We are looking for an individual who has a genuine love of data protection, can think innovatively, and provide practical and commercial advice in relation to data protection. Reporting to the Director of Compliance, the Data Protection Officer will provide specialist and practical guidance in relation to data protection laws and regulations to facilitate compliance with the requirements and drive forward a culture where data protection is at the heart of our business.
In this role you’ll do a variety of interesting and important things that are essential to operate in a way that enables compliance with relevant data protection laws and regulations.
Key Responsibilities:
Ensure personal information is processed in line with applicable legal and regulatory obligations.
Ensure industry good practice through the implementation of appropriate data privacy frameworks.
Monitor compliance with legal and regulatory obligations and with our data protection policies, including managing internal data protection activities, raising awareness of data protection issues, providing training and awareness to staff, and conducting compliance reviews.
Manage data privacy breaches or near misses, support the identification of the root cause, mitigation, and monitor implementation to prevent recurrence.
Advise on and monitor data protection impact assessments.
Act as the point of contact for the ICO and for individuals whose data is processed or those who process data on our behalf. Oversee timely response to data subject access requests.
Identify and understand the key risks associated with the processing we undertake, escalate as appropriate, and work closely with the risk team to monitor and mitigate these risks.
Provide SME input on data handling and protection including data classification, retention, loss prevention, and encryption, and emerging technologies such as AI.
Manage the DP team, coach, and mentor team members to achieve outstanding levels of delivery, performance, challenge, and oversight.
Skills, Experience and Qualifications:
Must have experience managing a team in a similar role.
Excellent understanding and knowledge of UK data protection legislation & regulatory regime, with a proven history of working in the field of data protection (including e.g. ISEB/CIPPE qualification).
Demonstrable experience in the application and implementation of Privacy by Design and Default, conducting Data Privacy Impact Assessments, and independent assessment of data breaches.
Experience as DPO in a B2C environment (ideally Telecoms) with large customer data sets, including marketing.
Ability to perform the duties of a DPO independently, including corresponding with regulators and data subjects, providing advice and guidance to the business.
Ability to work with technical and security teams to develop data protection policies and processes.
Experience working in a fast-paced environment and able to prioritize activities.
Strong communication and interpersonal skills are essential; a people person skilled at building and maintaining relationships both internally and externally as well as managing key stakeholders.
Strong writing skills – ability to perform detailed analysis and write clear concise reports and advisory briefs.
Proven ability to implement change and manage processes.
Good to have previous telco experience in a similar role.