The GDPR Programme requires two (2) mid-senior level data protection advisers/consultants to support the GDPR Programme Lead (also the GDPR SME) in ensuring the Group is prepared for compliance with the EU GDPR. In particular, this will involve assessing the documented data processing environment and data flows against the requirements of the GDPR (and other applicable laws) to identify gaps and guide the business in addressing these.
The roles will require a comprehensive understanding of UK Data Protection and EU GDPR laws and good practice, as well as how they can be applied and managed. Both advisers will be engaged in all aspects of the GDPR, including educating/training GDPR team members and the Business. We are not looking for someone who dictates the rules from a distance; (s)he must be prepared to offer pragmatic, risk-based options and recommendations.
One adviser will have a particular focus on Third Party Relationships, working closely with procurement and business colleagues to risk-assess all relevant third party arrangements, review the status of contract compliance, and support the Group in devising a commercial and legal strategy to bring existing relationships/contracts in line with the GDPR, as well as assist with the creation of new policies and procedures for future engagement and monitoring of relevant third parties.
In-depth knowledge of EU GDPR and UK data protection laws, good practice, and the Regulator’s approach
Significant experience (min 5 years) advising specifically on data protection/GDPR requirements from a legal or compliance perspective
Must have had responsibility, with minimal supervision, for assessing, monitoring and/or auditing products/services/processing activities for compliance with data protection/GDPR laws and regulations
Have worked with colleagues from all over the business, including IT professionals, to find practical, risk-based solutions to DP/GDPR compliance
One adviser must have solid legal contracts experience i.e. identifying DP/GDPR risks and issues, defining controller/processor roles, advising on required due diligence standards and procedures, and reviewing necessary contractual terms and processing "instructions" (covering both the legal requirements and commercial liabilities flowing from the GDPR). Experience from both data controller and data processor perspectives highly advantageous.
Involvement in designing, building, and embedding a privacy risk framework
Experience working within a mortgage or wider retail financial services environment, or at least a strong understanding of the operational and regulatory environments of organisations within these industries
Skills & Knowledge
Can translate complex DP/GDPR concepts and principles into meaningful and relevant information, and communicate these effectively
Clear understanding of, and appreciation for, good governance, record-keeping, and audit trails
Highly organised and methodical in approach
Robust, yet flexible, in managing relationships and own workload
Confident working with senior leadership/executives, and able to challenge effectively
Can think strategically, as well as deal with the details
An understanding of information technology
Bank or payment details should not be provided when applying for a job. reed.co.uk is not responsible for any external website content. All applications should be made via the 'Apply now' button.Report this job