The Data Protection Officer ("DPO") role is critical to the overseeing of the Groups' data privacy and compliance programmes.
Reporting into the Money Laundering Reporting Officer ("MLRO"), you will have significant responsibility across the organisation. You will ensure that processes are in place to monitor adherence to key regulations, offering advice and guidance for any new or modified regulations as appropriate. You will oversee and implement processes and procedures to ensure compliance with all elements of GDPR in relation to legal obligations, identifying any areas of weakness, to recommend remedial action to ensure that the weaknesses are resolved, and where appropriate, reporting issues to senior management and the board.
The DPO is responsible for all of the data processing activities carried out in the HL group. Their primary duties for data protection are to: inform and advise staff on their obligations; monitor compliance; cooperate with the Information Commissioner's Office ("ICO"); and act as the point of contact for the ICO. The DPO will need to be a person of high integrity, professionalism and have expert knowledge of data protection law and practices, and should have both the authority and knowledge of data protection laws to be able to carry out his or her duties for the level of data protection required for the personal data processed in the HL group when acting as both a data controller and data processor.
We need a dedicated DPO to spearhead preparations for the new GDPR and our wider information security challenges. You will be someone who can identify, define and initiate change and drive implementation. You will have exceptional time management, planning and organisational skills and be comfortable working under pressure. You will be a confident communicator and comfortable working with all levels of the company including stakeholders. You will have a good understanding of the Data Protection environment within the UK/EU and a keen interest in GDPR and the changing regulations within this.
Key duties and responsibilities:
- Being registered with the ICO as the HL group primary contact for managing ICO notifications, including registrations and breach reporting
- Informing and advising HL and its staff about their data protection obligations and compliance with other data protection laws, including through training; there is a continuing obligation to ensure that staff are made aware of any updates or developments from EU or ICO guidance/regulatory changes and court cases which need to be identified and assessed by the DPO
- Maintaining adequate and effective implementation of data protection policies relating to personal data: collection, record creation, maintenance, retention and disposal. This includes periodic checking of the existing policies in place and, if necessary, adapting or designing new ones that are compliant with regulatory requirements
- Responding to business as usual queries in a timely and effective manner, for example contractual queries
- Monitoring data protection compliance with ICO requirements across the HL group including managing internal processes (to address potential issues pro-actively), advising on data protection impact assessments ("DPIAs"), and conducting internal audits; the DPO should work with every department in the HL group to ensure that compliance is followed at every stage of processing
- Ensuring maintenance of comprehensive key data protection records including: advice provided with DPIAs; all data processing activities conducted by the HL group, including the purpose of all processing activities; HL group data maps; and internal data sharing agreements
- Oversight for processing Subject Access Requests received
- Ensuring data subjects are aware of and, where appropriate consent to, how their data is being used, their rights to erasure, portability and access, and what measures HL has put in place to protect their personal information
- Producing management information for the MLRO on the HL group data protection risk
- Other duties as instructed by the MLRO to assist the AML team and Client Protection
- Strong knowledge of Data Protection Act 1998 (DPA), General Data Protection Regulation (GDPR), Privacy and Electronic Communications Regulations 2003 and industry guidance
- Minimum of 3 years’ experience in a senior data protection role
- Significant financial sector experience
- Proven experience of working with senior stakeholders both internally and externally including the ICO
- Direct engagement with UK regulatory bodies
- Educated to degree level (or equivalent)
- Able to conduct the role independently and with integrity
- Ability to plan, organise and prioritise tasks and projects
- Strong personal communication skills capable of dealing with wide range of stakeholders, including senior management
- Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels
Hargreaves Lansdown is an inclusive working environment and values diversity in its workforce. As part of your application we would be grateful if you could complete an equal opportunities section. The information will be used solely for diversity monitoring purposes and is not visible to the person reviewing your application form.