Job context
Are you an experienced data protection professional? Are you interested in making a difference supporting charities with their data protection obligations?
Due to a significant demand for our services, we are recruiting for more Practitioners to join our team!
Hope and May is an international data protection consultancy. We provide legal advice and guidance to organisations to ensure that they lawfully handle personal data.
We specialise in the voluntary sector, helping charities to understand their data protection obligations. Hope and May is endorsed by many of the sector organisations such as the National Council for Voluntary Organisations (NCVO) and Lloyds Bank Foundation.
Hope and May are currently seeking an experienced data protection professional to join our expanding team as a Data Protection Practitioner to support our growing client base. As a member of our team, you will be responsible to provide data protection support to your portfolio of voluntary organisations.
If you have experience in data protection and you’re keen to help charities and their work, we encourage you to apply for this exciting opportunity.
Key Duties and Responsibilities
1. Conduct Data Protection Consultation: Provide expert guidance and consultation on data protection laws, regulations, and best practices to charities seeking to handle sensitive information responsibly.
2. Policy Framework Development: Create comprehensive data protection policies, procedures, and guidelines tailored to the specific needs and activities of each charity.
3. Compliance: Ensure that the charities comply with relevant data protection laws, such as the UK General Data Protection Regulation and the Data Protection Act 2018. Keep abreast of changing data protection laws and regulations and ensure that the charities remain in compliance with any new requirements.
4. Training and Awareness: Conduct data protection training sessions for charity staff and volunteers to promote a culture of data privacy awareness.
5. Data Subject Rights: Facilitate data subjects' rights requests, such as access, rectification, erasure, and objection, in accordance with applicable laws.
6. Data Governance: Develop and enforce data governance policies and procedures to ensure appropriate data handling, storage, and disposal practices.
7. Record of Activities and Processing: Draft inventories of data processing activities and map the flow of data within the charities to identify potential privacy risks.
8. Reporting and Documentation: Prepare and present regular reports to senior management on data protection initiatives, compliance status, and potential risks.
10. Data Protection Impact Assessments (DPIAs): draft and review DPIAs for high-risk data processing activities and provide recommendations to minimize privacy risks.
11. Ethical Considerations: Address ethical implications related to data collection, storage, and use, especially when dealing with sensitive data or vulnerable populations.
12. Stakeholder Collaboration: Collaborate with relevant stakeholders, such as legal teams, IT departments, authorities and external consultants, to ensure a coordinated approach to data protection for your clients.
13. Data Breach Management: Provide expert guidance and support to charities in the event of a data breach, including coordination with relevant authorities and stakeholders for a timely and effective response, including containment, mitigation, notification, and recovery strategies.
Requirements
Essential Experience and Knowledge
- Experience working for charitable organisations in a position relevant to the role (e.g. Governance, Data Protection Lead, Team Manager, Research and Impact Manager or similar)
- Knowledge in Data Protection legislation (e.g. UK GDPR, PECR, DPA 2018) and its practical application to the work of charitable organisations.
- Consultation: Excellent interpersonal skills, with the ability to effectively consult with and advise clients from senior management level to general staff.
- Delivery: Proven initiative and experience in consistently delivering high-quality work within specified deadlines.
- Communication: Excellent communication skills. Must be able to articulate complex concepts in a clear and accessible manner both verbally and in writing.
- Policy Development: Proven experience in developing and implementing policies, procedures, and guidelines.
- Document drafting and review: Proficiency in conducting comprehensive document reviews and in developing templates and resources for colleagues and clients.
- Analytical and Problem-Solving Skills: Strong analytical thinking and problem-solving capabilities to assess risks and propose solutions.
- IT skills: High level of proficiency in Microsoft Office and excellent adaptability to different software tools.
Essential Personal Specification
- Excellent organisational and time management skills, with a keen eye for detail.
- Strong communication and interpersonal skills.
- Strong time management skills and adept at thriving in a fast-paced environment, handling multiple tasks concurrently.
- Ability to work independently and take ownership of tasks and projects.
- Reflective and inquisitive, enjoying challenges and leading on projects.
- Proactive work delivery and a strong commitment to professional growth and development.
- Showcasing a pragmatic approach, adept at providing concise advice and efficiently driving projects to successful completion
- Right to work in the UK
Desirable but not essential
- Professional certifications in data protection.
- Experience in consultancy.
- Experience conducting training sessions.
- Familiarity with IT security practices to address the intersection of data protection and information security.
- Basic understanding of contract law and its relevance to data protection provisions.
Please note that due to the sensitive nature of the duties, a DBS will be sought in event of a successful application.