Data Protection Officer Job Description Template
Our company is looking for a Data Protection Officer to join our team.
Responsibilities:
- Responding to any ad hoc Data Protection queries raised by the School;
- Leading the response to Data Breaches and Data Rights Requests; including communicating with Data Subjects and Regulators;
- Creating contemporaneous reports of the issues found in the assessment and recommended actions to resolve said issues;
- Management of any data privacy breaches, working to identify root causes, mitigate risks and prevent reoccurrence;
- Ensuring there are appropriate documented procedures for complying with the requirements of the policy and regulation;
- Leading privacy-related education and training initiatives;
- Identifying and conducting assessments, and embedding best practice across the Group;
- Leading on the creation and ongoing review of data-related policies and standards, on effective implementation, monitoring and reporting;
- Hands on collaboration at scale using Agile working models and frameworks;
- Developing and overseeing the implementation of Data Protection Policy in line with regulatory requirements;
- Horizon scanning on privacy topics and ensuring business readiness;
- Contribute to team development, scaling, efficiency and improvement;
- Ensuring there is a process for complying with a data subject’s rights to be forgotten, when they exercise them;
- Ensuring appropriate training is provided to all staff in order that they can comply with the policy and GDPR requirements;
- Building and managing relationships with internal and external stakeholders, including data regulators and auditors.
Requirements:
- Well-developed and professional interpersonal skills; ability to interact effectively with people at all organisational levels;
- Ability to undertake large, long-term projects, develop alternative methods to complete them, and implement solutions;
- Education: Law degree or Masters in Law required;
- Sufficient knowledge of information technology and data management systems required;
- Ensuring there is a process for complying with a data subject’s rights to be forgotten, when they exercise them;
- Ensuring appropriate training is provided to all staff in order that they can comply with the policy and GDPR requirements;
- Challenging the business on their effectiveness and control environment in managing personal data;
- CIPP/E/M Certificate or equivalent recognised professional standard;
- Strong change and project management skills, including the ability to manage time well, prioritise effectively, and handle multiple deadlines;
- Ensuring there are appropriate documented procedures for complying with the requirements of the policy and regulation;
- Excellent presentation and writing skills;
- familiarity with cloud software security systems;
- happy speaking to, and influencing at, C suite and board level;
- International travel will be required;
- Ability to use independent judgment and discretion when making the majority of decisions.