DATA PROTECTION OFFICER
Responsible to: Operations Director
Salary: 30k + (dependent on experience)
Hours: 8.30am – 5.30pm (Mon-Thurs) and 8.30am – 5.00pm (Fri)
Main purpose of the role
- On a day-to-day basis you will act as the specialist, providing expert advice to our members, corporate partners and colleagues, as well as enhancing, developing, and implementing our Data Protection and Information Security practices ensuring all processes, policies and procedures are robust and in line with legislation in particular the forthcoming GDPR. You will also plan and undertake data audits and coordinate our response to information requests. To be considered you will be able to evidence that you are a Data Protection SME with an in-depth knowledge of; the implications of GDPR, Cyber Security, Data Protection and Information Security.
- Manage and r report progress on the businesses transition to becoming BS20012 accredited.
- Identify and carry out required improvements to ensure the business continued compliance to ISO 27001 standard.
- Liaise with all departments across the business to ensure that their processes and procedures are GDPR and ISO27001 compliant.
- Respond to and manage all client diligence with regards to GDPR and ISO27001 requirements to ensure smooth partnerships between client and business.
- Work with external consultant to continually audit and assess and improve ISMS and PIMS adherence.
- Liaise with the external assessment body on all matters related to the external accreditation process.
- Liaise with key stakeholders in order to design and deploy appropriate data processor contracts and data protection policies.
- Organisation, coordination and execution of project and processes involved in readiness for GDPR and ISO27001 and ongoing compliance;
- Ensure that records are established and maintained to provide evidence that the ISO27001 and GDPR requirements are being followed and that there is a system in place for the identification, storage, protection, retrieval, retention time and disposition of such records.
- Ensure that the document control procedure is reviewed and updated with all changes to critical documents within the scope of the ISMS.
- Ensure that the performance of the ISMS and PIMS is reviewed and audited against at planned intervals to ensure its continuing suitability, adequacy and effectiveness. This review means assessing opportunities for improvement and the need for changes.
- Ensure that Quality Objectives are set by top management for measuring the performance of the ISMS and PIMS and that these are regularly reviewed.
- Maintain expert level knowledge of data protection legal requirements and best practice.
- Monitor and keep up to date with privacy developments and governance strategies for data management
- Ensure that all new staff are inducted into the requirements of ISO27001 and BS10012 relating to their own roles and responsibilities.
- Ensure that all suppliers used by the organisation are selected, evaluated and revaluated and that records of this assessment are maintained.
- Ensure that an internal audit programme is adopted to verify that the ISMS and PIMS conforms to planned arrangements, and is effectively implemented and maintained. Ensure that appropriate action is taken when this is not the case.
- Analyse data on the effectiveness of the ISMS/PIMS and evaluate where continual improvements of the ISMS / PIMS can be made. This shall include data generated as a result of monitoring and measurement and from other relevant sources. Co-ordinate continual improvements of the ISMS, ensuring that evidence of corrective and preventive actions taken are recorded and reviewed.
- Make sure there is day-to-day compliance with the PIMS policy and shared responsibility for reporting on the performance of the PIMS to top management.
- Ensure compliance at all times with company information and security policies in line with the ISO 27001 standard and BS10012 standard.
Key skills / attributes should include:
- Confident and well-presented individual
- Have expert level knowledge of Data Protection Law and Practice and GDPR requirements
- Strong knowledge and experience of managing ISO27001 implementation and ongoing adherence.
- Be able to provide advice and guidance to organisational leaders
- Ability to plan and prioritise your own workload
- Excellent organisational skills
- Be an effective communicator in written form and through verbal communication including the delivery of presentations
- Ability to maintain relationships
- Able to listen and respond appropriately when confronted with objections
- To act as an ambassador for DCG, ensuring that your behaviour reflects well on the company
- Commercial awareness, excellent business sense and ability to develop practical approaches and prompt solutions.
- Ability to demonstrate technical knowledge and awareness of current data management and communications technologies.
- Technically minded with an ability to analyse data protection and processing issues in the context of complex IT systems as well as data privacy laws