An international business is looking for a Privacy Manager to continue establishing their Data Privacy programme across the board. This will include developing processes, policies, and procedures, as well as the monitoring and assurance framework. The successful individual will work closely with the legal and IT teams, with a dual reporting line to the Senior Legal Counsel and UK CEO.
Role overview
- Managing GDPR compliance for UK and Group.
- Developing and maintaining framework for privacy compliance reporting from country teams to Group.
Main Responsibilities
- Acting as the primary point of contact for data protection queries for UK and Group.
- Identifying and assessing privacy risks within UK and Group, and developing and actioning strategy to address risks.
- Hosting Group Privacy Steering Committee.
- Managing privacy compliance reporting from international businesses to Group Privacy Steering Committee.
- Collating and presenting periodic compliance updates to the Group Privacy Steering Committee and UK Risk Committee.
- Continuing programme of implementation of privacy governance framework, and support policies and procedures to manage data privacy in the UK. Communicate the UK framework to teams beyond the UK by way of knowledge sharing.
- Working with Learning & Development (HR) to oversee and signing off privacy training to raise employee awareness of data privacy issues.
- Working with Information Security team to continue to evolve data governance and privacy compliance processes.
- Training and working with privacy champions across UK and Group.
- Acting as escalation point for queries on data subject rights requests, including data subject access requests (DSARs).
- Advising business on privacy incidents and breaches (including making ICO notifications).
- Working with key internal stakeholders in reviewing operations and projects and related data processing to ensure compliance with data privacy laws, and advise on and monitor data protection privacy impact assessments where necessary.
- Overseeing development and maintenance of records of data processing activities, draft transparency notices, and data processing agreements.
- Monitoring changes to local privacy laws and making recommendations to the Group Privacy Steering Committee or UK Risk Committee when appropriate.
- Designing monitoring and assurance framework for global data privacy compliance.
- Maintaining policies, procedures, and records to evidence compliance with GDPR.
- Reviewing or populating data processing agreements and EU standard contractual clauses.
- Where necessary, instructing and managing external legal advisers on data privacy law issues.
- Acting as primary point of contact and liaison for the Information Commissioner.
- Managing filing and fee requirements with local Data Protection Authorities for the UK and Ireland.
Skills/Knowledge Required
- In-depth understanding of European and UK data privacy and data protection regulation, and an awareness of other major privacy frameworks and evolving legislation worldwide.
- Knowledge of information technology and data management systems.
- Well-developed and professional interpersonal skills; ability to communicate effectively with people at all organisational levels.
- Ability to quickly establish familiarity with a large business and develop a network within it.
- Excellent writing and presentation skills.
- Ability to work unsupervised and influence change.
- Detail-oriented approach needed to recommend and implement strategic improvements on a range of data privacy and data protection issues.
- Change and project management skills, including the ability to manage time well, prioritise effectively and handle multiple deadlines.
Qualifications
- Ideally holding at least one data protection and/or privacy certification, such as CIPP, CIPT, CIPM, ISEB, etc. (preferred) or willingness to achieve within a short period of joining.
