Data Protection Manager

Overview

Location: Hybrid (Ripponden). Salary: £55,000 - £65,000 depending on experience. Vacancy Type: Permanent/Part Time.

Job Title: Data Protection Manager

Function: Legal

Location: Ripponden

Reports to: Legal & HR Director

Responsible for staff: n/a

Role overview

An experienced and knowledgeable data protection manager to ensure the organisation's compliance with data protection laws, including the General Data Protection Regulation (GDPR) and other applicable regulations. The data protection manager will be responsible for overseeing the data protection strategy, advising on data privacy issues, conducting audits, and acting as a point of contact for data subjects and regulatory authorities.

Key tasks

• Develop, implement and oversee the organisation's data protection policies and procedures including the UK and other territories, including the Republic of Ireland and The Netherlands.
• Ensure compliance with data protection laws (eg GDPR, PECR) and internal privacy standards
• Provide expert advice and guidance on data protection impact assessments (DPIAs) and risk management
• Conduct regular audits to monitor compliance and address potential privacy issues
• Deliver training and awareness programs to employees on data protection best practices
• Collaborate with Legal, IT and HR teams to manage data protection risks
• Maintain records of data processing activities (ROPA) and ensure accuracy
• Investigate and manage data breaches, ensuring timely reporting to authorities when necessary
• Act as a point of contact for data subjects regarding privacy concerns and data subject access requests

Managing Risk

• Awareness of your operational and regulatory risks which may impact on your role
• Responsibility for reporting to your line manager any risk which may impact the business

Criteria

Essential (attributes required for candidate to be considered)

Desirable (attributes can be trained or developed)

Knowledge and Skills (what you know and what you can do)

• In-depth knowledge of data protection laws, including GDPR and local data protection regulations in the UK
• Familiarity with data protection issues in emerging technologies (eg AI, IoT)
• In-depth knowledge of direct marketing laws as they relate to data privacy, such as the Privacy and Electronic Communications Regulations
• Strong project management skills

Knowledge of data protection laws in Ireland and the Netherlands is helpful but not essential

Knowledge of cybersecurity best practices and technologies

Knowledge of data protection social norms across the EU

Experience

• Experience in drafting and implementing data protection policies.
• Experience conducting data protection impact assessments and managing data breach incidents.
• Experience in preparing and maintaining records of data processing activities
• Experience in responding to data subject access requests and other requests from data subjects regarding their personal data
• Experience in delivering training and awareness programs to employees on data protection best practices
• Familiarity with information security management systems and data governance frameworks
• Experience in a legal, audit or risk management role

Personal qualities

• An ability to work effectively under pressure and to manage sensitive and confidential information
• Excellent verbal and written communication skills, with strong attention to detail

Qualifications

• A nationally recognised data protection qualification