Close Brothers Group
,
London, Greater London
Data Protection Analyst
Overview
Job Description
This role sits within the Group Data Protection team, as part of the second line of defence, working closely with the Data Protection Manager and Data Protection Officer to embed the Group's Data Protection framework and approach for effective data protection management. The role acts as a bridge between Group-level data protection activities and business-specific management of related risks. It assists specific businesses in managing their data protection risks in line with group wide requirements, and in transparently managing their related risks. Key Responsibilities: Business Advice and Stakeholder Engagement * Advise business stakeholders when completing Data Protection Impact Assessments for new and revised processing of personal information, especially regarding assessment of risk and associated control implementation. * Advise business stakeholders within context of third-party management where personal information is at risk, in collaboration with Information Security and Procurement teams. * Assist in investigation, resolution and remedial action of data protection related incidents. Report outcomes to the Data Protection Officer and local Risk and Compliance Committee. * Respond to ad-hoc data protection queries from business stakeholders. * Host regular sessions with stakeholders in covered businesses, to build awareness of data protection requirements and to highlight areas of emerging risk. * Deliver data protection training tailored to roles and responsibilities of individuals within the business. Monitoring * Review and challenge data protection related documents produced by covered businesses, including documents such as Data Protection Impact Assessments, Information Asset Registers and Fair Processing Notices. * Monitor completion and accuracy of Information Asset Registers * Confirm that Fair Processing Notices remain appropriate and current * Confirm that data subject request procedures are appropriately implemented and effective * Review high risk supplier contracts as identified through the Data Protection Impact Assessment process * Ensure Information Asset Owners are aware of their responsibilities and have relevant business unit procedures aligned to the Group Data Protection Policy. * Support the Data Protection Manager in organising the bi-monthly Data Protection Forum Reporting * Escalate data protection risks and issues to the Data Protection Officer and via challenge of business representation of their data protection related risks at their Risk and Compliance Committees. * Review business-reported management information, challenging its accuracy, conclusions drawn from it, and appropriateness of actions to address any issues identified