Data Protection Officer
Location : Newport
Type : Permanent
Salary : £40k - £45k
Essential Duties and Responsibilities
In this role, you will work closely with the Legal, Internal Audit and IT functions to develop and monitor policies and standards applicable to the business and in compliance with the GDPR and relevant national legislation.
Duties will include:
- Implementing measures and a privacy governance framework to manage data use in compliance with the GDPR and relevant national legislation, including developing templates for data collection, assisting with data mapping, and vendor management reviews.
- Working with key internal stakeholders in the review of projects and related data to ensure compliance with data privacy laws, and where necessary, advising on and monitoring data protection privacy impact assessments.
- Serving as the primary point of contact and liaison for the data protection authorities, for example the Information Commissioners Office, on all data protection related matters under the GDPR and relevant national legislation.
- Serving as the primary point of contact for data protection queries in the business.
- Reviewing vendor contracts (including EU model clauses) and consents needed to implement projects in partnership with the firm's Procurement and Information Security functions.
- Ensuring filing and fee requirements with local regulators are achieved.
- Participating in the development and ongoing responsibilities of the Data Privacy / Information Governance Committee.
- Managing and conducting ongoing reviews of the Company's privacy governance framework including regular and ad hoc reporting on data privacy compliance within the organisation.
- Monitoring changes to local privacy laws and making recommendations to the Data Privacy / Information Governance Committee when appropriate.
- Setting standards and reviewing policies and procedures that meet the requirements under the GDPR and national laws.
- Developing and delivering privacy training to various business functions and collaborating with the Information Security function(s) to raise employee awareness of data privacy and security issues, and providing training on the subject matter.
- Developing strategies and initiatives to ensure engagement with key internal and external stakeholders.
- Coordinating, conducting and monitoring data privacy audits in conjunction with the Internal Audit team.
- Manage the Data Protection email inbox and respond to queries within a reasonable time.
- Collaborating with the Information Security function(s) to maintain records of all data assets and exports, and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications
- Responding to and advising on subject access requests (SARs) and other requests from individuals.
- In conjunction with the IT team ensure that the Company's IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data). This will be an ongoing project with input from the Legal and Internal Audit teams.
- Lead the records management strategy in conjunction with IT Security and Data Privacy / Information Governance Committee.
- Working with designated others in the business, Record Management Officers (when appointed on the Data Privacy / Information Governance Committee), Legal and Internal Audit teams and, where necessary, outside legal advisers to help advise on local data privacy law issues.
- Promoting effective work practices, working as a team member, and showing respect for co-workers.
Hold at least one data protection and/or privacy certification, e.g. CIPP, CIPT, CIPM, ISEB, (preferred) or willingness to achieve within a short period of being appointed as the DPO.
- 2 years PQE experience within a compliance, legal, audit and/or risk function, with experience in privacy compliance.
- Experience in UK and/or EU data privacy laws.
- Experience in developing policy and compliance training. Knowledge, Skills and Abilities
- Strong knowledge of EU data privacy and data protection regulation, and a good understanding of other major privacy frameworks and evolving legislation worldwide.
- Sufficient knowledge of information technology and data management systems required.
- Ability to manage, share and monitor large amounts of data and information.
- Well-developed and professional interpersonal skills; ability to interact effectively with people at all organisational levels of the firm.
- Ability to work unsupervised, exercise leadership and influence change.
- Excellent writing and presentation skills.
- Strong change and project management skills, including the ability to manage time well, prioritise effectively and handle multiple deadlines.
- Ability to undertake large, long-term projects, develop alternative methods to complete them and implement solutions.
- Ability to use independent judgement and discretion when making majority of decisions.
- Detail-oriented approach needed to recommend and implement strategic improvements on a range of data privacy and data protection issues.
- Ability to handle confidential and sensitive information with the appropriate discretion.
- Good understanding of wider governance agenda.
- Knowledge of PC applications, including MS Office. Additional Requirements
- The statements contained in this position description are not exhaustive, and additional duties may be assigned or requirements vary from time to time.