As a Data Protection Specialist, you will provide operational governance and oversight through reporting KPIs, KRIs and other metrics to monitor and demonstrate compliance with all relevant privacy & Data Protection laws.
You will work within a Data Protection team to implement and embed a DP and privacy management programme, based on the UK Information Commissioner's Office (ICO) accountability framework to monitor, and maintain compliance with the UK GDPR and other relevant privacy or Data Protection laws. Ensuring any risks to the rights and freedoms of our data subjects are identified and managed.
The benefits:
- Salary - Up to £34,000
- Bonus scheme - on target bonus - 7.5%
- Pension scheme - contribute up to 5% of your salary and Openwork will match you and put in an extra 5%
- Critical illness cover
- Income protection - 1x salary
- Death in service - 4x salary
- 25 days holiday + bank holidays, with the opportunity to buy up to an additional 10 days
- A range of other flexible benefits to include private medical insurance, dental insurance and much more.
Privacy & Data Protection (PDP) Guidance
- Manage PDP queries across OHL, working with the DPO, Legal or the ICO help teams as needed.
- Maintain central location for PDP guidance & templates.
Operational Procedures
- Create, issue, socialise, operate and maintain privacy related procedures across OHL.
- Operate and maintain relevant tooling such as the PDP modules of OneTrust and issue tracking within Simple Risk
Training & Awareness
- Creation and maintenance of colleague and AR related portal content – guidance, policy, process.
- Work with the Business School to ensure all colleagues and partners complete both general and role-specific training courses periodically.
Individual Data Protection Rights
Fulfil rights requests for data controlled by the entity:
- Subject Access (DSARs Clients, Colleagues and ARs)
- Complaints
- Data Erasure
- Data Portability
- Rectification of data
Data Protection Incident & Breach Response
- Ensure PDP breach reporting processes are in place.
- Manage day to day PDP incidents and breach tracking
PDP Risk and Data Protection Impact Assessments
- Create and manage the DPIA process and documentation.
- Conduct DPIAs every time a high-risk processing operation is proposed or existing one changes.
- Record and track PDP risks (including as part of Business risk assessments) and issues.
- Escalation to DPO for complex DPIAs.
PDP by Design & Default
- Ensure PDP requirements are built into operational changes and projects through representation at the Change Advisory Board (CAB), Technical Design Boards and advocacy across 1st line operational teams
Records of Processing, Lawful Basis & Cookie policies
- Work with operational teams to ensure the periodic data mapping of personal data across the OHL businesses.
- Work with operational teams to create and maintain a record of data processing activities (ROPA) which is updated when changes to systems, services and suppliers are made.
- Identify and record the lawful basis of processing for each process within the ROPA.
Contracts & Data Sharing
- Ensure all contracts with data processors reflect the necessary PDP clauses.
- Work with Strategic Sourcing colleagues to conduct 3rd party due diligence on potential new suppliers.
- Engage with DPO and Legal resources where issues arise.
Partner AR Oversight
Work with quality teams to ensure AR firms are meeting expected PDP compliance requirements.