Data Protection Officer

Expiring today

£60000.00 per annum
23 Sep 2016
23 Oct 2016
Rory Strong
Contract Type
The Data Protection Officer should be the nominated officer in the Data Protection register maintained by the Information Commissioner.
The purpose role of the DPO is to ensure that the organisation complies with the Data Protection Act 1998, and to ensure that employees are fully informed of their own responsibilities for acting within the law and that the public, including employees, are informed of their rights under the Act.

*Inform and advise the Group and its employees about their obligations to comply with the General Data Protection Regulation (GDPR) and other data protection laws
*Monitor compliance with the GDPR and other data protection laws, including managing internal data protection activities, advise on data protection impact assessments; train staff and conduct internal audits
*Be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers, etc.)
*Develop, Implement and enforce a suitable and relevant Data Protection Policy (including best practices) and ensure it is reviewed on an annual basis
*Assist with investigations into complaints about breaches of the Act and undertake reporting/remedial action as required. Maintain a log of any incidents and remedial recommendations and actions
*Develop, Implement and enforce a suitable and relevant Data Sharing Code of Practice and ensure that third parties which deals with comply with the necessary practices and agreements held
*Responsibility for database checks, managing enquiries with the external regulator
*Dealing with all enquiries from the public and requests from police, handling requests under s7 DPA,
*Registering Breaches.
*Carrying out site visits in order to deliver training to the wider businesses.
*Provide competent and timely support and advice on data protection
*Ensure that the the Group complies with the Data Protection Act 1998 and related legislation and regulations;
*Act as the nominated officer for the Group companies in the Data Protection register maintained by the Information Commissioner
*Ensure that the Data Protection registration of each Group company is current and the Group company is properly registered for the data it holds
*Provide advice, guidance and direction on all data protection to senior management and Members of the Board of all Group companies, and provide comprehensive reports to the Board on the Group's compliance with the Data Protection Act and related provisions;
*Undertake systematic Data Protection Act compliance audits in accordance with Information Commissioner's audit tool
*Promote Data Protection awareness throughout the Group by providing training and written procedures that are widely disseminated and made available to all staff
*Ensure written information on Data Protection is available for provision to customers, end users and employees;
*Develop and maintain processes for subject access requests for information by customers, end users and employees exercising their rights under the Data Protection Act;
*Liaise with the Legal, HR and the information security officer to develop and implement a Data Protection awareness and training programme;
*Assist on other legal matters as requested.
*Demonstrating excellent standards and performance in health and safety, risk management, control of work and ensuring compliance with the Group Safety Policy;

*Recognised qualifications in Data Protection
*Expert knowledge of data protection law and good working knowledge of information security principles and practices.
*Familiarity with Data Protection Act, General Data Protection Regulation, Environmental Information Regulations and Freedom of Information Act
*Ability to manage, develop and lead, as well as training staff of any level
*Working knowledge of information management and familiar with ISO27001:2012
*Excellent communication skills and the ability to communicate with colleagues at all levels across the business; including the Management Team.
*Excellent coaching, mentoring and leadership skills that are adaptable to different abilities and learning styles.
*Ability to have honest and difficult conversations with colleagues at all levels to ensure the best outcome for the business and the goals of the team.
*Strong analytical skills, with a demonstrated ability to capture and analyse business processes and workflows.
*Clearly demonstrates the company values and behaviours;
*Experience of developing and maintaining effective internal and external relationships at senior levels within an organisation (e.g. Directors, Tier 2s).
*Ability to prioritise and execute tasks in a dynamic, changing environment and make sound decisions in emergency situations.
*Excellent interpersonal, written and oral communication skills.
*Ability to absorb complex technical information and communicate effectively to all levels, both technical and non-technical audiences.
*Ability to develop and work in a team-oriented, collaborative environment.
*Ability to pick up and own issues on behalf of the management team.
*Possess a strong sense of purpose and proactively seek responsibility and ownership.
*Highly motivated and self-reliant with a personal drive for continuous development and demonstrates a strong customer service ethos.
*High standards of integrity & ethics.
*Experience Utility industry.
*Experience of working with IT
*Maintains up to date professional knowledge and expertise of the profession generally.
*PCI compliance
*Security governance including risk register and incident management
*Regulatory compliance and incident management