retention and deletion, and including handling data subject requests yourself, and you will embed a culture where the privacy of our fans, staff, players, and Directors, volunteers, key partners and the wider community is prioritised in everything we do.
Operating with independence and authority, you will support strategic and day-to-day decision-making, provide expert guidance across the club, and ensure robust, ongoing compliance with the UK GDPR, Data Protection Act 2018 and PECR, and. You will be the named DPO with the Information Commissioner’s Office (ICO).
Operating with independence, authority and expertise, you will guide the Club through its data protection obligations, support strategic decision-making, and ensure robust, ongoing compliance with the UK GDPR, Data Protection Act 2018, PECR and relevant guidance from the Information Commissioner’s Office (ICO).
This is a unique opportunity to shape how a modern football club manages, protects and uses data in a rapidly evolving regulatory landscape.
About the Role
As our Data Protection Officer, you will be the Club’s leading authority on data protection and privacy. You will have oversight of the entire data lifecycle — from collection and processing to retention and deletion — ensuring transparency, accountability and best practice at every stage.
You will work across all areas of the Club including football operations, Academy, commercial, matchday, IT, People, and community functions. You will offer practical, risk-balanced guidance that enables effective delivery while protecting the rights of individuals and the interests of the Club.
- Maintain an up-to-date ROPA, retention schedules, privacy notices and other governance records
- Develop and evolve the Club’s data protection framework, policies and procedures
- Embed data protection by design and by default into new systems, processes and initiatives
- Partner closely with Legal, IT Security, People and operational teams to ensure strong governance
Regulatory Guidance & Leadership
- Provide timely, risk-balanced advice on UK GDPR, DPA 2018 and PECR
- Act as the Club’s primary point of contact for all data protection matters
High-Risk Processing & Data Rights Management
- Lead a consistent approach to DPIAs and TIAs across all departments
- Manage DSARs and other subject rights, redaction protocols and defensible decision-making
- Maintain Records of Processing Activities (ROPA)
- Act as the Club’s primary contact for the ICO
Incident Management & Audit Assurance
- Coordinate responses to personal data incidents and privacy-related complaints
- Lead investigations and manage engagement with the ICO when required
- Conduct internal audits to assess compliance and drive continuous improvement
- Lead post-incident reviews and embed remedial actions
Third-Party & Supplier Risk Oversight
- Oversee third-party privacy risks, including vendors and technology providers such as ticketing partners, marketing systems, cloud services, scouting tools and performance-analysis platforms
- Advise the Board, senior leadership and departments on obligations, risks and best practice
- Routinely audit and maintain a register of all data held by the organisation and the appropriate retention policies applied to such data.
- Conduct privacy risk assessments and identify clear, pragmatic mitigation actions
- Provide specialist guidance on complex processing: international transfers, biometrics, CCTV, player analytics, sports science platforms and youth safeguarding data
- Support procurement and contract processes to ensure privacy requirements are clearly captured
- Translate legal requirements into accessible guidance, templates and checklists
- Deliver tailored training programmes across all business functions
- Promote a strong, proactive culture of data protection across all business functions, including Academy, matchday, football operations, medical, safeguarding, marketing, ticketing and commercial departments
- Experience in data protection, legal compliance, audit or risk management
- Expert knowledge of UK GDPR, DPA 2018 and PECR
- Proven ability to develop, implement and maintain privacy governance frameworks
- Strong understanding of privacy risk management and compliance standards
- Demonstrable experience working across departments and supporting change initiatives
- Strong project management, organisational and analytical skills
- Ability to operate independently, maintain impartiality and report to senior leadership
- Excellent written and verbal communication skills, with the ability to explain complex concepts to non-specialists
- Experience working within football or, the wider professional sports sector or similar industries.
- Familiarity with ISO 27001, ISO 27701 and ISO 31000, including audit readiness
- Play a critical role in protecting the data and privacy of our staff, players, supporters and partners
- Lead data protection strategy at a forward-thinking, ambitious football club
- Work across diverse departments and influence decision-making at every level
- Contribute to building a modern, secure, compliant data culture
Birmingham City FC is committed to safeguarding and promoting the welfare of children and young people. The safety and well-being of our players is our top priority, and we expect all staff to share this commitment. All successful applicants will be required to undergo a thorough background check and training in safeguarding as part of the recruitment process.
Birmingham City FC is an equal opportunities and Disability Confident employer. We welcome applications from all sectors of the community and assess candidates solely on merit, regardless of gender, race, age, nationality, disability, sexual orientation, political or religious belief, background, or family circumstances. We promote a diverse and inclusive environment and encourage all individuals to apply. If you need any adjustments to our recruitment or interview process, please inform us when applying.