Job Application

Deputy Data Protection Officer

Location: Reading Hybrid 2 days per week office based

The Role:

We are seeking a highly experienced Privacy Lawyer who is eager to embark on a new challenge and channel their passion for data protection in a dynamic and innovative environment. As a key member of this team the Data Protection and Privacy Officer (DDPO) will play a pivotal role in shaping and ensuring the organisation's compliance with UK data protection laws and regulations.

Key Responsibilities:

As the Data Protection and Privacy Officer, you will:

• Provide specialised, pragmatic, regulatory, and legal guidance to ensure the implementation of policies, processes, and controls aligned with UK data protection laws.
• Demonstrate a deep understanding and knowledge of UK data protection legislation and regulatory regimes, with a proven track record in the field (ISEB/CIPPE qualification is desirable).
• Offer compliance support for data protection, including conducting monitoring reviews and managing large customer data sets in a B2C environment, especially in the context of marketing activities.
• Apply Privacy by Design and Default principles, conduct Data Privacy Impact Assessments, and independently assess data breaches.
• Showcase strong communication and interpersonal skills, fostering relationships internally and externally, and effectively managing key stakeholders.
• Collaborate with various stakeholders, including Compliance, Legal, InfoSec, and other business units, to identify and implement legal and regulatory requirements related to data protection laws.
• Review and provide guidance on the development of compliance-related policies, procedures, processes, and controls, facilitating alignment with applicable laws and regulations.
• Support with Data Sharing Agreements (DSA) and contractual requirements.
• Collaborate with the Risk & Compliance team to provide comprehensive support to the business.
• Facilitate the identification, investigation, management, and resolution of compliance-related issues.
• Prepare relevant compliance reports to meet both internal and external regulatory requirements.
• Engage with front-line operational business teams to inform and advise on data protection obligations.
• Monitor compliance with UK-GDPR and other data protection laws, conducting internal data protection activities and compliance reviews.
• Ensure proper registration under the law and maintain an active article 30 register of processing activities, driving audit and data management processes.
• Manage data privacy breaches, identify root causes, implement mitigations, and monitor to prevent recurrence.
• Work closely with the business to embed data protection compliance into transformation programs.
• Oversee the subject access request process and individual rights, identifying and evaluating data processing activities.

Key Requirements:

• Comfortable working under pressure, adaptable to ambiguity, and capable of managing multiple tasks simultaneously.
• Proven experience in the field of data protection, preferably with an ISEB/CIPPE qualification.
• Your subject matter experience and expertise will be crucial in your success, with a focus on compliance support and monitoring reviews.
• Previous experience in a B2C environment, particularly with large customer data sets and marketing.
• Strong understanding of UK data protection legislation and regulatory regimes.
• Demonstrable experience in Privacy by Design and Default, Data Privacy Impact Assessments, and managing data breaches.
• Excellent communication and interpersonal skills, with the ability to build and maintain relationships.
• Ability to work collaboratively, plan, organize, and prioritize activities to meet business objectives.

If you are a passionate Data Protection professional and Privacy Lawyer seeking a new challenge and possess the skills and expertise outlined above. Apply now!

Project People is acting as an Employment Business in relation to this vacancy.