Data Governance Consultant
Data Protection Specialist
My client, and international financial services provider based in Cheshire are actively looking for a contract data protection specialist, on an initial 12 month basis. Within this role you will have the ability to help to continue to drive the organisations data protection programme from both an administrative as well as education and awareness throughout the business.
- To act as first point of contact and subject matter expert within the UK Information Security function for providing day-to-day specialist advice, technical guidance and interpretation of DPA, GDPR, PECR (UK privacy law requirements) and records retention requirements across UK operations, including supporting the UK Information Security function, business projects, change initiatives, Product Owners, System Owners and business areas as required.
- To undertake Privacy Impact Assessments and security reviews of systems, as required, and ensure appropriate risk assessment and treatment of privacy requirements and risks in business units, change initiatives and new products.
- To act as point of contact for Information Commissioners Office (ICO) and manage complaints from the ICO, conduct investigations, agree appropriate remedial actions with stakeholders.
- To support the business comply with requests received from data subjects regarding processing of personal data (i.e. Subject Access Requests) are dealt with promptly and in compliance with data protection requirements
- Support investigation and management of data incidents as required, to ensure DPA and UK privacy law impacts and risks are appropriately identified, assessed and mitigated
- To support the DPO as required to deliver specific packages of work for the GDPR project
- To support the Procurement, Information Security and Legal functions, as required, to ensure privacy risks are identified and mitigated in vendor arrangements and appropriate GDPR requirements are built into vendor contracts.
- Support product owners and business areas, as required, to develop and maintain appropriate Fair Processing Notices to ensure fair collection and use of personal data.