Job Brief – Data Protection Officer
The Data Protection legislative landscape is undergoing major transformation - the General Data Protection Regulation (GDPR) will come into effect in May 2018, providing a modernised, transparent, accountability-based compliance framework for data protection. This is a newly created post, and the DPO will be responsible for shaping our approach to the implementation of a new data protection regime and to define the processes and other matters relevant to the successful achievement of this.
- The post holder will be expected to assist in the implementation of the changes required within Greene King to ensure compliance with the General Data Protection Regulations, and other relevant legislative changes, including developing policy and procedures, undertaking risk assessments and assisting with developing and maintaining Greene King’s information strategy.
- The Data Protection Officer role is a senior and demanding position, requiring an ability to influence people at all levels within Greene King and to provide independent advice on compliance with the legislation.
Expertise and professional qualities:
- Expertise in national and European data protection laws and practices and an in-depth understanding of the GDPR.
- Significant experience in data protection program management.
- Integrity and high professional ethics and ability to act independently.
- Ability to handle information and business affairs with secrecy and confidentially as appropriate.
- Demonstrated leadership and project management experience and an ability to solve problems.
- Ability to communicate effectively with all levels of management and decision-making within an organisation as well as with data subjects, data protection authorities and other controllers and processors. A strong influencer.
- Familiarity with privacy and security risk assessment and best practices, information technology programming and infrastructure, and information security practices and audits.
- Adequate self-awareness and confidence to acknowledge knowledge gaps and seek to fill them from reliable sources.
- Knowledge of the privacy issues applicable to the retail/hospitality sector.
Principal duties will include but are not limited to:
- Informing, advising and issuing recommendations to the business regarding data protection and privacy including GDPR compliance.
- Developing and maintaining of a DPA/GDPR knowledge base.
- Fostering a robust data protection culture within Greene King and helping to implement essential elements of the GDPR, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, security of processing, and notification and communication of data breaches.
- Monitoring compliance with the GDPR and other data protection laws, including monitoring internal data protection activities, providing information and guidance on the processing of all personal data, advising on policies and data protection impact assessments, assisting with the development and delivery of a comprehensive privacy awareness training programme for Greene King employees and internal audits.
- Being the lead contact with the Information Commissioner’s Office with regard to potential complaints and breaches, ensuring that requests for information are properly handled.
- Assisting with investigations into complaints about breaches of any relevant data protection privacy legislation and undertaking reporting/remedial action as required. Maintaining a log of any incidents and remedial recommendations and actions.
- Reporting to Greene King’s data governance group and risk committee on activities, risks and breaches.
- Ensuring that developments in data protection and privacy requirements and legislation are tracked and that Greene King is in a position to comply with future requirements.
- Advising on privacy and data protection good practice and standards related to Greene King’s strategy needs