The Rise of the SRI Role

I recently highlighted the need for organisations to reflect and appoint a Data lead at board level. In developing this idea and “must have” further with one eye to the future, I have developed my thinking to incorporate the opportunity that the UK Data Protection and Digital Information (DPDI) Bill gives data controllers in delivering this ambition. There have been two key drivers responsible for my revised thinking.  These include the potential introduction of the Data Protection and Digital Information (DPDI) Bill and the elevation of all things Artificial Intelligence (AI) onto the radars of Board and C suite members. One of these leadership opportunities is the potential for organisations to appoint a Senior Responsible Individual – or SRI – at Board Level to lead all things Data, including strategy, compliance, governance, and value.

The role of the SRI in the DPDI Bill

Tasked with ensuring adherence to regulatory standards and maintaining compliance, the responsibilities of the SRI are largely similar to those of the Data Protection Officer (DPO). However, these differ depending on whether the organisation is a data controller or processor. The only prerequisite for the appointment of this role is that the person being appointed is part of “senior management”.

Initially outlined in 2023, the SRI role has steadily evolved. Behind this change are factors like the DPDI Bill, which proposes that the obligation for an organisation to appoint a DPO be replaced with the requirement to appoint a SRI (if they are a public body or carry out high-risk processing). Naturally, as a result, the role of the SRI has received an increase in relevance as this role is now to be given a more prevalent position in the industry.

Many organisations will retain the role of DPO and the role of the SRI will become a strategic member of the senior team – what better place to have this Data leader in the boardroom?

You can learn more about the changes proposed in the Bill on our DPDI webpage.

Advancements in AI capabilities

With the countless new strides being made by artificial intelligence come a great deal of new opportunities. As technology continues to grow rapidly and unprecedentedly, organisations everywhere are leveraging it to enhance their businesses. Companies are implementing AI for a multitude of purposes, such as improving overall efficiency (for example, by automating tedious administrative processes).

These benefits, however, don’t come without their challenges. The introduction of AI processes into an organisation means an influx of privacy-related hurdles to overcome, including ethical considerations and the need for robust governance frameworks. Regarding this, the SRI role assumes a pivotal position, helping their organisations tap the potential AI holds while mitigating risks and upholding ethical standards.

The rise of the SRI role

As a result of these factors – the mandates set out in the DPDI Bill and the advancement of AI – the SRI is on the rise. This role now emerges as a linchpin in driving sustainable growth, fostering trust among stakeholders, and guiding their organisations in adhering to their data privacy obligations as required. By embracing change, and encouraging these new approaches to strategic data leadership, businesses can better navigate the complex regulatory challenges and exciting opportunities that come their way.

To assist you in fulfilling the role of the SRI in your organisation, I have provided a job description that covers the responsibilities, requirements, and necessary qualifications for somebody in this position.

Data Protection and Digital Information (No. 2) Bill (DPDI)

Job description for the SRI

As the Senior Responsible Individual (SRI) for AI and Data Governance, you will serve as the linchpin between innovation and responsibility within our organisation. Your pivotal role entails overseeing the ethical deployment, management, and protection of data and artificial intelligence (AI) projects.

Reporting directly to the Chair/CEO, you will lead the charge through delegation and leadership in maximising the value derived from our data assets while ensuring stringent compliance with data protection regulations and upholding the highest ethical standards.

Your multifaceted responsibilities will span across guiding AI initiatives, safeguarding sensitive data, fostering data-driven innovation, and establishing robust governance frameworks to promote responsible and transparent use of data and AI technologies.

Title: Senior Responsible Individual (SRI) – AI and Data Governance


Position Type: Part-time

Reporting to: Chair/CEO

Job Responsibilities:


  1. Strategic Leadership:
    • Develop and communicate a comprehensive strategic vision for AI and data governance that is seamlessly integrated with the organisation’s overarching objectives.
    • Collaborate closely with senior management to embed ethical considerations and data governance principles into the fabric of our business strategies.
  2. Data and AI Oversight:
    • Support those leading end-to-end planning, execution, and evaluation of AI and data projects, ensuring alignment with organisational goals, ethical guidelines, and industry best practices.
    • Provide strategic guidance on the design, risk management, development, and deployment of AI systems, with a keen focus on mitigating bias, ensuring fairness, and enhancing transparency throughout the AI lifecycle.
    • Stay abreast of emerging trends and advancements in AI and data technologies, leveraging insights to drive continuous innovation and enhancement of our AI capabilities.
  3. Ethics and Compliance:
    • Establish and enforce a robust set of ethical guidelines and best practices governing the responsible use of data and AI across all facets of our operations.
    • Ensure unwavering compliance with stringent data protection regulations (e.g., GDPR, CCPA) and industry standards, pre-emptively identifying and addressing any potential compliance risks or issues.
    • Conduct regular audits and assessments to gauge the effectiveness of our data protection measures, ethical frameworks, and compliance protocols.
  4. Data Value Optimisation:
    • Support through leadership cross-functional teams to identify, prioritise, and capitalise on data-driven opportunities that drive tangible business value, enhance operational efficiency, and elevate customer experiences.
    • Spearhead initiatives aimed at ethically monetising our data assets, all while safeguarding individual privacy rights and maintaining the utmost confidentiality of sensitive information.
  5. Data Protection Governance:
    • Provide expertise to ensure we develop and continually refine a comprehensive suite of data governance policies, procedures, and controls to fortify our defences against data breaches, uphold data integrity, and preserve data quality.
    • Serve as the primary point of contact for all data-related inquiries, incidents, and breaches, orchestrating swift and effective response efforts in accordance with established protocols and regulatory requirements.



  • As a minimum a Bachelor’s degree in Computer Science, Data Science, Information Management, Cyber, Information Rights Law or a related field (Master’s degree preferred).
  • Proven track record (5 years) of exemplary leadership experience overseeing AI and data governance initiatives within complex organisational settings.
  • Thorough understanding of data protection regulations (e.g., GDPR, CCPA) and profound insights into the ethical considerations inherent in AI and data governance.
  • Exceptional proficiency in data management principles, encompassing data governance, data quality assurance, and data lifecycle management.
  • Outstanding communication skills, coupled with a proven ability to influence and engage stakeholders at all levels of the organisation.
  • Demonstrated aptitude in formulating and executing strategic plans to drive transformative AI and data initiatives that yield tangible business outcomes.

How DPAS can help

If you need any support in ensuring your organisation is complying with the relevant legislation, or require training in the areas of data protection and information security, get in contact with us.

Either call us on 0203 3013384, email us at, or simply fill out a contact form. Our dedicated team will get back to you as soon as possible.

By Nigel Gooding

LLM Information Rights Law & Practice. FBCS, PG Dip Information Rights Law and Practice, PG Cert Data Protection Law and Information Governance, PG Cert Management

related posts

Get a Free Consultation