POSITION DESCRIPTION

The General Data Protection Regulation (GDPR) was introduced in May 2018. It standardises and strengthens the right of European citizens to data privacy by emphasising transparency, security and accountability by Data Controllers. The GDPR imposes new obligations and stricter requirements on organisations in their capture and management of personal data. As a key public utility, ESB collects and processes large volumes of data about its customers, employees and a range of other business partners. This role aligns with our strategic objective of Empowering Customers through growing customer trust (a core ESB value).
ESB have appointed a Data Protection Officer (DPO) in line with our obligations. As the result of an internal promotion we are now looking for an energetic and enthusiastic Data Protection Specialist to work within the Data Protection Office to ensure ESB’s ongoing compliance with Data Protection Laws. As a Data Protection Specialist you will be responsible for supporting the DPO and Data Protection Governance Manager in maintaining our Data Protection compliance with the GDPR, through the application of specialist knowledge as well as management capabilities.
You will be working closely with staff throughout the Group and to ensure that a “Privacy by Design” approach is taken in the design and execution of processes involving personal data. You will also play a key role in responding to Subject Access Requests (SARs) and breaches. Furthermore, you will assist the Data Protection Officer, and ESB, in managing and responding to Data Protection queries, complaints and incidents.

Key Responsibilities

• Leading the Group Data Protection Office in their responsibilities for both SARs (as a first line function) and breaches (second line).
• Stakeholder engagement by supporting the DPO in interactions with external regulators, external peers, Business Unit Data Owners and key internal projects.
• Work collaboratively with the ESB data protection first line teams in the Business Units and with colleagues in key group functions including Group Legal, Procurement, Cyber Security, Data Management and Governance, Data Science, AI and ITD to drive awareness and best practice across the Group.
• Implementation of the assurance framework that includes appropriately reviewing first line processes, challenging the effectiveness of controls in place and highlighting areas of concern.
• Supporting the DPO in preparing assurance reports to August and Risk Committee (A&RC), ExCo and Business Unit Data Owners through the quarterly Governance meetings, including KPI performance and areas of concern to the highlighted.
• Monitor external developments relating to data privacy laws. Ensuring new and emerging risks are highlighted, supporting in the risk assessment of these risks, updating ESB’s Data Protection framework and communicating same to key stakeholders.
• Participate in investigations and audits related to data protection as requested.

• Leading the Group Data Protection Office in their responsibilities for both SARs (as a first line function) and breaches (second line).
• Stakeholder engagement by supporting the DPO in interactions with external regulators, external peers, Business Unit Data Owners and key internal projects.
• Work collaboratively with the ESB data protection first line teams in the Business Units and with colleagues in key group functions including Group Legal, Procurement, Cyber Security, Data Management and Governance, Data Science, AI and ITD to drive awareness and best practice across the Group.
• Implementation of the assurance framework that includes appropriately reviewing first line processes, challenging the effectiveness of controls in place and highlighting areas of concern.
• Supporting the DPO in preparing assurance reports to August and Risk Committee (A&RC), ExCo and Business Unit Data Owners through the quarterly Governance meetings, including KPI performance and areas of concern to the highlighted.
• Monitor external developments relating to data privacy laws. Ensuring new and emerging risks are highlighted, supporting in the risk assessment of these risks, updating ESB’s Data Protection framework and communicating same to key stakeholders.
• Participate in investigations and audits related to data protection as requested