Ensure effective data protection activity across EMEA. Support and create a culture to ensure full compliance with business standards and ICO requirements such as DSARs, DPIAs & Incident/Breach timeframes.
Effective policy & procedure ownership and review feedback to key stakeholders regarding in order to update; educate and influence positive and proactive activity and behaviours to support the use and storage of all data to do with the firm, customer or employee.
*There is an opportunity to step up to Data Protection Officer (DPO) within a short period of time. Timeline very much depends on the candidate.
- Monitor the implementation of Data policies and review their effectiveness in identifying and protecting at risk customers, employees and company.
- Provide guidance, support and leadership on data protection legislation and regulation across all operations with consideration of all regulatory bodies and reporting requirements
- Policy Author; General Data Protection Regulation (GDPR) Management of the end to end process in accordance with the firm's GDPR Policy and Procedures and underlying regulations.
- Manage Data Subject Access Requests (DSAR) & Deferred Prosecution Agreement requests (DPA)
- Represent the firm externally at both industry events and wider networking events to share best practices where possible.
- Ownership and management of Data Protection and related Compliance updates to the business and board,, ensuring the GRC and DP departments are visible and communication is maintained with the wider business.
- Implement and deliver data protection and data privacy audits internally and with third party suppliers, driving continuous improvements
- Help to shape initiatives to drive a culture that values and respects data relating to individuals
- Develop and embed a taxonomy of business data and lifecycle across the business
- Lead initiatives around "Master Data Management" including quality control initiatives to ensure information is up-to-date and accurate, and where needed corrected closest to source
- Own and enhance data maps and personal information asset inventory
- Drive a culture of respect for information and act as the "role model and go to person" for all data and information
- Training and development across the business
REQUIRED SKILLS AND BEHAVIOURS:
- Must have a high level of confidentiality and act in a discreet manner at all times regarding information in their possession.
- Must be able to demonstrate a high level of research skills and be fully conversant with company procedures and databases utilised in relation to all data processes.
- Must possess excellent communication skills, both written and verbal and be highly organised.
- Must be proficient in using MS Office, possess intermediate to advanced IT skills in normal Microsoft applications (Word, ExCel, PowerPoint, Outlook) etc.
- Must have a positive, 'can do' attitude and approach to work, continually displaying and reinforcing the company's key behaviours relating to service standards and being personable and professional regarding interaction with all stakeholders and points of contact.
- Ability to present data in a summarised KPI/Dashboard reporting format.
- Able to write business reports appropriate for board level and compliance committee review
- Familiar and able to write and construct policies and procedures
- Able to undertake investigations and seek out relevant data and evidence in order to make appropriate findings and recommendations
DESIRABLE SKILLS and QUALIFICATIONS:
- Direct experience of data privacy compliance in UK, ideally within financial services, but will consider outside of financial services
- Experience of leading data privacy initiatives and projects
- Excellent relationship management skills
- Detailed technical knowledge of data protection regulations, including GDPR
- Strong technology knowledge to understand risk and opportunities available to support the use of Data
- Have an interest in wider data protection and privacy issues