Data Protection Specialist
Overall Job Purpose
• The purpose of the DPS (data protection specialist) role is to ensure that adheres to and complies with applicable data protection laws and relevant codes of practice. The data protection specialist will liaise with the data protection specialists at Group Level and in within Legal, and will support relevant teams on data protection issues for UK activities including in other departments/ functions and group entities, to ensure coordination across the UK territory.
• The DPS will ensure legal advice is followed by providing guidance to the Business and the Functions where necessary and, working with various other teams, will project manage the implementation of this guidance.
• The DPS will lead on GDPR implementation.
• The DPS will respond to subject access requests, on behalf of London Branch, manage notifications and also monitor and check compliance to data protection laws and codes of conduct.
• The role requires the candidate to be able to converse with, present to and advise UK senior management in respect to data protection. In addition the candidate will need to liaise with persons at Group Level and at global steering committees to promote the topic.
• The role works closely with Legal and the right candidate will be expected to know and keep upto-date with the relevant law and understand its practical interpretation. The candidate will need to take advice issued by Legal and devise creative and practical implementation plans to ensure compliance with the law in potentially difficult circumstances with conflicting objectives.
Key Responsibilities and approximates time split
• Monitor legislative and regulatory reform and updates affecting UK activities and provide practical guidance on key UK data privacy issues in the financial services sector to support UK territory and Group wide projects.
• To lead on and be the data protection SME in respect to the implementation of GDPR and to provide support on GDPR implementation across UK activities.
• Liaise with Legal in relation to legal and regulatory developments and their implications in the UK. Support preparation of relevant responses to inquiries from the Information Commissioner or any other legal or regulatory body.
• Provide support and share knowledge with all UK entity DPOs and hold regular forums to discuss progress on existing projects and any issues; to ensure coordination across UK Territory.
• Provide assistance to the Business, Functions and all entities within the UK and globally, on implementing advice from Legal.
• To represent data protection at the Data Governance Committee, and other relevant UK committees, presenting on topics of responsibility. 0
• Manage and respond to subject access requests (SAR) potentially including working with external legal counsel, reviewing data and assessing for personal data content, identifying and redacting privileged, confidential and non-personal data (with the assistance of Legal where necessary), creating response packs and management of SAR documentation.
• Work with the Business and Functions to ensure compliance with obligations under relevant data protection laws and codes of conduct and provide support for compliance across all UK activities and entities.
• To provide assistance on data privacy aspects of social media policy, marketing, websites and other bank initiatives, audit all areas of the bank and ensure supportive policies are in place.
• Provide data protection training and work to increase awareness and compliance at all levels of the business.
• Maintain all relevant policies and procedures, ensuring they are compliant with current laws and codes of conduct.
• File and update Information Commissioner Notifications.
• A lawyer (a practising certificate is not required) with at least two years of post-qualification experience in data protection or Senior Data Protection Officer with at least three years solid experience within a large Financial Institution or Corporate.
• Experience and a keen interest in data protection matters, including transactional work and standalone advice (such as data security, audits, compliance, policies, subject access requests and international reviews).
• A good understanding of data privacy governance models and controls, with particular reference to the financial sector.
• Proven ability to manage work and projects across entities and regions.
• Familiarity in translating complex legislation or legal advice into specific and clear business focused guidance.
• An excellent understanding of data protection legal and regulatory obligations within the UK and a good technical understanding of international privacy legislation and regulation.
• It is essential that the candidate has strong communication and interpersonal skills, including training experience.
Essential Skills / Competencies
• Attention to detail.
• The ability to write good quality, detailed and accurate documents and procedures.
• Ability to effectively manage own time.
• Can do attitude with ability to work autonomously as well as in a team.
• Ability to remain impartial to ensure that risks are highlighted correctly at senior management