Data Protection Manager
Leeds – hybrid
Fixed Term Contract (12 months)
We’re seeking a Data Protection Manager to join our growing business. In this newly created role, you’ll be responsible for the day-to-day operation, governance and continuous improvement of NG Bailey’s data protection programme. This role will be ideal for a proactive and innovative individual who wants the opportunity to shape our data governance strategy from the ground up.
Key Deliverables
- Own and maintain the NG Bailey Data Protection strategy, framework and improvement plan
- Lead the design, implementation and ongoing management of data protection and its component parts
- Proactively monitor regulatory, legislative and technology developments relevant to data protection and assess the impact to the business
- Produce monthly and quarterly assurance reports for senior leadership and governance committees
- Co-ordinate, attend and/or chair data protection-specific forums and other risk/compliance forums
- Lead privacy by design governance and as a trusted business partner, give expert data protection management challenge and guidance
- Create, manage and maintain internal policies such as retention schedules, workplace guidelines, and employee privacy policies
- Create, manage and maintain external policies, consents, customer facing notices, documents and tools
- Develop and deliver training programmes and awareness materials and content
- Manage data breaches, from investigation to resolution and any required regulatory notifications
- Maintain incident logs for all risks, breaches, and potential issues across the business, meeting specific SLA and regulatory timeframes and ensuring timely internal reporting
- Act as the first point of contact for data protection matters
- Ensure that subject access requests and other data privacy rights are met in accordance with procedures and agreed deadlines for customers and team members
- Provide assurance that policies and procedures are being followed by the business and that there is a culture of continuous improvement in relation to data protection compliance
- Conduct second line functional assurance reviews to assess compliance with the data protection framework, associated key controls and external Service Level Agreements
- Ensure Privacy Triage Questionnaires and/or Data Protection Impact Assessments (DPIAs) are in place and completed for any new or changed processing activities or projects involving personal or sensitive data
- Provide guidance on the identification of appropriate lawful basis for processing personal data in collaboration with the Group Legal team
Qualifications
- Strong and practical understanding of data protection law and practice, with proven experience running a data protection programme
- Previous experience working in a large organisation with varied and complex processing activities, ideally in a private organisation and/or the construction, infrastructure or facilities management sectors
- Recognised qualification in data protection, information governance or information security, or equivalent
- Skilled at managing complex rights requests, DPIAs and data mapping
- Able to interpret regulatory developments and explain impacts in plain language
- High level of IT literacy and confident working with SharePoint or willing to learn quickly
- Strong attention to detail
- Able to prioritise and work under pressure
- Good project management skills and a structured approach to work
- Able to influence and work with colleagues across the broader organisation and with external stakeholders
- Proven experience supporting a major change or improvement programme
- Experience working to assurance and regulatory standards
#J-18808-Ljbffr