UK Data Protection Officer

Job Description and Person Specification

Job Title: UK Data Protection Officer

Division: 2nd Line: Compliance

Reports To: Head of UK Compliance & Regulatory Affairs

Key Relationships: Head of UK Compliance & Regulatory Affairs;Heads of Compliance for the EUand North Americaand their teams,SMF16 for theBIdacUK branch,Regional DPOs and their teams;Group CRO and his SLT;Group COO and his functions:GroupCISO, Head of IT, Head of Data Management, Commercial Management;People & Culture (Talentand HR Operations),Claims Operations, Underwriting: CUOs and Heads of product lines; External suppliers and retainers.

Key Committees & Groups: GroupData Privacy Sub-Committee(member); Information Security Committee,AI Governance and Controls Committee;Data Retention Steering Group;Underwriting Data Working Group &TriFocusReview Group.

SMCR: This role is certified in the UK under the SM&CR.

Job Summary

Through the effective day-to-day management of the UK Data Protection team, and collaborative engagement with other regional DPOs and their teams (or DPO equivalents):

• EnabletheUKCompliance functionto managedata protection risk and regulatory compliancewithapplicabledata privacy and data protectionlaws and regulationacrossthe UK entities’globallicensedfootprintincluding through effective Horizon Scanning and Training.
• Ensure all UK entity,and any applicable global,controls for DP arefit for purpose andadhered to.
• Contribute to,and enable the embedding of,a global DP framework to include all relevant Data Protection/Privacy policies, notices, systems,processesand controls.
• Supportthe effective andconsistentmanagementofcross-borderdata protection activitiesin collaboration with the regional DPOs, including through the Group sub-committee for Data Protection.
• Contribute to the developmentand delivery ofhigh-qualityreportingincludingthrough the use ofrelevant KPIs and KRIsacross allrelevantformal committees and forumsinternally, either asstand-aloneDP papers or as part of the broader UK Compliance agenda and reporting.

Key Responsibilities

• Ensure that the UK entities’ legal andregulatoryobligations for data privacyand protectionacross theirlicensedfootprint aremappedtoa comprehensive set of activities,processesand controlsto enable compliance.
• Ensure that the global Horizon Scanning framework is embeddedin the UK DP team’s BAU withappropriate contributionstoformalUK Compliancereportingincludingto the Change Committee.
• Manage the UK DP team,tracking andmonitoringthe effectiveness of delivery against key activities, in line with internal SLAs,to ensure regulatory compliance(e.g.DPIAs/ ROPAs/ Policy, Notices and Marketing reviews/Legitimate Interest Assessments/Business Impact Assessments/Training/ Advisoryrequests/ relevant registrations)
• Keep workloadsand resource needsunder close observationand proactivelyidentifyproblemsor inhibitorsand escalatwhereappropriate forresolution.
• Identifydevelopment opportunities for directreports andsupport the team pastorally.
• Engage closely with internalstakeholders in Infosec, IT andco-sourcing relationshipsin Claimsto support the effective and efficient delivery of DSARs, e-discovery requests, and subpoenaed information asrequired.
• Oversee any externally outsourced DP provision for the UK entities injurisdictionswhere theyoperate, working with regional DPOs asrequiredwhere resources are shared.
• Whereappropriateand within yourexpertise, provide advice and guidance ontechnicalDP matters includingDP contract clauses where the contract is governed by English law.Ensure contracts and service agreements with, but not limited to, third party suppliers, cover holders, program administrators,etcmeet information security, data security,privacyandbreachnotification requirements.
• Retain external advisorswhen needed to ensureappropriate levelsof specialism are enlistedwhenrequired. Keep the UK Head of Compliance advised ofaccruedexpenses.
• EnsureUK DP-ownedactions arising from allapplicableaudit,assurance and testing activities are completed on time.
• Maintaina Privacy Incident Reporting and Response process to address any Privacy incidents that might occurin the UK orimpactingUK data. This service should respond to alleged policy violations and complaints from external parties.
• Proactively escalation enactbreaches to theBoards of the relevant UK entity through theapplicableChair of the Risk Committee, ensuring it reaches the highest level of authorityfor the entity, while keeping therelevantCRO and Head of Complianceinformedfor potential notification to the UK regulators.
• Leadonrequired notifications to the ICO whererequiredandparticipatein any relevant incident response activity and lessons learned.
• Work closely withHeads of Compliance,regional DPOsand their teams, European branch regulatory counsel,as well as other internal stakeholders,tocreate a global DP strategy and operating model, ensuringthat global or cross-border activity is coordinated and our response to legal and regulatory requirements is consistent and clearly understoodacross the business.
• In collaboration with regional DPOs asrequired, perform information privacy risk analysis on cross-border and UK initiatives.
• Assist the IT departmentasrequiredin the development of all system-related security plans throughout theorganisation'snetwork.
• Undertakeconsent audits tovalidateconsent is being obtained andretainedas requiredunder UK laws.
• In collaboration with regional DPOs undertakerecordsretention audits to ensure theorganisationisretainingdata asrequired.
• Attend and contribute to formal committees, workinggroupsand steering committees asrequired.
• Oversee the production of insightful and thorough reportingon matterspertaining tothe UK entities and their global footprintas part ofstandaloneDP engagement with committees or the broader Compliance papers.

