ERM
,
London, Greater London
Data Privacy Lead (Mid-Senior Level)
Overview
Job Description
ERM is seeking a Data Privacy Lead to provide advice and counsel to the business on all aspects of data privacy, ensuing our data privacy to clients and staff are met. This includes ensuring that requirements of GDPR Regulations are implemented across the business and that ERM is set up to remain compliant with the regulation requirements, in order to manage commercial and reputational risk. ERM has taken steps to ensure compliance with GDPR regulations. Following a recent post implementation review and optimisation programme, a dedicated role has been created to provide ongoing advisory and compliance efforts, and to support ERM in responding to data privacy obligations. Though the primary focus has been the EMEA region, in addition to maintaining ongoing compliance, the role holder will be required to assess data protection in other territories, and then work with stakeholder groups to address and mitigate any identified gaps, executing a change plan to ensure the business is set up to remain compliant. As this role sits within the global HR programmes team, on an ad hoc basis and where capacity permits, the role holder may support additional HR programmes. Primary responsibilities in the following areas: * Advisory * Providing advice and guidance to the organisation on data privacy and GDPR compliance * Advising on the management of data protection issues and privacy matters (such as data subject access requests) * Providing guidance on data breach monitoring, management and reporting * Policy/ Process Maintenance * Reviewing and advising on privacy policies, procedures and documentation, and any necessary changes due to new legislation - implementing "privacy by design" in business processes * Maintaining compliance * Implementing measures and a privacy governance framework to manage data use across the company, in compliance with the GDPR and other relevant legislation or commercial imperative * Maintaining awareness and engagement on data privacy globally * Managing data privacy obligations * Completing a data protection impact assessment (DPIA) when new functionalities are introduced or tech launched * Managing third-party due diligence risk assessment process for privacy risks * Reporting and remediating data breaches * Facilitating data subject access requests * Extension of data protection conventions to other territories * Complete a current state assessment, ensuring data inventories and data flow analysis are comprehensively detailed * Ensure all protocols, policies and processes required for ongoing management of data protection are in place * Review, update and deliver data protection training and awareness activities - with a particular focus on significant users/ processors of personal data Behaviours * Program Management * Change Management * Stakeholder Management Work Experience * Senior GDPR consultant with extensive experience of working across European jurisdictions * Expert GDPR knowledge * Change management and the ability to influence with credibility * An understanding of employment law knowledge across European countries would be advantageous. * Commercial acumen to evaluate commercial risk of proposed data management solutions on overall business results