GROUP DATA PROTECTION OFFICER

Location: Flexible on location with visits to our head office in Wimbledon as and when required.

SKILLS AND EXPERIENCE REQUIRED:

• Proven experience of developing and evolving data privacy and data quality strategies across multiple geographies.
• Excellent relationship management and influencing skills.
• Strong written and verbal communication skills.
• Highly organised, with a flexible approach to work.
• Ability to work independently and manage multiple priorities.
• Strong understanding of data processing operations and IT systems.
• Excellent working knowledge of data privacy laws and regulations, in an international context as well as GDPR privacy collection and management.
• Proven experience of interacting with data privacy supervisory bodies.
• Experience of direct marketing operations and the relevant rules and regulations.
• Leading data privacy improvement initiatives / projects at corporate level.
• Implementation of data privacy monitoring programmer covering collation, storage and processing of personal data by both the company and its agents.

Leadership & Culture

• Senior manager responsibility for making sure that D&G, its employees, and agents, are aware of and comply with appropriate data privacy regulations. Provide ongoing advice on data privacy obligations.
• Lead the Group’s strategic thinking on data privacy compliance, driving the standardization of data collection and handling systems, processes and documentation across jurisdictions and activities.
• Together with the Group’s Chief Information Security Officer, assist in strategic leadership on information security matters to ensure compliance with data privacy laws and regulations and international security standards and privacy of data against unlawful access or loss. In addition, provide leadership when the Group’s data management procedures are invoked.
• Assist senior management to introduce and maintain a data privacy culture throughout the Group and maintain visibility and consciousness of data privacy.
• Drive data privacy awareness initiatives, embedding a culture of ethical business conduct and continuous improvement.

Governance & Policy

• Define, implement, and monitor compliant data privacy governance solutions in a group context and at a local level across the Group’s operations.
• Monitor compliance with GDPR and other applicable data privacy laws.
• As part of the strategic focus, keep up to date with privacy developments and governance strategies for data management and use, implementing a continuous improvement programme to raise the Group’s privacy standards.
• Develop and maintain relevant data privacy policies and procedures.
• Prepare data privacy MI and reporting for day-to-day oversight purposes and executive management committees and boards.
• Serve as the point of contact for group data privacy supervisory authorities.

Data privacy risk management

• Implement a documented, Group-wide privacy risk management framework, conduct risk assessments, maintain and update a privacy risk register with documented mitigations and derogations.
• Maintain a network of local managers/contacts in international offices who will assist in data privacy implementation.

Selling standards

• Work with the business and clients to ensure that the Group’s selling practices (point-of-sale, telephone, internet & mail) comply with standards of privacy disclosures and consents, and the data requirements of the Group.

Training & Awareness

• Design and deliver training on data privacy across the Group.
• Ensure senior management and staff are regularly informed on privacy developments relevant to the Group.
• Maintain a privacy knowledge base of relevant laws, guidance, and advice across all jurisdictions, including horizon scanning and maintaining data privacy intranet site.

Monitoring and audits

• Maintain a data privacy monitoring programme covering audits of key business processes and third parties.
• Assist in handling audits by outside agencies such as clients or regulators.

Advice

• Provide expert advice to D&G senior management, employees, and agents across different countries on data privacy requirements, drawing on expertise from local advisors when necessary.
• Provide expert advice in relation to the data privacy issues in Client and Supplier contracts, including issues relating to data ownership.
• Provide expert advice in relation to key Group projects involving the use of data.

Ad hoc

• Oversee processes to ensure prompt and accurate compliance with notification requirements.
• Oversee processes to ensure prompt and accurate fulfillment of subject access requests.

People

• Manage, mentor, and develop a team of data privacy professionals fostering a collaborative and high-accountability culture, and manage team resourcing, succession planning, and skills development in partnership with HR and Learning & Development functions.