Your future


| Fulfil your potential


Group Data Protection & Privacy Officer at Haymarket

September 27, 2014

This job posting is no longer active

Brand/Title Description

The role of the Data Protection Officer is as a business enabler, to help HMG maximise opportunities from its collection, storage and use of personal data.

The role of the Data Protection Officer is to ensure that HMG UK complies with the Data Protection Act 1998 and any applicable rules regarding privacy and information security, to ensure that employees are fully informed of their own responsibilities for acting within the law and that data subjects are adequately informed of the purposes for which we process data and their rights under the Act and any other relevant legislation.

The job holder is a member of the compliance team and interfaces with those responsible for data protection in the businesses and with data protection regulators.

The job holder is responsible for ensuring that the Board and senior management are apprised of all issues relating to data protection across the Group, including data breaches and their resolution.

Person Specification

Key responsibilities
Ensuring organisational compliance, and conformance with the Data Protection Principles:
• Producing an annual Compliance Monitoring Plan 
• Compliance monitoring reviews as set out in the Plan and those undertaken on an ad hoc basis, to include recommendations for change and subsequent confirmation that recommended changes have been put in place
• Providing assurance to senior management that data risks and breaches are managed appropriately
• Creating and maintaining a data asset register – holding and maintaining a list of the locations of customer and staff data within the business

Maintaining and updating own knowledge of developments in Data Protection issues, information management and records management systems.
• Disseminating new rules/regulations on Data Protection Act to staff
• Keeping abreast of proposed and actual changes in regulation, assessing their impact on the business and advising departments and committees on them
• Ensure written information on Data Protection is available for provision to customers and employees.

Assess level of compliance within divisions and functional departments
• Be a resource for other employees of the division by providing expert advice on the Data Protection Act and related issues. 
• Set up a Data Protection group with representatives from divisions.

Co-ordinate and deliver Data Protection Act activities (including training) with other functional groups (e.g. Legal, IT, HR, Marketing, Finance). 
• Identify data owners likely to hold commercially or legally sensitive information. 
• Ensure those staff are aware of the issues and their responsibilities (what is the data, how it is used, who has access to it, how long it should be kept and in what format).

Reviewing existing policies and develop, implement and enforce a suitable and relevant Data Protection/Information Security policies and procedures.
• Provide advice on projects, programmes and data sharing.
• Advise data controllers on the Data Protection Act including on the Privacy and Electronic Communications regulations where appropriate and their implementation within each department’s area of responsibility.
• Advise on all elements of processing personal data abroad and on the requirements and implications of local Data Protection laws.
• Identification of and advice on data protection risks as these relate to company
• Advice on and identification of data protection risks relating to all major projects proposed or undertaken by the business, including but not confined to risks around supplier relationships and transfer of data to third parties
•  Identification of and advice on regulatory requirements that apply to marketing and customer contact campaigns

Leading on Information Commissioner’s complaints as well as helping with the resolution of complaints from the public and staff with data protection complaints
• Undertake reporting/remedial action as required
• Maintain a log of any incidents and remedial actions and recommendations
• Arrange for the notification of companies’ Personal Data Processing registration with The Information Commissioner
•  Monitor, annually review and amend the organisation’s ICO notification(s).

Conduct frequent audits of data for compliance.
• Maintain an internal register of Personal Data Processing projects and systems.
• Advise all staff arranging for data to be processed on behalf of the company by outside contractors, on the statutory requirements of the Data Protection Act to be included in contracts.
• Carry out Privacy Impact Assessments on all systems processing personal data from time to time.
• Ensure that the Data Protection aspects are properly covered in the governance documents of all systems processing personal data.
• Provide formal compliance reporting.
• Review should include, but not be limited to:
  -Sales processes and processes around product launches;
  -Contact centre processes;
  -Suppliers of outsourced services;
  -Issues relating to new and existing business practices, including review and sign-off of customer facing materials, web pages, social media, training materials and sales aids;
  -Issues relating to corporate governance

• Degree level or equivalent; compliance related qualifications such as IEB or PDP would be advantageous
• Demonstrable compliance experience within a complex organisation
• Knowledge of the DPA 1998 and PECR 2003 and other legislation related to marketing and proven experience of its application

• Proven experience of carrying out systems audit and drafting formal documentation

• Can propose effective commercial solutions to clients and colleagues, acts as a business advisor
• Can analyse complex legal and commercial issues; can develop  strategies and argue points constructively and succinctly
• Strong communication skills; able to exercise tact and diplomacy in an organisational setting

• Strong interpersonal skills Able to effectively negotiate with and influence colleagues and others to achieve a successful outcome

• Strong organisation and planning skills. Able to work under pressure to tight project deadlines and can adapt to differing demands; prioritising tasks, where appropriate
• Self motivated, team player able to work effectively with diverse groups and also on own initiative
• Strong problem solving and analytical skills; can clearly explain and present problems and issues to others and contribute to their resolution

How To Apply

This role will be reporting into the Chief Financial Officer and is the role is split between Hammersmith and Teddington

Haymarket is an equal opportunities employer and welcomes applications from all areas of the community.

If you are interested in applying for this position please click the ‘Apply Here’ button below