Director - Group Data Privacy
Posted 4 days ago by JTC Group
Negotiable
Undetermined
Hybrid
Edinburgh, Scotland, United Kingdom
Summary: The Director - Group Data Privacy is responsible for assisting the Data Privacy Governance Officer in ensuring compliance with Data Protection legislation across JTC Group's offices. This role involves overseeing Data Privacy Representatives, managing data protection processes, and providing expert guidance on privacy laws and policies. The position requires collaboration with various stakeholders to enhance the Group's privacy maturity and manage data protection risks effectively.
Key Responsibilities:
- Support Data Privacy Representatives by acting as an escalation point for local data processing activities.
- Facilitate internal breach reporting workflows and advise on compliance with breach notification procedures.
- Oversee and manage the delivery of Data Subject Access Requests and ensure compliance with local data protection laws.
- Review Data Protection Impact Assessments to ensure risk mitigation and consistency across the Group.
- Provide guidance on compliance with Data Privacy Policies and Procedures set by the DPGO.
- Manage updates to the Records of Processing Activity to ensure compliance with local law requirements.
- Act as an escalation point for client Due Diligence Questionnaires initiated by clients.
- Provide ad hoc advice on complex queries or areas of concern related to data privacy.
- Work with the DPGO to build a toolkit of guidance and templates for DPRs.
- Oversee and manage DPRs to ensure appropriate coverage and updates on legal changes.
- Conduct first reviews of data protection aspects of contracts before escalation to the DPGO.
- Assist with M&A integration projects as necessary.
- Provide expert input to group functions regarding data protection compliance.
- Support the DPGO with various tasks and act as a deputy during absences.
- Adhere to JTC core values and perform any other duties as required by Senior Management.
Key Skills:
- CIPP/E (or equivalent) certification.
- BA Hons in Law/Graduate Diploma in Law (or equivalent).
- 5+ years of post-qualified experience practicing law.
- Minimum of 1 year in a dedicated data protection role.
- Commercial approach to applying legal concepts.
- Excellent written and communication skills.
- Experience dealing with senior staff members/C-suite.
- Preferred experience in the financial services sector.
- CIPP/M (or equivalent) is favorable.
- Knowledge of the California Consumer Privacy Act and/or Singapore Data Protection Act.
Salary (Rate): undetermined
City: Edinburgh
Country: United Kingdom
Working Arrangements: hybrid
IR35 Status: undetermined
Seniority Level: undetermined
Industry: Other
EMPLOYMENT TYPE: Permanent
DEPARTMENT: Legal
DIVISION: Group
WORKPLACE STRUCTURE: Hybrid
Role Overview
PURPOSE OF JOB
The focus of the role is to assist the Data Privacy Governance Officer (DPGO) with ensuring the JTC Group complies with Data Protection legislation across all JTC offices, specifically how we manage, store, protect and handle our personal data in a compliant manner. This will primarily involve overseeing and supporting the DPRs by advising on European data protection requirements and how these can be applied across jurisdictions with differing local data protection/ privacy laws in a commercially efficient manner. You will be working closely with the DPGO to build and enforce a privacy framework for JTC and undertake projects to improve the Group’s overall privacy maturity. You will also act as a point of escalation for the other members of the Data Privacy Team and DPRs.
Main Responsibilities And Duties
- Support Data Privacy Representatives: act as an escalation point for DPRs in relation to local data processing activities, providing guidance and assistance to all JTC jurisdictions including:
- Data Breaches: facilitate effective internal breach reporting workflow and provide guidance on compliance with Group breach notification procedures. Advise DPRs on risk assessment of Data Protection breaches and support them in relation to any necessary reports to the regulator and liaising with relevant stakeholders. Escalating any potential impacts of a breach on the wider group to the DPGO/Relevant Risk Committee.
- Data Subject Access Requests: oversee and project manage delivery of completed subject access requests and work with the DPGO to ensure all local data protection law requirements are complied with by the DPR/client teams responding to the request.
- Data Protection Impact Assessments:review Data Protection Impact Assessments (DPIAs) completed by the DPR/project stakeholders to ensure all risks appropriately mitigated and consistency of approach across the Group.
- Data Privacy Policies, Standards and Procedures: provide advice and clear guidance to the DPRs in relation to compliance with the Data Privacy Policies and Procedures set by the DPGO.
- Records of Processing Activity: oversee and project manage updates to the Records of Processing Activity by the relevant DPR to ensure consistency of approach across the Group and compliance with local law requirements
- Client Due Diligence Questionnaires/RFPs: act as an escalation point for the DPRs/other members of the Data Privacy Team in relation to DDQ’s initiated by clients.
- Ad hoc advice around specific areas or queries: act as an escalation point for the DPRs/other members of the Data Privacy Team in relation to complex queries or areas of concern.
- DPR Toolkit:Work with the DPGO to build a toolkit of guidance and templates for use by the DPRs across the Group.
- DPR Management: Oversee and manage DPRs to ensure all areas of the Group’s business are sufficiently and appropriately covered and DPRs are kept up to date with relevant legal changes and Group-wide initiatives that may impact their area. This includes chairing regular meetings with the DPRs and managing all relevant distributions lists for DPRs.
- Contract Review: Undertake first reviews of data protection aspects of contracts (including both client and vendor/supplier agreements) to ensure appropriate data protection clauses are included before escalating to DPGO for final review.
- M&A Integration Project Assistance: Assist the DPGO with any tasks identified as necessary to integrate acquired and/or new entities into the JTC Group structure.
- Expert Advice to Group functions: Provide expert input and resource to JTC’s group functions regarding their role in data protection compliance including Information Security and Risk and Compliance, acting as a subject matter expert in the area of data protection.
- General DPGO assistance: Provide support to the DPGO as required which may include responding to data protection queries from the wider group, conducting research into data protection laws and guidance, collating statistics for internal reporting purposes. This includes acting as an alternate/deputy for the DPGO during leave/absences.
- Adhere to JTC core values and expected behaviours.
- Any other duties as deemed necessary by JTC Senior Management.
Essential Requirements
- CIPP/E (or equivalent).
- BA Hons in Law/Graduate Diploma in Law (or equivalent).
- 5+ years Post-Qualified Experience practicing law.
- Min. 1 year in a dedicated data protection role.
- Commercial approach to applying legal concepts.
- Excellent written and communication skills.
- Experience dealing with senior staff members/C-suite.
- Experience working in the financial services sector preferred.
- CIPP/M (or equivalent) favourable.
- Knowledge of the California Consumer Privacy Act and / or Singapore Data Protection Act.
OUR COMMITMENT TO INCLUSION & WELLBEING
JTC is committed to fostering a healthy, inclusive organisation where all individuals feel welcome and feel able to participate in the workplace fully. We value different perspectives, backgrounds and lived experiences. This includes supporting employee wellbeing so that people feel equipped to thrive.