ROLE OVERVIEW The Data Privacy Team is part of JTC's Group Legal function working with all areas of the business and closely aligned to JTC's Risk & Compliance and Information Security Departments. The team works closely and collaborates with jurisdictional Data Protection Representatives located throughout JTC's group offices. PURPOSE OF JOB The focus of the role is to (a) act as the Data Protection Representative for the Jersey Office and (b) assist the Data Privacy Governance Officer with group level compliance. The Jersey Data Protection Representative element of the role involves managing day to day compliance requirements for the Jersey office including assessing personal data breach notifications and responding to Subject Access Requests. The role is the main point of contact for queries in relation to the Jersey entities' compliance with the Data Protection (Jersey) Law 2018. The role also includes collaboration with the DPGO on the continuous development and enhancement of JTC's privacy framework and manage related projects on an ongoing basis. The role will include a proactive advisory service that supports business functions and strategy. MAIN RESPONSIBILITIES AND DUTIES Data Protection Representative: act as Data Protection Representative for JTC's Jersey office, providing guidance and assistance to all divisions operating from the Jersey office, including: Data Breaches: review and assessment of Data Protection breaches reported by the Jersey office and report to the JOIC where required and liaise with relevant stakeholders. Investigate the impact on JTC, its clients and employees and recommend required actions. Identify and work with business to embed breach mitigations. Data Subject Access Requests: manage delivery of completed subject access request received by Jersey entities from initial inquiry to completed response and or document set provision to closing. Data Protection Impact Assessments: work with the applicable stakeholders in the Jersey office to ensure assessments are accurately completed and data protection risks are recognized. Data Privacy Policies, Standards and Procedures: provide advice and clear guidance to the Jersey staff on how to comply with Data Privacy Policies, standards and procedures as well as best practice. Records of Processing: review and maintain the Records of Processing Activities relevant to the Jersey office. Due Diligence Questionnaires: provide appropriate responses to due diligence queries raised by clients in relation to services provided by the Jersey entities. Ad hoc advice around specific areas or data privacy queries: provide guidance and advice to the business on data protection compliance. JTC Global Data Sharing Agreement: Work with various stakeholders across the JTC Group to identify and document data sharing and outsourcing in order to assist the DPGO in drafting a Global Data Sharing Agreement. Data Protection Representative Toolkit: Work with the DPGO to build a toolkit of guidance and templates for use by the other Data Protection Representatives within the Group. Contract Review: Work with DPGO and the Group Legal team to review and update relevant contracts to ensure appropriate data protection clauses are included. DDQ Library: Review and suggest amendments to the bank of data protection responses maintained for Client Due Diligence Questionnaire. Integration Projects: Analyse and assess risks relating to the acquisition of new entities and assist the DPGO with integrating the new entity into the JTC Group. Gap Assessment: Assist the DPGO with undertaking a compliance maturity assessment of the JTC Group including interviewing stakeholders and producing a report. Alignment Project: Assist the DPGO with creating a plan to close any compliance gaps identified in the Gap Assessment and action tasks required implement the project. General DPGO assistance: Provide support to the DPGO as required which may include responding to data protection queries from the wider group, conducting research into data protection laws and guidance, collating statistics for internal reporting purposes. Adhere to JTC core values and expected behaviors. Any other duties as deemed necessary by JTC Senior Management. ESSENTIAL REQUIREMENTS Comprehensive understanding of the GDPR and/or Data Protection (Jersey) Law 2018. 3 years' experience working in the field of data protection. CIPP/E or CIPP/M qualifications are strongly desired but not essential. Legal qualification or training. Ability to work independently as well as part of a team. Excellent interpersonal and collaboration skills. Ability to communicate effectively (verbally and written).