Senior Associate Analyst, Data Privacy And Records Management

About us

National Grid touches the lives of almost everyone, with an energy network that stretches across the Atlantic. We’re an international team, and our work underpins the lives of millions of people. Feet forwards, head up, and eyes bright, we’re working hard to create value for people today – and shape the future of energy tomorrow.

In the UK, we don’t generate or sell energy – we join the dots to get energy from A to B. From making a cup of tea in the morning, to keeping the lights on in hospitals, our electricity network puts power in the hands of people. Without it, the world as we know it would grind to a halt.

The world of energy is changing beyond recognition. Working at National Grid, you won’t just be touching the lives of almost everyone in the UK – you’ll be shaping the way we use and consume energy for generations to come. 
 

Job Purpose

An opportunity has arisen for a Data Privacy Assistant at Pegasus within the Data and Privacy Team.

Reporting to the Data Privacy Manager, the Data Privacy Assistant will primarily assist the Data Privacy Manager with the day-to-day operation of NGED’s Data Privacy programme.

Key Accountabilities

• With strong initiative and minimal oversight, meet both internal deadlines and external statutory deadlines relating to data subject requests, personal data deletion requests, and information requests from regulators.
• Provide advice and guidance to the business on a wide range of complex Data Privacy matters, including queries on the use of personal data, UK GDPR compliance obligations, business confidentiality requirements and support and influence on various project initiatives providing suitable recommendations.  Engage appropriate external advisors, as needed.
• Maintain NGED’s on-going Data Privacy compliance programme by engaging with business stakeholders to complete Privacy Impact Assessments (PIAs), analysing stakeholder responses, ensuring an up-to-date personal data inventory and Records of personal data processing activities, collaborating with Records Management and Legal Teams to determine appropriate personal data retention periods, and reviewing the privacy posture of proposed third party vendors, among other responsibilities.
• Manage diverse range of data access requests, including Data Subject Access Requests (DSARs) and Environmental Information Requests by contacting all applicable business areas, gathering and collating data, assessing and identifying redactions and exemptions to be applied, and responding to requester in the time frame applicable.
• Support the continuous review of internal Data Privacy policies and procedures, as well as external privacy notices. Assist with annual privacy policy and notice updates.
• Keep abreast of developments within industry using NGED’s legal on the horizon framework. to identify new or changed legislation that could impact the business and assess and understand the regulatory, financial and reputational impact of any proposed changes.
• Extensive knowledge of NGED business and develop and maintain stakeholder relationships across a wide range of departments and teams.
• Take the lead in responding to customer data enquiries such as PSR complaints and general data protection questions,.
• Effective project manager with ability to lead and deliver projects with ability to influence through broad range of internal and external contacts.
• Develop content for and deliver GDPR employee refresher training programme. 
• Support Internal Audit (and, if/where applicable, external auditors) with GDPR compliance audits. 
• Collect and maintain evidence that demonstrates NGED’s compliance with applicable Data Privacy and Records Management legislation. Ensure the evidence is of sufficient quality that is likely to meet the requirements of stipulated regulators and auditors.
• Assist Data Privacy Manager in conducting privacy audits of third party vendors.
• Implement and develop a new Data Privacy Solution platform to automate and mature the Data Privacy programme and fulfil our GDPR obligations. This will require building strong relationships across teams, understanding technology applications and integrations, and the ability to identify, flag, and, where appropriate, escalate process gaps, risks, and inefficiencies.
• Be a point of contact for suspected privacy incidents, ensuring said incidents are investigated and reported to Management within the appropriate timescale. Ensure appropriate remedial actions to prevent a reoccurrence are completed. 
• Organise and present information and, on occasion, present at seminars & meetings to business stakeholders to ensure awareness of Data Privacy obligations and processes.

About You

• Extensive knowledge of UK Data Privacy Laws, obtained through experience and training. CIPP/E preferred. 
• Excellent communication and organisational skills. Comfortable presenting to business stakeholders on legal, policy, and process changes. 
• Industry experience preferred. Able to learn NGED operational and subsidiary businesses.
• Able to meet strict deadlines and operate under minimal supervision.   

Although this role is based in Castle Donington, Derbyshire, you may be required to travel to other NGED and National Grid sites.

As part of our hybrid working approach and in line with our policy, this role allows you to apply for a mix of office and home working. Hybrid working can only be considered once your initial training is complete and subject to business need.

What You'll Get

A competitive salary between £39,000– £45,000 – dependent on capability

As well as your base salary, you will receive a bonus based on personal and company performance and a competitive contributory pension scheme where we will double match your contribution to a maximum company contribution of 12%. You will also have access to a number of flexible benefits such as a share incentive plan, salary sacrifice car and technology schemes, support via employee assistance lines and matched charity giving to name a few.
Not Applicable.