Deputy Data Protection Officer
Reading / Hybrid 2 days per week office based
We are seeking a highly experienced Privacy Lawyer who is eager to embark on a new challenge and channel their passion for data protection in a dynamic and innovative environment. As a key member of this team the Data Protection and Privacy Officer (DDPO) will play a pivotal role in shaping and ensuring the organisation's compliance with UK data protection laws and regulations.
As the Data Protection and Privacy Officer, you will:
- Provide specialised, pragmatic, regulatory, and legal guidance to ensure the implementation of policies, processes, and controls aligned with UK data protection laws.
- Demonstrate a deep understanding and knowledge of UK data protection legislation and regulatory regimes, with a proven track record in the field (ISEB/CIPPE qualification is desirable).
- Offer compliance support for data protection, including conducting monitoring reviews and managing large customer data sets in a B2C environment, especially in the context of marketing activities.
- Apply Privacy by Design and Default principles, conduct Data Privacy Impact Assessments, and independently assess data breaches.
- Showcase strong communication and interpersonal skills, fostering relationships internally and externally, and effectively managing key stakeholders.
- Collaborate with various stakeholders, including Compliance, Legal, InfoSec, and other business units, to identify and implement legal and regulatory requirements related to data protection laws.
- Review and provide guidance on the development of compliance-related policies, procedures, processes, and controls, facilitating alignment with applicable laws and regulations.
- Support with Data Sharing Agreements (DSA) and contractual requirements.
- Collaborate with the Risk & Compliance team to provide comprehensive support to the business.
- Facilitate the identification, investigation, management, and resolution of compliance-related issues.
- Prepare relevant compliance reports to meet both internal and external regulatory requirements.
- Engage with front-line operational business teams to inform and advise on data protection obligations.
- Monitor compliance with UK-GDPR and other data protection laws, conducting internal data protection activities and compliance reviews.
- Ensure proper registration under the law and maintain an active article 30 register of processing activities, driving audit and data management processes.
- Manage data privacy breaches, identify root causes, implement mitigation, and monitor to prevent recurrence.
- Work closely with the business to embed data protection compliance into transformation programs.
- Oversee the subject access request process and individual rights, identifying and evaluating data processing activities.
- Comfortable working under pressure, adaptable to ambiguity, and capable of managing multiple tasks simultaneously.
- Proven experience in the field of data protection, preferably with an ISEB/CIPPE qualification.
- Your subject matter experience and expertise will be crucial in your success, with a focus on compliance support and monitoring reviews.
- Previous experience in a B2C environment, particularly with large customer data sets and marketing.
- Strong understanding of UK data protection legislation and regulatory regimes.
- Demonstrable experience in Privacy by Design and Default, Data Privacy Impact Assessments, and managing data breaches.
- Excellent communication and interpersonal skills, with the ability to build and maintain relationships.
- Ability to work collaboratively, plan, organise, and prioritise activities to meet business objectives.
If you are a passionate Data Protection professional and Privacy Lawyer seeking a new challenge and possess the skills and expertise outlined above. Apply now!!
Project People is acting as an Employment Agency in relation to this vacancy.