Privacy Lead – R&D / Chief Patient Office (CPO)
Last checked active on Jul 10, 2026.
Position Overview
Job Description
Business Introduction
At GSK, we have bold ambitions for patients, aiming to positively impact the health of 2.5 billion people by the end of the decade. Our R&D focuses on discovering and delivering vaccines and medicines, combining our understanding of the immune system with cutting-edge technology to transform people’s lives. GSK fosters a culture ambitious for patients, accountable for impact, and committed to doing the right thing, making sure that we focus our efforts on accelerating significant assets that meet patients’ needs and have the highest probability of success. We’re uniting science, technology, and talent to get ahead of disease together.
Find out more:
Our approach to R&D
Role Purpose
The Privacy Lead will serve as a trusted privacy advisor supporting Research & Development (R&D) and the Chief Patient Office (CPO) in embedding privacy-by-design across research, clinical development, patient-focused activities, and emerging digital capabilities.
Working in partnership with Legal, the Data Protection Office, Information Security, Data Governance, business process owners, and external stakeholders, the Privacy Lead will help ensure personal data is managed responsibly, ethically, and in accordance with applicable regulatory requirements.
This highly collaborative role requires strong influencing skills, sound judgment, and the ability to translate privacy requirements into practical, risk-based solutions that enable scientific innovation while maintaining patient and participant trust.
Key Responsibilities
Privacy Leadership & Advisory
- Support the R&D and CPO privacy strategy and contribute to the continued advancement of privacy-by-design principles across research and patient-focused activities.
- Provide privacy guidance and subject matter expertise to cross-functional teams involved in clinical research, real-world evidence, digital health, AI-enabled initiatives, and patient engagement activities.
- Partner with business leaders to identify privacy considerations early in project planning and operational execution.
- Promote a culture of responsible data use and privacy awareness across R&D and CPO.
Risk Management & Governance
- Lead and manage privacy impact assessments, privacy risk assessments, and related governance activities for processes involving personal data.
- Maintain oversight of privacy-related data inventories and records supporting regulatory compliance.
- Track privacy risks, develop mitigation strategies, and support reporting to relevant governance forums.
- Collaborate with stakeholders to drive continuous improvement in privacy controls, practices, and processes.
Compliance & Regulatory Support
- Advise teams on the lawful, ethical, and responsible use of personal data across clinical trials, observational research, real-world studies, and digital health initiatives.
- Support interpretation and implementation of privacy requirements under UK GDPR, EU GDPR, US Data Protect and cross boarder data transfer and other relevant global privacy frameworks.
- Coordinate privacy-related responses to incidents, individual right request, audits, inspections, inquiries, and regulatory requests in partnership with Legal, Security, and Privacy Office colleagues.
- Support governance activities associated with the use and reuse of human biological samples and other sensitive research data.
Stakeholder Engagement & Capability Building
- Build strong partnerships across R&D, CPO, Legal, Information Security, Risk, Compliance, and external partners.
- Develop and deliver privacy training, communications, and awareness initiatives.
- Influence stakeholders at all levels through clear communication and practical problem solving.
- Support privacy capability development across the organization through coaching, education, and knowledge sharing.
Why You?
Basic Qualification
We are seeking professionals with the following required skills and qualifications to help us achieve our goals:
- Bachelor's degree in Law, Information Governance, Privacy, Computer Science, Life Sciences, or related discipline; or equivalent experience.
- Significant experience in privacy, data protection, information governance, compliance, or related disciplines.
- Experience conducting privacy impact assessments and privacy risk assessments.
- Working knowledge of UK GDPR, EU GDPR, , US Data Protect and cross boarder data transfer and privacy principles applicable to highly regulated environments.
- Experience influencing stakeholders across a complex matrix organization.
- Strong written, verbal, and presentation skills with the ability to explain complex concepts to non-specialist audiences.
Preferred Qualification
If you have the following characteristics, it would be a plus
- Professional privacy certification such as CIPP/E, CIPM, CIPT, or equivalent.
- Experience within pharmaceutical, biotechnology, healthcare, clinical research, or other regulated industries.
- Familiarity with global privacy regulations beyond UK/EU GDPR, US Data Protection including cross-border data transfer requirements.
- Experience supporting AI, advanced analytics, digital health, or innovative data-driven initiatives.
- Knowledge of governance processes related to clinical trials, real-world evidence, and human biological samples.
- Experience managing privacy incidents, individual rights requests, or regulatory interactions.
- Experience building communities of practice or leading cross-functional privacy initiatives without direct management responsibility.
Working pattern
This role is hybrid. You will be expected to work on-site in the UK office for part of the week, with flexibility agreed with your manager.
How to apply
We want to hear from you. Please submit your CV and a short note explaining why this role matters to you and how your experience matches the role. We welcome applicants from people with varied backgrounds and lived experiences. Apply now to join us in protecting patient privacy while advancing research.
Why GSK?
Uniting science, technology and talent to get ahead of disease together.
GSK is a global biopharma company with a purpose to unite science, technology and talent to get ahead of disease together. We aim to positively impact the health of 2.5 billion people by the end of the decade, as a successful, growing company where people can thrive. We get ahead of disease by preventing and treating it with innovation in specialty medicines and vaccines. We focus on four therapeutic areas: respiratory, immunology and inflammation; oncology; HIV; and infectious diseases – to impact health at scale.
People and patients around the world count on the medicines and vaccines we make, so we’re committed to creating an environment where our people can thrive and focus on what matters most. Our culture of being ambitious for patients, accountable for impact and doing the right thing is the foundation for how, together, we deliver for patients, shareholders and our people.
GSK is an Equal Opportunity Employer. This ensures that all qualified applicants will receive equal consideration for employment without regard to race, color, religion, sex (including pregnancy, gender identity, and sexual orientation), parental status, national origin, age, disability, genetic information (including family medical history), military service or any basis prohibited under federal, state or local law.
We believe in an agile working culture for all our roles. If flexibility is important to you, we encourage you to explore with our hiring team what the opportunities are.
Should you require any adjustments to our process to assist you in demonstrating your strengths and capabilities contact us at UKRecruitment.Adjustments@gsk.com where you can also request a call.
Please note should your enquiry not relate to adjustments, we will not be able to support you through these channels. However, we have created a Recruitment FAQ guide. Click the link where you will find answers to multiple questions we receive
Important notice to Employment businesses/ Agencies
GSK does not accept referrals from employment businesses and/or employment agencies in respect of the vacancies posted on this site. All employment businesses/agencies are required to contact GSK's commercial and general procurement/human resources department to obtain prior written authorization before referring any candidates to GSK. The obtaining of prior written authorization is a condition precedent to any agreement (verbal or written) between the employment business/ agency and GSK. In the absence of such written authorization being obtained any actions undertaken by the employment business/agency shall be deemed to have been performed without the consent or contractual agreement of GSK. GSK shall therefore not be liable for any fees arising from such actions or any fees arising from any referrals by employment businesses/agencies in respect of the vacancies posted on this site.
Please note that if you are a US Licensed Healthcare Professional or Healthcare Professional as defined by the laws of the state issuing your license, GSK may be required to capture and report expenses GSK incurs, on your behalf, in the event you are afforded an interview for employment. This capture of applicable transfers of value is necessary to ensure GSK’s compliance to all federal and state US Transparency requirements. For more information, please visit the Centers for Medicare and Medicaid Services (CMS) website at https://openpaymentsdata.cms.gov/
Compensation
€109,500 - €182,500/year
Practice Area
Position
Mid
Industry
Legal
Application Deadline
September 8, 2026
Employment Type
Full time