Data Protection Officer

Jellyfish is your digital partner. We support and drive digital transformation by providing the right technology, strategy and training.

We are one of the world's fastest-growing agencies across an ever-expanding global network. We are Google’s leading global partner. And our close relationship is growing where we are, what we do and how we deliver it. And to do this, we want to grow our skillset. We’d like you to join our journey as ONE Jellyfish.

Jellyfish Group Limited is looking to recruit an experienced Data Protection Officer
(DPO) to meet its obligations under the GDPR. Reporting to the General Counsel based in the UK, the statutory DPO will monitor compliance and data practices internally to ensure the business and its functions comply with the applicable requirements under the GDPR and other relevant legislation. The DPO will be responsible for advising on, and where required carrying out, staff training, Data Protection impact assessments, data transfer impact assessments, and internal audits. The DPO will also serve as the primary contact for the relevant supervisory authority and individuals whose data is processed by the organisation.

In this role, you will work closely with the Legal and Compliance and Information Security functions to develop and monitor policies and standards applicable to the business and in compliance with the GDPR and other relevant privacy legislation.

Essential Duties and Responsibilities: In this role, you will work closely with the Legal and Compliance
and Information Security functions to develop and monitor policies and standards applicable to the
business and in compliance with the GDPR and other relevant privacy legislation. Duties will include:

• Implementing measures and a privacy governance framework to manage data use in compliance with the GDPR and other relevant legislation, including developing templates for data collection, advising on and assisting with data mapping and records of data processing and vendor management reviews.
• Working with key internal stakeholders in the review of operations and projects and related data processing to ensure compliance with data privacy laws, and where necessary, advising on and monitoring Data Protection privacy impact assessments.
• Serving as the primary point of contact and liaison for the relevant supervisory authority on all Data Protection related matters under the GDPR and other relevant legislation.
• Serving as the primary point of contact for Data Protection queries in the business.
• Reviewing supplier or client contracts (including relevant standard contractual clauses for international data transfers) and other third party data processing and data sharing arrangements in partnership with the organisation's Legal, Procurement and Information security functions.
• As privacy expert, partner with business teams to evaluate new initiatives, plans, and processes and systems to meet Data Protection compliance requirements
• Ensuring filing and fee requirements with the relevant supervisor authority are achieved.
• Participating in the Data Privacy and/or Information Governance Committee or similar.
• Managing and conducting ongoing reviews of Company's privacy governance framework including Binding Corporate Rules (BCRs)] and regular and ad hoc reporting on data privacy compliance within the organisation
• Monitoring changes to relevant privacy laws and making recommendations to the Company and any relevant committees when appropriate.
• Setting standards and reviewing policies and procedures globally that meet the requirements under the GDPR and any localisation requirements in countries of operation.
• Developing and delivering privacy training to various business functions and collaborating with the Information Security function(s) to raise employee awareness of data privacy and security issues and promote a culture of Data Protection and compliance across the organisation.
• Developing strategies and initiatives to ensure engagement with key internal and external stakeholders.
• Coordinating, conducting and monitoring data privacy audits and addressing any potential issues with solutions.
• Collaborating with the Information Security function(s) to maintain records of all data assets and exports and maintaining a personal data security incident management plan to ensure timely remediation of incidents impacting personal data including impact assessments, breach response, complaints, claims or notifications.
• Responding to and advising on data subject rights requests, including data subject access requests (DSARs) and other requests from individuals.
• Ensuring that the Company IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data).
• Working with designated in-house Legal Counsel or outside legal advisers who are subject matter experts where necessary for data privacy law issues.
• Promoting effective work practices, working as part of Legal and Compliance team member, and showing respect and professionalism for co-workers.

Position Specifications

Education

• Law degree or post-graduate legal qualification required.
• Hold at least one Data Protection and/or privacy certification, such as CIPP, CIPT, CIPM, ISEB etc.

Work Experience

• 10+ years’ PQE / data privacy experience required.
• Main experience includes GDPR and UK GDPR data privacy laws plus evolving global data and privacy laws.
• 6+ years; experience within a compliance, legal, audit and/or risk function, with recent experience in privacy compliance.
• Experience in developing policy and compliance training.

Required Knowledge, Skills and Abilities

• Strong knowledge of GDPR, UK GDPR data privacy and Data Protection regulations, and a good understanding of other major privacy frameworks and evolving legislation worldwide.
• Well-developed and professional interpersonal skills; ability to interact effectively with people at all organisational levels of the firm.
• Experience of working in a large, global organisation.
• Ability to work unsupervised, exercise leadership and influence change.
• Ability to handle confidential and sensitive information with the appropriate discretion.
• Excellent writing and presentation skills.
• Strong change and project management skills, including the ability to manage time well, prioritise effectively and handle multiple deadlines.
• Ability to undertake large, long-term projects, develop alternative methods to complete them and implement solutions.
• Ability to use independent judgement and discretion when making majority of decisions.
• Detail-oriented approach needed to recommend and implement strategic improvements on a range of data privacy and Data Protection issues.
• Knowledge of PC applications, including Google Docs and MS Office.
• Fluent English plus knowledge of one or more other European languages preferred.

• Yearly salary increase
• Company Bonus
• Flexible Working hours
• Enhanced Parental Leave
• Learning & Development Assistance
• Hybrid (In-Office/Remote).

Equal Opportunity Employer: Jellyfish is committed to making adjustments in our recruitment process to enable you to demonstrate your full potential. Should you require reasonable accommodation, please fill out the form here.

• Flexible working
• Annual Bonus
• Training and Development
• Life Assurance
• Employee Assistance Programme - Counseling