Data Protection Lead (Mid-Senior Level)

ERM ,
London, Greater London

Overview

Job Description

Job Profile Summary To ensure data privacy obligations, including the requirements of GDPR Regulations are implemented across the business and that ERM is set up to remain compliant with the regulation requirements, in order to manage commercial and reputational risk. Job Profile Description ERM has taken steps to ensure compliance with GDPR regulations. Following a recent post implementation review and optimisation programme, a dedicated role has been created to provide ongoing advisory and compliance efforts, and to support ERM in responding to data privacy obligations. Though the primary focus has been the EMEA region, in addition to maintaining ongoing compliance, the role holder will be required to assess data protection in other territories, and then work with stakeholder groups to address and mitigate any identified gaps, executing a change plan to ensure the business is set up to remain compliant. As this role sits within the global HR programmes team, on an ad hoc basis and where capacity permits, the role holder may support additional HR programmes. Job Responsibilities Primary responsibilities in the following areas: * Advisory * Providing advice and guidance to the organisation on GDPR compliance * Advising on the management of data protection issues and privacy matters (such as data subject access requests) * Providing guidance on data breach monitoring, management and reporting * Policy/ Process Maintenance * Reviewing and advising on privacy policies, procedures and documentation, and any necessary changes due to new legislation * Maintaining compliance * Implementing measures and a privacy governance framework to manage data use in compliance with the GDPR * Maintaining awareness and engagement on data privacy globally * Managing data privacy obligations * Completing a data protection impact assessment (DPIA) when new functionalities are introduced or tech launched * Reporting and remediating data breaches * Facilitating data subject access requests * Extension of data protection conventions to other territories * Complete a current state assessment, ensuring data inventories and data flow analysis are comprehensively detailed * Ensure all protocols, policies and processes required for ongoing management of data protection are in place * Review, update and deliver data protection training and awareness activities - with a particular focus on significant users/ processors of personal data * Support with ad hoc HR programme delivery, where capacity permits Behaviours * Program Management * Change Management * Stakeholder Management Work Experience * Senior GDPR consultant with extensive experience of working across European jurisdictions * Expert GDPR knowledge * Change management and the ability to influence with credibility * An understanding of employment law knowledge across European countries would be advantageous. * Commercial acumen to evaluate commercial risk of proposed data management solutions on overall business results Measuring Impact * Compliance with GDPR requirements and assessing potential commercial and reputational risk impact