Data Protection Officer

The Data Protection Officer will report to the General Counsel and has primary responsibility for fulfilling the statutory duties of Data Protection Officer in accordance with GDPR, providing independent oversight and advice on data protection compliance across the organisation. The role leads the Data Protection/Privacy function, including line management and oversight of the privacy team, providing expert interpretation and oversight of the application of data protection law in the context of international aviation and airline operations. The role plays a key role in oversight and advisory governance of technology projects from development stage onwards, and of digital, data and AI‑enabled initiatives, contributing to broader corporate compliance and risk considerations where these intersect with data protection, including participation in oversight and governance activities relating to information security, technology risk governance and strategy. The role provides strategic direction and independent oversight of how data protection compliance is embedded across the organisation, including operating‑model optimisation and the appropriate use of technology and process design.

• 
  
• Work collaboratively with Legal, Technology, Cybersecurity, Commercial and Operations teams to embed sustainable privacy practices into business processes and decision‑making. Oversee privacy risk identification and mitigation.
  
• Lead and coordinate information requests from supervisory authorities, including preparation, representation and remediation planning.
  

• 
  
• Provide privacy‑by‑design oversight for digital and AI initiatives.
  
• Provide advice and guidance re compliance with EU AI Act.
  
• Provide data protection oversight for international and cross-border technology deployments involving personal data.
  

• 
  
• Oversee DSAR governance and breach response.
  
• Provide leadership during personal data breaches and privacy incidents.
  

• 
  
• Provide strategic leadership and oversight for changes to Aer Lingus’ approach to data protection, including the use of technology and AI‑enabled tools.
  

• 
  
• Set the strategic direction for data protection training and awareness and assess maturity.
  
• Promote a culture of accountability and privacy awareness.
  

• 
  
• Demonstrated experience as a data protection professional, including formal responsibility for GDPR compliance; relevant certification (e.g. CIPP/E) desirable.
  
• Strong background in data protection.
  
• Experience advising on complex regulatory issues in a data‑driven organisation.
  
• Excellent drafting and communication skills, with the ability to produce clear, concise and well‑structured advice and materials for senior management, Boards, regulators and other stakeholders.
  
• Proven ability to exercise sound judgement and independence.
  
• Comfortable operating at senior executive and Board level, providing credible, trusted advice and challenging where required.
  
• Strong stakeholder management skills, with the ability to build and maintain effective relationships across Legal, Technology, Cyber Security, Commercial and Operations teams.
  
• High level of commercial awareness, with a clear understanding of the role of data protection compliance in enabling business objectives.
  
• Highly organised and self‑directed, with the ability to manage multiple priorities and meet deadlines in a fast‑paced environment.
  
• Ability to analyse, simplify and clearly articulate complex issues, with strong attention to detail.
  
• A collaborative and credible interpersonal style, with strong listening, influencing and communication skills.
  
• Experience working successfully in a performance‑driven, results‑focused organisation.
  
• Proven ability to operate effectively in an in‑house environment, exercising independence while remaining pragmatic and solutions‑focused.
  
• Experience in other areas of corporate compliance (KYC, sanctions, disclosures etc) would also be of benefit.
  
• The role is ideally suited to a legally qualified professional (though this is not a requirement).
  
• In addition to fulfilling the statutory responsibilities of the Data Protection Officer, the role holder may, where appropriate and subject to capacity and absence of conflict of interests, contribute to other areas of legal or corporate compliance activity.
  

We embrace diversity and provide equal opportunities. xcfaprz We do not discriminate based on race, gender, sexual orientation, age, disability or any other protected status.