This is a 12 month fixed term contract opportunity for a Privacy Officer to be responsible for overseeing the company’s data compliance programme, data privacy, and ensuring the company meets its obligations under the Data Protection Act 2018.
Key tasks will include:
- Managing compliance to the Data Protection Act 2018.
- Advising the Executive Team and Board of Directors on all matters related to data protection and providing regular board reports on data protection activities.
- Creating and maintaining appropriate data protection Policies, Management Plans, and Procedures and manage an assurance programme and related audits including data processing, data sharing, disclosure and data retention.
- Monitoring changes to the law and guidance on all matters relating to data protection ensuring the company takes timely action to update and implement changes in Policies, Management Plans and Procedures.
- Overseeing the maintenance of records required to demonstrate Data Protection compliance including Data Processing Instructions and the Data Processing Register.
- Providing leadership, management and direction in relation to all areas of data protection through the Privacy Champions and the Privacy Team.
- Managing a programme of awareness-raising and training to deliver compliance and to foster good practice and a data privacy culture within the company through the Privacy Team.
- Operate as the primary contact point for the ICO and lead data incident response and data breach notification procedure.
- Reviewing data protection clauses in contract terms in conjunction with Procurement, Contracts and Sub-Contracts teams.
- Working closely with the Privacy Champions and Data Processors on privacy matters, advising and ensuring they are regularly updated.
- Maintaining and updating Data Privacy Notices and ensuring Data Processing Agreements are complete and authorised before commencement of processing.
- Be the contact point with and co-operate with data subjects when exercising their individual data rights as well as supervise and advise on the response to such requests. Liaises with internal processors to ensure requests are dealt with and redacted in a timely manner.
The successful candidate will ideally be a Certified EU GDPR Practitioner qualification and possess additional recognised privacy qualifications (e.g. CIPP, ISEB would be desirable). Knowledge of data protection legislation, in particular the DPA 2018, is required, together with previous experience of monitoring compliance with regulatory requirements and effectively engaging regulatory bodies and having experience in managing data incidents and breaches.