General

• Adopt the Beazley culture of Professionalism, Integrity, Effectiveness and Dynamic attitude that contributes to an internal environment of teamwork and promotes a positive brand image to our external customers.
• Comply with Beazley procedures, policies and regulations relevant to your role.
• Undertake relevant training on Beazley policies and procedures as required by your line manager, the Talent Management development or assurance teams (compliance, risk, internal audit) either directly, via e-learning or the learning management system.
• Comply with any specific responsibilities necessary for your role as outlined by your line manager, the Talent Management development or assurance teams (compliance, risk, internal audit) and ensure you keep up to date with developments in these areas. This may include, amongst others, Beazley’s underwriting control standards, Beazley’s claims control standards, other Beazley standards and customer relationship management.
• Ensure that you uphold the Beazley principle of Treating Customers Fairly and Acting to Deliver Good Outcomes.
• Carry out additional responsibilities as individually notified, either through your objectives or through the learning management system.

Person Specification

Essential Criteria

• Proven experience in Privacy and Data Protection.
• Previous DPO experience.
• Degree level educated

Education and Qualifications/ Experience

• Knowledge of information systems desirable

Skills and Abilities

• Excellent written and oral communications skills.
• The ability to prioritise work and deliver results in a pressurised environment, through tactical and strategic planning.
• The ability to manage significant client contact, providing expert advice which demonstrates judgement and an understanding of the business.
• A demonstrated ability to develop strong relationships with internal clients.
• The ability to provide support to more senior roles in developing key client relationships through the design ofleading-edgetechnologies.
• Self-motivated, with an ability to work withhighdegree of autonomy and to be results-driven with a flexible approach to working.
• The ability to work collaboratively with a broad range of constituencies.
• Athorough understanding ofUK Data Protection laws and regulations.
• An unblemished career history holding positions requiring trustworthiness and personal integrity.
• The ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff and management.

Knowledge and Experience

• Experience in financial services is highly desirable, but not required.
• Experience in the insurance industry is desirable but not required.
• Multi-country experience (i.e., beyond UK, and ideally including APac) is highly desirable, but not required.
• Experience with model contractual clauses for international data transfers is highly desirable, but not required.

Aptitude and Disposition

• Outcome focused, self-motivated, flexible and enthusiastic.
• Professional approach to successfully interact with managers/colleagues/external suppliers.

Competencies

• Technical expertise
• Conceptual thinking and problem solving
• Planning and managing resources effectively
• Delivery orientation,initiativeand drive
• Purposeful communication and capacity to influence others
• Team player
• Customer focus

#J-18808-Ljbffr