Data Protection Officer

The Role

Our client is large international retail organisation looking to recruit a high calibre and transformational Group Data Protection Officer to drive the data protection, GDPR and privacy agenda within a highly transformational and matrixed corporate landscape. The role requires a pragmatic individual with a commercial mindset, and an agile yet methodical approach.

Key accountabilities

• Creating, implementing and maintaining an appropriate data protection and privacy compliance programme
• Driving improvements across the existing GDPR programme 
• Ensuring the business is prepared for any new legal and regulatory developments relating to data protection and privacy
• Escalating and reporting to senior management including Board / Audit Committee members
• Monitoring and managing adherence to relevant compliance controls, policies and procedures 
• Managing and documenting personal data breaches and making reports to the ICO and/or other regulators
• Ensuring  organisation-wide awareness and delivering appropriate training
• Act as ultimate contact point internally and externally for all matters with respect to data protection and privacy
• Leading and directing the DPO support team across the business
• Overseeing data protection impact assessment activities and reviewing/approving associated risk treatment plan

Required Experience

• Minimum of 10+ years of specialist data protection experience
• Transformation/change management experience.
• previously held the DPO role within a FTSE or listed business - £1bn+ revenues.
• Broad International experience (20+ countries) within a matrixed organisation
• Retail, consumer experience is preferred.
• Developed, implemented and enhanced data protection compliance programmes
• Experience in conducting a risk-based audits and monitoring including experience in quantifying, managing & mitigating risk
• Partnered with digital and data teams
• Expert knowledge of data protection law and practices
• Best practice understanding of Information Security and Data Governance practices
• Managed key messages to the Operating Committee and Board Members
• Managed external Comms both directly and indirectly.
• Experience of managing controls in systems that collect and process personal data including sales and marketing and HR systems
• Strong Crisis response management experience.
• Previous legal background is an advatnage.

Key relationships and stakeholders

• Deputy General Counsel
• Company Secretary
• Chief Digital and Data Officer
• CISO
• Head of Regulatory Team and other Legal teams
• Head of Business Continuity
• Head of Internal Audit
• Relevant Operating Committee member
• Compliance owners and managers across the business
• HR Director

The role is positioned to pay up to £140,000 base plus bonus and benefits.