GDPR Developer

Contract Type Location Apply
Contractor London and Remotely here
The Role

The GDPR Developer will work with an experienced developer on the group’s GDPR remediation project, and will analyse the group’s solution landscapes (systems and business processes) and implement a strategy integrate data privacy solutions to support GDPR compliance.

What will you do?
  • Work with developer to
  • Identify and fix vulnerabilities
  • Develop a strategy, plan and implement privacy by design, right to be forgotten and DSAR
  • Ensure GDPR compliance of systems and owned digital assets
  • Support data minimisation, erasure, portability, encryption and integrity
  • Document and log developments, processing and activities
  • Understand deeply our architecture
  • Build 3rd party data processor relationship and manage erasure notifications
  • Understand access controls and restrictions
  • Support continued encryption efforts for high standard information security
  • Implement a business wide pseudonymisation and advocate its use to maintain compliance
  • Champion residual data awareness and remediation
  • Gain SaaS awareness
Who are you?
  • Calm under pressure
  • Able to multitask and prioritise workloads
  • Programming experience (Node, React and .NET)
  • A keen interest in Information Security
  • Willingness to learn and develop new skills
  • Strong technical interests
  • Excellent communication skills with the ability to present, influence and engage
  • An interest and understanding of GDPR
Tech Stack
  • Node, React and .NET
#1: Flexibility
Describe when you worked on an interesting cross-functional team that produced an outstanding outcome.
Detail your most recent experience working with a virtual team.
Describe when your attempt to collaborate across teams was unsuccessful.
#2: GDPR Action Plan

Draft a GDPR action plan and briefing document

This should include team, budget, tool requirements.

#3: Programming Experience
  • How much programming experience do you have?
    • What languages can you program in?
    • What is your favorite language and why?
    • How do you use those skills in real-work (business) situations?
#4: Inspirational Leaders

Describe three inspirational leaders who you’d like to work for. They must be alive today.

  • Tell us why you’d like to work for them
  • Create a graph showing how you could get a job offer to work for them
#5: Database Design

When is it appropriate to denormalise database design?

#1: Assisting a DPO

Describe a time where you supported a DPO in Data Protection tasks

  • what was the scenario?
  • what role did you play in the scenario?
  • what were the least enjoyable aspects of this task?
  • what were the most enjoyable aspects of this task?
#2: Open Source vs Proprietary Software

Write a business, technical and moral case:

  • For open source vs proprietary software
  • Fpor proprietary software vs open source
#3: GDPR Breach Notification to EU Regulator

Write an GDPR breach notification letter to one of the EU Regulators (for example the ICO in the UK) with a breach notification for (at least) one of the following scenarios:

  • 1024 PhotoBooks and cards sent to the wrong recipient
  • Customer’s Usernames and Passwords available to download in S3 bucket (via exposed API key and Secret)
  • HR system exposed sensitive employee data to internal employees
  • Non-opted in customers received marketing communications
  • … Another scenario that you have personal/professional experience in….


  • You have creative license to expand the chosen scenarios
  • You can choose an EU Regulator from one of the four companies the Photobox Group operates (UK, France, Spain and Germany)
  • It would be very interesting to see the same scenario sent to multiple regulators, where the differences between them would be highlighted
#4: Automated Build Tools

What automated-build tools or processes have you used? - for what and why? - what this your preferred choice?

If you have not had the oppotunity yet, what would you have used?

Why else should you be interested?

Quite simply, you don’t like standing still. You are passionate about working on different and ambitious projects from Day 1 - otherwise you’d be bored! You thrive on working with people from different nationalities, different cultures and languages. You want to work within a successful and recognised company, but you also want the freedom to bring forward your own solutions and to make your own impact. You want to work somewhere where people really do know each other by name and where they genuinely want to help and challenge each other to learn, be better and more innovative every day. Most importantly, you want to work in a business where spreading joy is the mission and where we all have fun making it happen.

Photobox Group Security mission and principles

Our mission is to secure the magic moments created by our customers, across all our brands. Our operating principles define what we focus on and how we make decisions. We hold ourselves accountable against these principles.

  1. We are enablers for the organisation, not blockers
  2. We drive transparency and accountability in risk management
  3. We minimise vulnerabilities
  4. We hack ourselves first
  5. We educate and empower our internal stakeholders and developers
  6. We contribute to adding financial value

Why join Photobox Group Security?

PhotoBox Group Security is a trusted, high-energy, empowered, and proactive team. If you are looking for a place to make a difference, learn a lot, be part of a highly productive team, and are able to work collaboratively with all parts of the business, this is the place for you.

We have a great culture, with a very horizonal structure. We expect you to be knowledgeable, trustworthy, empowered, friendly, focused, and responsible.

How to apply

In order to provide a fair and objective recruitment process, before we invite you for face-to-face interviews, we ask you to submit your answers to theoretical and practical challenges. This helps us to identify your suitability and experience level.

Each challenge should take no longer than 10 - 15 minutes to complete, however, in order to highlight your key skills, you may take longer than the suggested time if you wish.

Please see SOME OF THE CHALLENGES we might ask you to do (we customise these based on your experience and CV).

About us

Photobox Group is Europe’s leading digital consumer service for personalised products and gifts and parent of the Photobox, Moonpig, Hofmann and posterXXL brands.

Creative Commons License

© 2018, Photobox Group Security. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


Photobox Group Security
Unit 7, Metal Box Factory
30 Great Guildford Street