Data Protection and Compliance Support Officer (Zendesk)

Data Protection and Compliance Support Officer (Zendesk) Reporting to

Data Protection & Compliance Lead (day-to-day)
Data Protection Officer (formal oversight)

Hours

Part time (5 days per week - hours to be agreed)

To be discussed

Role Purpose

To support the delivery of Reform UK Party Ltd's data protection and compliance programme by acting as the first line handler of Subject Access Requests (SARs), data rights requests, complaints, and suppression requests through the Zendesk platform.

This role is central to ensuring the Party meets its legal obligations under the UK GDPR, Data Protection Act 2018, Data Use and Access Act 2025, and PECR 2003, while also supporting the rollout of a new public facing Compliance Portal and transparency framework.

You will play a key role in restoring and maintaining operational control, consistency, and audit readiness across all data protection interactions.

Key Responsibilities

• Act as the primary handler of inbound Zendesk tickets, including:
  • Subject Access Requests (SARs)
  • Data rectification and erasure requests
  • Objections to processing (Article 21)
  • Suppression ("do not contact") requests
  • General data protection enquiries and complaints
• Ensure all requests are:
  • Logged correctly
  • Categorised appropriately
  • Tracked against statutory deadlines (e.g. 30 days under UK GDPR Article 12)

Identity Verification & Intake Control

• Apply Article 12(6) UK GDPR identity verification requirements where necessary
• Ensure requests are valid before progressing
• Issue acknowledgements and manage intake communications using approved templates

Data Gathering & Internal Coordination

• Liaise with internal teams (Membership, Campaigns, IT, Legal, Treasury) to:
  • Identify whether personal data is held
  • Retrieve relevant datasets
  • Confirm data sources and processing purposes
• Track and chase internal responses against defined timelines (e.g. 10 to 15 day return targets)

Redaction & Disclosure Preparation for Legal

• Escalate to Legal / DPO for review, redaction and sign off prior to disclosure

Suppression & Data Rights Handling

• Maintain and update suppression records to ensure individuals do not receive further communications where requested
• Ensure suppression requests are correctly reflected across systems (e.g. Reform Pro, mailing workflows)
• Support transition to automated suppression via the Compliance Portal

Compliance Portal Integration (New Function)

• Support the rollout and operation of the Compliance Portal, including:
  • Processing requests submitted via online forms
  • Monitoring portal driven workflows
  • Ensuring alignment between portal submissions and Zendesk tickets
• Contribute to continuous improvement of user journeys and request handling

Record Keeping & Audit Readiness

• Maintain accurate records of:
  • Requests received
  • Actions taken
  • Deadlines and outcomes
• Support production of reports and metrics, including:
  • Volume and type of requests
  • Response times
  • Compliance performance indicators
• Ensure readiness for ICO engagement or audit scrutiny

Escalation & Risk Identification

• Identify and engage:
  • Complex or high risk requests
  • Potential data breaches or systemic issues
  • Repeated or vexatious request patterns
• Support implementation of improved processes where issues are identified

Person Specification

• Strong organisational and administrative skills
• High attention to detail and ability to handle sensitive information confidentially
• Clear written communication skills (professional and structured)
• Ability to follow defined processes and workflows
• Comfortable working with digital systems (Zendesk or similar ticketing platforms)
• Experience in:
  • Customer service or case handling roles
  • CRM or ticketing systems (e.g. Zendesk, Intercom)
• Understanding of:
  • UK GDPR principles and individual rights
  • Political campaigning or electoral processes

Key Behaviours

• Accuracy over speed - getting it right matters
• Calm under pressure - especially when handling complaints or high volumes
• Structured thinker - able to follow and apply processes consistently
• Discreet and professional - handling sensitive personal data appropriately
• Proactive - identifies issues and suggests improvements

Governance & Accountability

• All work is undertaken under the direction of the:
  • Data Protection & Compliance Lead (operational control)
  • Data Protection Officer (legal oversight)
• Final decisions on disclosure, refusal, or exemptions remain with the DPO / Legal
• The role operates within the Party's Data Protection & Information Governance Framework

Why This Role Matters

This is not a standard admin role. It will sit at the heart of:

• Legal compliance
• Public trust
• Regulatory scrutiny (ICO, Electoral Commission)
• Operational efficiency

Handled well, it:

• Prevents regulatory escalation
• Enables scalable, automated compliance via Zendesk and the Compliance Portal

Future Development

The role is expected to evolve as:

• Zendesk automation increases
• The Compliance Portal becomes fully operational

There is potential for:

• Increased responsibility
• Greater involvement in compliance operations
• Expansion into wider governance or data protection support functions