Data Protection Compliance Manager
Milton Keynes - Caldecotte Lake
The Group Risk & Compliance Team is a Second Line team that is responsible for the oversight of First line planning, implementing, managing and controlling all of their Compliance, Risk, Health & Safety, Business Continuity, Information Security and Data Protection-related activities.
The Data Protection Compliance Manager is a new role and will be a key member of the Group Risk & Compliance team to work closely with the Group Data Protection Officer (DPO), the Group Enterprise Risk Director (ERD) and business leadership teams in owning data privacy policies including processes and procedures for the business units (BUs) to follow, and overseeing the controls, together with required monitoring and approval activity undertaken, to provide a second line of defence that BUs are adhering to the privacy policies and so maintaining compliance.
They are to be a subject matter expert in data protection, qualified and have extensive experience in applying data protection law and regulation in a complex multi business unit (BU) environment. They will need to ensure data protection opportunities and challenges are identified and addressed, and BUs meet legislative, contractual and statutory requirements. They are be role models for data protection and data security, and work collaboratively with 1st line operations to build a culture and environment where the role of the Group Risk and Compliance function is recognised as being a key support function of business performance.They work collaboratively and pro-actively with the wider Group Risk and Compliance team and other BU`s to maximise synergies and share knowledge, acting as role models for `One Countrywide` to deliver our strategy and vision.
Examples of what you will be doing:
- Assisting with the drafting and maintaining of Group privacy policies including processes and procedures
- Implementing controls and monitoring of privacy activity in line with the Group privacy policies to ensure business units are maintaining compliance
- Undertake data protection training and draft communications to help raise data protection awareness in the business units
- Help control and manage the data protection and risk management framework to ensure compliance with data protection legislation and the management of data protection risks
- Oversee compliance with the General Data Protection Regulation, the Data Protection Act 2018 and all other related data protection law, regulation and best practice
- To provide data protection advice to the business and act an escalation and approval point of contact for business units
- Handle communications with authorities such as the ICO, data subjects, controllers and other third party as and when required and authorised by the Group DPO
- Undertake horizon scanning and actively participate in projects and changes within the organisation applying the principle of privacy by design and default
- Conduct 2nd line compliance reviews covering data protection, data security and other regulatory and policy compliance where required at regular intervals
- Conduct 2nd line risk reviews of Third Party suppliers due diligence
- Actively participate in data subject rights requests as and where required mainly as an escalation point, and at all times ensure we are able to meet data subject right requests and imposed time scales
- Actively participate in our breach management mainly as an escalation point, and at all times ensure we are able to meet our breach reporting obligations and imposed time scales
- Be key in ensuring compliance with the principle of accountability
- Be key in ensuring we maintain compliance in all marketing activity
This job was originally posted as www.totaljobs.com/job/90730694