Job Description
As the Data Protection Officer you will be responsible for the design and delivery of complex reviews to ensure the company is managing its regulatory requirements for the Data (Use and Access) Act 2025, Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR) and the Privacy and Electronic Communication Regulation (PECR).
A Key area of focus for the role is supporting colleagues in relation to all data protection related queries and incidents as well as ensuring that the company is appropriately compliant with the requirements of the Data Protection Laws and best practice.
The DPO will set and drive the Group's Data Protection Compliance strategy, through the development and oversight of the Data Protection Compliance Framework and ongoing monitoring activities.
Article 39 UK GDPR Statutory Obligations:
As the Data Protection Officer, we are looking for someone to:
* Inform and advise the controller, or the processor, and the employees who carry out processing of their obligations to this Regulation, to other Union or Member State data protection provisions and other domestic law relating to data protection
* Provide advice for the data protection impact assessment and monitor its performance pursuant to Article 35
* Cooperate with the supervisory authority - the Commissioner
* Act as the point of contact for the supervisory authority on issues relating to processing; including the prior consultation referred to in Article 36, and to consult where appropriate about any other matter
* Look at the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing
* Inform and advise the organisation and its employees about their obligations to comply with the Data Protection Laws
* Monitor compliance with the Data Protection Laws
* Be responsible for building and maintaining a Data Protection Compliance Framework, including managing the subsequent activities required e.g. managing personal data inventory, DPIA's, Data Processors and other third party compliance activities
* Be the first point of contact for the Regulator, and other supervisory authorities, and for individuals whose data is processed
* Liaise with key stakeholders in order to design and deploy appropriate data processor contracts and data protection policies, taking full account of all regulatory and legislative requirements
* Manage a team of 3 colleagues (1 Direct report)
Qualifications
Essential:
* Experienced Data Protection professional with substantial experience as a Data Protection Officer
* Excellent and effective communication, negotiation, influencing and interpersonal skills
* Expertise in UK and EU data protection laws and an in-depth understanding of the UK GDPR
* Ability to demonstrate technical knowledge and awareness of current data management and communication technologies.
* Experience of continuous improvement activity driving high performance
Desirable:
* CIPP/E
* CIPT
* CISM
* Advanced report writing experience
If you feel you have some of the skills mentioned above, but not all, please do still apply and we would be happy to have a further discussion with you in regards to your suitability for the role.
Additional Information
Together embraces diversity and inclusion, and are proud to be an equal opportunity workplace. Not only do we welcome difference – we celebrate it, support it and really value our colleagues for who they are. We are committed to building a team that represents a variety of backgrounds, perspectives and skills.
If you feel you'd benefit from any support or reasonable adjustments during any stage of the recruitment process, please don’t hesitate to let us know when completing your application. This information will be picked up by our team, so we can try and put steps in place to help you be at your best through this process.
Please note that all successful applicants will undergo relevant employment reference, financial and criminal record checks.