Group Data Compliance Coordinator

at  PayProp

PAYPROP AND REAPIT – WHO ARE WE?

PayProp, a Reapit company, offers a tech platform for letting agents that lets them automate every part of the rental transaction. PayProp is easier to use and more powerful than solutions by banks and traditional software vendors.
We’re a seasoned team of professionals with expertise in property, banking, finance, risk management and technology, as well as building and managing highly secure cloud-based Web applications.
Worldwide, Reapit technology is used by over 78,000 agents in more than 15,000 branches, with over a million properties under management; enabling them to run their businesses, identify opportunities for growth, manage their properties, collect rent, communicate with their clients, and deliver an outstanding customer experience, every time.

Reporting to the Group Head of Compliance, the Group Data Compliance Coordinator (DCC) will be responsible for implementing and maintaining a robust data privacy framework across all jurisdictions in which the Group operates.
Working closely with each jurisdiction’s designated Data Protection Officer (DPO), the Head of Compliance, the Chief Legal Officer, and the Risk Manager, the DCC will oversee data privacy compliance, manage risk, and ensure that the Group’s standards are upheld across all data protection activities.

Key responsibilities include:

• DEVELOP AND MAINTAIN COMPLIANCE FRAMEWORKCreate and sustain a comprehensive data privacy compliance framework, encompassing policies, procedures, and guidelines tailored to meet the specific regulatory requirements of each jurisdiction.
• STAY INFORMED ON DATA PROTECTION LEGISLATIONMonitor changes in data protection laws and regulations, advising the organisation on the implications for cross-border operations.
• PRIMARY SUPPORT FOR DPOSAct as the main support resource for DPOs in each jurisdiction, handling inquiries and requests from regulators and data subjects promptly and ensuring responses meet compliance standards.
• IMPLEMENT TECHNICAL AND ORGANISATIONAL MEASURES (TOMS)Develop, implement, and maintain TOMs across jurisdictions to align with both local requirements and Group-wide data privacy standards.
• MANAGE PRIVACY ASSESSMENTSOversee Data Protection Impact Assessments (DPIAs) and Transfer Impact Assessments (TIAs), identifying and mitigating privacy risks.
• LEAD DATA BREACH RESPONSESManage responses to data breaches, ensuring timely notifications to regulatory authorities and affected individuals as legally required.
• MAINTAIN DATA BREACH RESPONSE PLANDevelop, implement, and maintain a Data Breach Response Plan, ensuring all Group entities are prepared to respond effectively to incidents.
• CONDUCT POST-INCIDENT REVIEWSCollaborate with relevant DPOs, the Head of Compliance, the Group Risk Manager, and others to conduct reviews after incidents and implement corrective actions to mitigate future risks.
• MANAGE DATA SUBJECT ACCESS REQUESTS (DSARS)Handle DSARs, ensuring responses are timely and accurate to meet legal obligations.
• ENSURE EFFECTIVE HANDLING OF DATA SUBJECT RIGHTS REQUESTSEstablish processes for handling requests relating to data erasure, portability, and rectification in a compliant and efficient manner.
• DELIVER DATA PRIVACY TRAININGDesign and deliver training programmes on data privacy for all departments and jurisdictions, raising awareness and ensuring compliance.
• MONITOR VENDOR AND PARTNER COMPLIANCEAssess and monitor data protection practices of vendors and partners, focusing on higher-risk areas to ensure alignment with the Group’s privacy policies and effective risk mitigation.
• SUPPORT VENDOR ONBOARDINGParticipate in the evaluation and onboarding of new third-party vendors, ensuring compliance with relevant SOPs and privacy policies.
• REPORT ON DATA PROTECTION STATUSProvide regular reports to the board and senior management, offering insights into data protection status, associated risks, and areas for improvement.
• MAINTAIN DOCUMENTATIONKeep detailed records of all data privacy activities to ensure readiness for internal audits or regulatory inspections.

This role is vital in upholding the Group’s commitment to data privacy and ensuring the compliance of its operations across diverse jurisdictions.