Data Protection Manager (UK and EU)

at  Gallagher

Introduction:
Discover a world of endless possibilities at Gallagher Benefit Services, where you’ll have the power to shape the future of workplaces across industries. As a member of our team, you become the driving force behind positive change, helping clients build environments where employees thrive. Embrace the opportunity to impact lives, unlock potential, and create a legacy of remarkable transformation.
We believe that every candidate brings something special to the table, including you! So, even if you feel that you’re close but not an exact match, we encourage you to apply.
Overview:
The GBS Data Protection Manager EMEA is a key role responsible for developing and implementing data protection strategies, policies, standards, procedures, and training materials across GBS EMEA businesses. Reporting to the DPO, the Data Protection Manager plays a crucial role in safeguarding the privacy and security of personal and commercial information, ensuring compliance with privacy laws and regulations.

How you’ll make an impact:

• Data Protection Strategy: Assist the DPO in developing and executing a comprehensive data protection strategy aligned with business objectives and regulatory requirements.
• Policy Development: Create and maintain data protection policies, standards, training, and guidance notes to ensure compliance with applicable laws and best practices.
• Stakeholder Engagement: Build strong relationships with key stakeholders within the Global Privacy Office, Gallagher Privacy Leads and Champions, GBS, other Gallagher group businesses, and industry peers.
• Privacy Advice and Support: Provide expert advice and guidance on privacy-related matters, including data sharing, international data transfers, consent management, data subject rights, data incidents, vendor risk management, and privacy complaints.
• Compliance Monitoring: Monitor data protection compliance across GBS EMEA businesses and assess the effectiveness of data protection systems and controls.
• Record Keeping: Maintain robust records of the GBS EMEA privacy framework, responsibilities, controls, testing and monitoring results, risk assessments, and produce reports for Risk Committees and boards.
• Incident Response: Assess and handle personal and commercial data breaches, ensuring compliance with reporting obligations and providing guidance for containment and mitigation.
• Data Subject Rights: Handle data subject rights requests and third-party requests for personal data, including redaction of data when necessary.
• Privacy Risk Assessments and Data Transfer Impact Assessments: Conduct privacy risk assessments for new or amended personal data processing activities and perform data transfer impact assessments as required by law.
• Vendor Risk: Assess and manage privacy risks in relation to Gallagher’s supply chain.
• Complaints: Handle privacy-related complaints sensitively.
• Mergers & Acquisitions: Support privacy due diligence for mergers and acquisitions and their integration or divestiture.
• Contract Risk: Provide privacy practitioner advice on data protection contractual terms.
• Training and Awareness: Train colleagues on privacy risks and provide coaching and support to GBS Data Protection Advisers.
• Industry Knowledge: Stay up-to-date with emerging trends, technologies, and legal developments in data protection and privacy.
• Conduct: Carry out duties following internal policies, procedures, and applicable laws, ensuring good governance and client-centric approach.

About you:

Qualifications:

• Experience in an operational or consultative data protection role.
• Privacy qualifications/certifications preferred (e.g., CIPP/E, CIPM).
• Proven knowledge of UK and European data protection laws and regulations (e.g., GDPR, PECR, UK DPA).
• Experience in risk management processes and providing privacy advice in line with Data Protection Laws.
• Knowledge of employee benefits, pensions, insurance broking, or the insurance sector is advantageous.
• Knowledge of IT and/or Security is advantageous.

Experience:

• Working with various stakeholders, including business divisions and central service functions.
• Working in a fast-paced environment with challenging deadlines.
• Strong team player with the ability to support colleagues and foster a strong team culture.
• Handling data breaches, data subject rights requests, privacy complaints, and privacy risk assessments.
• Assessing supply chain privacy risks.
• Creating data protection procedures and training materials.
• Working alongside offshore teams is advantageous.
• Working effectively in shared mailboxes.

Compensation and benefits:
On top of a competitive salary, great teams and exciting career opportunities, we also offer a wide range of benefits.

Below are the minimum core benefits you’ll get, depending on your job level these benefits may improve:

• Minimum of 25 days holiday, plus bank holidays, and the option to ‘buy’ extra days
• Defined contribution pension scheme, which Gallagher will also contribute to
• Life insurance, which will pay 4x your basic annual salary, which you can top-up to 10x
• Income protection, we’ll cover up to 50% of your annual income, with options to top up
• Health cash plan or Private medical insurance

Please refer the Job description for details