Data Protection Manager

4 days left

England, London
14 Oct 2020
28 Oct 2020
JN -102020-1238281
Heather Ninnes
Professional / Specialist
Legal, Risk / Compliance
Contract Type

An operational Data Protection Manager role based in London. The role reports to the organisation's General Counsel and manages one junior Data Protection Specialist.

Client Details

This London based Data Protection Manager role is with an interesting, technology focused not for profit. This is an opportunity to join a forward thinking, technology focused organisation. The role reports to the organisation's General Counsel and will manage a Junior Data Protection Specialist.


A Data Protection Manager role based in London, the role involves:

The Data Protection Manager role is part of the Office of the General Counsel (OGC) and will report directly to the General Counsel who reports to the Chief Operating Officer. The role is supported by a small shared resource of Paralegals.

Role Purpose

The Data Protection Manager will be responsible for general compliance with its Data Protection obligations. They will act as a source of DPA advice, while also coordinating with the General Counsel and wider business to embed and maintain robust DPA processes as required by law. They will be the point of contact for any DPA queries, sign off/escalation of sign-off according to processes and policies, and support. The purpose of this role is to ensure that the organisation is sufficiently compliant with the DPA in order to prepare for more wide-scale data processing activities through increased complexity of technology and associated processing activities.

The successful candidate will be expected to engage and coordinate with the IT department, project managers, and researchers, and other stakeholders to ensure any 'jointly owned' DPA responsibilities are implemented in a compliant manner and liaise with the General Counsel. It is anticipated that this role will be supported by a dedicated Compliance Officer and access to a small pooled resource of paralegals in the Legal Team.

Responsible for:

  • The organisation's compliance with GDPR, DPA, and PECR regulation.
  • Point of contact for the Institute with respect to DPA advice and approvals.
  • Implements the processes associated with the organisation's suite of data protection policies.
  • Management of any ICO complaints audits or queries received, and coordinating responses to individual rights requests.
  • Investigation and coordination of personal data security breaches, including making any necessary notifications to the ICO

The maintenance and embedment of key DPA processes including:

  • Record of Processing Activities
  • Data protection impact assessments (including leading on any necessary consultations with organisation's research ethics committee and the ICO)
  • Legitimate interest assessments
  • Privacy Notices
  • Data Processing agreements
  • Data set sharing agreements for research purposes
  • Data set migration compliance for research projects (including advising on compliance with international data transfer restrictions)
  • DPA due diligence of key outsource relationships
  • PECR marketing advice and consents
  • PECR cookies advice and consents
  • Oversight of data subject rights adherence
  • Annual data protection risk assessments
  • Leading and maintaining Institute data maps
  • Coordination and oversight of DPA actions from General Counsel and data protection auditors
  • Defining and assessing DPA key risk indicators
  • Educating the business and researchers on their DPA responsibilities
  • Development of tailored DPA training E-Learnings building on existing offerings

Other duties:

  • Managing the Compliance Officer and support the training and development of other junior members of the team.
  • Coordination with the Director of IT & Information Security and other senior managers with respect to the organisation's compliance with data retention, security, data mapping, and system user entitlement.
  • Keeps abreast of developments in the data protection regulations and their application to the Institute.


A Data Protection Manager role based in London, the role requires:

  • Experienced data privacy practitioner, ideally with a recognised practitioner or legal qualification.
  • Experience in a data protection/ privacy compliance role at management level with exposure to senior management colleagues.
  • Detailed understanding of the GDPR/DPA legislation, including PECR requirements for marketing and cookies.
  • Experience working within the charitable, third sector, or higher education/research environment.
  • Experience in communicating with the regulator (ICO)
  • Experience in GDPR/DPA transition implementation.
  • Strong interpersonal skills and an ability to generate buy-in and accountability.
  • Self-motivated in a relatively independent role.
  • Objectives are driven and strong ability to manage multiple deadlines, forward plan, and develop the function.
  • An understanding/interest in technology and artificial intelligence and its impact on society and related issues of data protection.
  • ยท Adequate Microsoft Excel skills.

Job Offer

Please enquire, competitive salary and benefits

Similar jobs

Similar jobs