Job Description We deliver progress. What you’ll do and how you will make an impact. As a key member of our legal & compliance team, you will have the following responsibilities: Taking ownership of all aspects of our privacy function. Managing UW’s privacy governance framework in compliance with UK GDPR (and other relevant legislation), including advising on and overseeing data mapping and records of data processing, reporting on data privacy compliance within UW and vendor management reviews. Working with key internal stakeholders in the review of operations and projects and related data processing to ensure compliance with data privacy laws, and where necessary, advising on and monitoring data protection privacy impact assessments. You will be the primary point of contact for data protection queries in the business. Serving as the primary point of contact and liaison for the Information Commissioner and other supervisory authorities and individuals whose data is processed by the organisation, on all data protection related matters. Acting as a standing member of the company’s Information Security and Privacy Committee (ISPC) and as DPO will lead ISPC meetings, together with the CISO and will be accountable to the Board. Reviewing vendor contracts and other third party data processing and data sharing arrangements in partnership with UW’s Legal and Information Security functions. Horizon scanning and advising the business on developments in data protection law - including making recommendations to the ISPC when appropriate. Coordinating, conducting and monitoring data privacy audits. Managing, training and developing a team of 5 privacy and data protection specialists Ensuring filing and fee requirements with local Data Protection Authorities are achieved Developing and delivering privacy training to various business functions within UW and collaborating with the Information Security function to raise employee awareness of data privacy and security issues. Collaborating with the Information Security function to maintain records of all data assets and exports, and maintaining a personal data security incident management plan to ensure timely remediation of incidents impacting personal data including impact assessments, breach response, complaints, claims or notifications. Overseeing and advising on responses to data subject rights requests, including data subject access requests (DSARs) and other requests or complaints from individuals. We work together. Your team and the people you will work with… Reporting to the General Counsel, you'll be joining a team of high-performing, Legal & Compliance team who pride themselves on great relationships. You'll work with a range of stakeholders across the business, advising on and navigating a range of commercial legal situations involved in operating a multi-service, consumer-facing business. Your key stakeholders will include colleagues across Commercial, HR, Marketing, Operations, Technology, Partners and Sales.