Please note that this is a remote position which will require occasional travel to an office across the UK.
Package
Salary: £39,000 – 48,000
Indicative timeline
Closing date: 28th April 2024 at 23:59
Please let us know in your application letter if you are unable to attend the interview dates above
About the Data Protection Officer role
The Data Protection Officer works with a range of external contacts including members of the public, local authorities, police, the Information Commissioner’s Office, the Fundraising Regulator, external legal practices and other statutory and voluntary agencies. The role also works closely with the NSPCC’s contractors The DPO Centre.
The DPO shall have the following tasks as set out in Article 39 of the UK General Data Protection Regulation (GDPR):
Inform and advise the NSPCC as the controller of personal data and as the processor of personal data on behalf of other controllers, and its employees of their of their obligations in relation to compliance with UK GDPR and other Data Protection or privacy laws that may apply to processing carried out by the NSPCC.- Monitor compliance with UK GDPR and other Data Protection and privacy laws, with NSPCC policies, including the assignment of responsibilities, awareness- raising and training of staff involved in the processing operations, and the related audits;
- Provide advice where requested regarding Data Protection impact assessment and monitor the NSPCC’s performance of its obligations as required by UK GDPR
- Cooperate with the Information Commissioner’s Office (ICO) – the supervisory authority in the UK;
- Act as the contact point for the ICO on issues related to the processing of personal data.
Other key responsibilities for the Data Protection Officer
Data Protection:
- Line manage the Data Protection and Compliance team, including monitoring the team’s performance of subject access, disclosure, compliance advice and data breach reporting operations.
- Develop and implement policies in relation to Data Protection, Privacy and Information Governance and ensure they are reviewed regularly and updated according to the activities of the organisation;
- Coordinate the work of the Data Privacy Champions. Provide comprehensive reports to the group on the NSPCC’s compliance with internal policies and procedures and external laws and regulations and report the Data Protection, Privacy and Information Governance assurance reports for Executive Board and the Audit and Risk Committee;
- Develop and maintain the NSPCC’s Data Privacy Impact Assessment policy and procedures;
- Ensure that systematic compliance audits are undertaken and that their findings are reported and acted upon;
- Assist with investigations into complaints about breaches of the UK GDPR and other Data Protection laws, and in particular the notification of personal data breaches to the ICO as required by Article 33 and ICO guidance. Undertake reporting of breaches and, where necessary, advise on remedial action. Maintain a log of incidents and remedial recommendations and actions, and report all such incidents to the Audit & Risk Committee of the Board of Trustees;
- Ensure that developments in Data Protection and privacy law and practice are monitored, and advise the NSPCC on compliance with future requirements. Provide timely guidance to the NSPCC on any legal and regulatory changes.
- Promote and maintain Data Protection and privacy awareness throughout the NSPCC by providing training and communications. Monitor and advise on procedures and practice guidance to ensure that Data Protection and privacy requirements have been incorporated.
- Maintain and update the NSPCC’s Information Asset Register (Record of Processing Activities) to ensure that all processing is accurately reflected.
- Work with the Digital Ethics Board and provides feedback on proposed activities from a Data Protection perspective.
- Approve promotional activities across all departments from a fundraising compliance perspective, considering all relevant regulatory requirements, e.g. Fundraising Regulator, Advertising Standards Authority, Gambling Commission.
- Keep all staff up to date with changes in fundraising compliance guidance and best practice.
- Review the Fundraising Regulator Code of Practice on an annual basis and disseminate and relevant changes to fundraising teams.
- Attend and learn from sector groups including but not limited to the Fundraising Compliance Forum.
Join NSPCC and you'll become part of a team that cares about the work they do and the people they work with. You'll discover opportunities to grow, along with challenges and a shared purpose that'll bring the best out in you. And you'll get to find your own way to make a difference that means more, and that impacts millions of young lives
Application Process
If you wish to apply for the post, please provide the following by 23:59pm on 28th April 2024:
A comprehensive CV (maximum two sides A4, minimum 11 font) setting out your career history and including details of any relevant professional qualifications. Please also includes the names of two referees, or be prepared to provide these on request as part of the process. Referees will not be contacted without your prior consent.
A short supporting statement (maximum two sides A4, minimum 11 font) giving evidence of the strength and depth of your ability to meet the essential criteria and experience outlined above for the role. Please provide specific examples to demonstrate how you meet the experience and attributes identified in the person specification.
Please contact Andrew Stilwell for any additional information or to discuss the process in further detail:
Reasonable Adjustments
We are committed to making reasonable adjustments in order to support disabled candidates and ensure that you are not disadvantaged in the recruitment and assessment process.