13 days ago
My client is long established and well regarded in the field in which they operate.
They are currently looking for an individual who will help the group identify and understand its regulatory obligations and ensure they align with the strategy and long-term plans of the organisation.
The role will support the group in meeting its obligations by developing, driving, monitoring, and administering a structured data governance framework. Working with stakeholders to embed a culture whereby the governance of the groups data is clearly defined and integrated into all relevant processes and activities
Key responsibilities include:
- Support the Head of Information Security and the designated DPO by developing and managing a data protection program that is aligned with the groups strategic objectives, technology roadmap and legal and regulatory compliance framework
- Informing and advising the group and its colleagues of their obligations needed to comply with the GDPR and other relevant data protection laws
- Maintaining the groups data protection policies, procedures, and standards
- Monitoring compliance with the GDPR and other data protection laws, and with the groups data protection polices, including managing internal data protection activities, raising awareness of data protection issues, training staff and conducting internal audits
- Ensuring that business and technology owners consider data protection obligations when designing and implementing new, and make changes to existing, business processes and services
- Maintaining the groups data asset register, ensuing that is it complete, fit for purpose and is reviewed on a scheduled basis
- Assigning ownership and accountability for data assets to relevant stakeholders in order to maintain a record of all data processing activities within the organisation
- Assisting the data asset owners and functional business areas in defining and managing appropriate data retention schedules.
- Maintaining the data protection risk register, ensuring that the risks relating to its data obligations are appropriately assessed and controls in place to effectively remediate them
- Advising the group during the completion of Data Protection Impact Assessments, ensuring that key risks to data are considered and appropriately addressed
- Develop relationships with key business stakeholders to act as the central point of contact for all matters relating to data protection and associated regulatory obligations
- Supporting operational teams, through subject matter expertise, on data protection matters, including and not limited to, supporting the business on data subject rights requests, data sharing agreements, privacy impact assessments
- Regularly reviewing guidance and notifications from the Information Commissioner’s Office and related data regulations across industry best practice in order to inform, update and advise the organisation accordingly
- Provide relevant input into the Learning & Development team for mandatory e-learning courses and modules
- Participate in incident reviews and be responsible for advising on and reporting of any associated data protection breaches
- Working knowledge of Data Protection Principles
- Strong experience working with a data governance framework aligned to the DPA and GDPR
- Clear and demonstrable understanding of the data subject rights (especially Right to Erasure, Right to Restrict Processing, Data Subject Access Requests) and how these should be adhered to in related business processes.
- Substantial experience in a data governance/data protection role, preferably in a related industry
- Experience in developing, documenting, and maintaining data governance policies, processes, and standards and implementation of associated business processes
- Experience and strong understanding of the lawful basis for processing of personal data and how this impacts operational processes
- Collaborative with the ability to explain regulatory requirements and obligations to colleagues of all levels of experience
- Diplomatic but assertive and determined when necessary in the face of challenge
- High level of personal integrity, as well as the ability to professionally handle confidential matters, and show an appropriate level of judgment and maturity.
- Strong influencing and stakeholder management skills
Salary is entirely commensurate with experience but will reflect the significance of the role.
Please note, should you not receive feedback 28 days, unfortunately your application has been unsuccessful. However, we may be in touch with similar relevant opportunities.