Data Protection Officer
Jellyfish
- London
- Permanent
- Full-time
- Implement measures and a privacy governance framework to manage data use in compliance with GDPR and other relevant legislation, including developing templates for data collection, advising on and assisting with data mapping and records of data processing and vendor management reviews.
- Work with team members in the review of operations and projects and related data processing to ensure compliance with data privacy laws, and, advising on and monitoring data protection privacy impact assessments.
- Be the primary contact and liaison for the relevant supervisory authority on all data protection related matters under GDPR and other relevant legislation.
- Serve as the primary contact for data protection queries in the business.
- Review supplier or client contracts (including relevant standard contractual clauses for international data transfers) and other third-party data processing and data sharing arrangements in partnership with the organisation's Legal, Procurement and Information security functions.
- As privacy expert, partner with business teams to evaluate new initiatives, plans, and processes to meet data protection compliance requirements
- Ensure filing and fee requirements with the relevant supervisor authority are achieved.
- Participate in the Data Privacy and Information Governance Committee or similar.
- Manage and conduct ongoing reviews of our privacy governance framework including Binding Corporate Rules (BCRs)] and regular and ad hoc reporting on data privacy compliance within the organisation
- Monitor changes to relevant privacy laws and making recommendations to the Company and any relevant committees.
- Set standards and review policies and procedures globally that meet the requirements under GDPR and any localisation requirements in countries of operation.
- Develop and deliver privacy training to several departments and collaborating with the Information Security function(s) to raise employee awareness of data privacy and security issues and promote a culture of data protection and compliance across the organisation.
- Develop strategies and initiatives to ensure engagement with important team members.
- Coordinate and monitor data privacy audits and addressing any potential issues with solutions.
- Collaborate with the Information Security function(s) to maintain records of all data assets and exports and maintaining a personal data security incident management plan to ensure remediation of incidents affecting personal data including impact assessments, breach response, complaints, claims or notifications.
- Respond to and advising on data subject rights requests, including data subject access requests (DSARs) and other requests from individuals.
- Ensure that our IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including the retention and destruction of data).
- Work with designated in-house Legal Counsel or outside legal advisers who are subject matter experts for data privacy law issues.
- Promote work practices, working as part of Legal and Compliance team member, and showing respect for co-workers.
- Knowledge of GDPR, UK GDPR data privacy and data protection regulations, and an understanding of other major privacy frameworks and evolving legislation worldwide.
- Ability to interact with people at all organisational levels of the firm.
- Experience working in a large, global organisation.
- Ability to work unsupervised and exercise leadership.
- 10+ years' post qualified data privacy experience required.
- Main experience includes GDPR and UK GDPR data privacy laws plus evolving global data and privacy laws.
- 6+ years; experience within a compliance, legal, audit or risk team, with recent experience in privacy compliance.
- Experience developing policy and compliance training