Data Protection Officer
To perform the protected statutory and independent role of Data Protection Officer (DPO) for TLT and be the responsible officer for the provision of strategic advice, planning, and compliance with all aspects of the Data Protection Act 2018, General Data Protection Regulation and associated legislation and guidance (GDPR).
The DPO will be involved in all issues involving TLT which relate to the protection of personal data. The DPO will have the independence to fulfil their statutory responsibilities and will not receive instruction regarding the performance of their tasks.
Reporting Lines and Operational structure
The DPO will be part of the firm's Risk & Compliance team and report to the Risk Manager and Risk Director. There will also be directly reporting to the Executive Board and Senior Partner / Compliance Officer for Legal Practice (COLP) on regulatory matters. The role will require frequent liaison with both the Data Privacy Team (on operational matters) and Information Security Team (on security matters).
The legal services provided by TLT are varied and complex and you will play a vital role in ensuring that TLT fulfils its responsibility as a data controller and will have autonomy to achieve this.
The DPO will have regular communications with all business areas providing them with professional advice, guidance and support so they understand their responsibilities in relation to data protection matters.
This will include reporting to the management committees of the firm on data protection matters including Executive Board, Operations Board, Governance and Oversight Board, Risk and Compliance Committee, Information Security Forum, IT security Forum, Business Services Forum, and Group Risk Managers meetings.
In return we will invest in you. We want you to be successful. You will receive a bespoke, on-going training programme to ensure you develop your commercial and technical skills to allow you to deliver the varied workload to a high standard. As a member of our Support team you will be a vital part of our continued success. There isn't an "us and them" mentality and you will be recognised for your hard work and support.
Once you are in the role of Data Protection Officer you will deliver the following:
- Strategically direct and lead TLT in relation to data protection and information governance and advising the firm and its partners and staff regarding their obligations on compliance with GDPR and Data Protection legislation and regulation.
- Influence and provide advice to ensure that the discharge of TLT functions is compliant with data protection and associated legislation.
- Represent TLT as lead contact for the Information Commissioner’s Office (ICO), and as principal point of contact for data subjects (clients / customers / employees / candidates) in all matters relating to the protection of personal data, in order to ensure breach notifications, complaints, investigations, and confidentiality requests are facilitated.
- In conjunction with Learning & Development, maintain a programme of training and awareness, developing appropriate policies and guidance, in order to influence, embed and integrate data protection and data privacy within the culture of TLT.
- Shape and direct the review, appraisal and maintenance of information management within TLT, advising on monitoring and information audit requirements, to mitigate against risks around data protection processing activities, and to ensure compliance with GDPR and associated data protection legislation.
- Deliver a data protection oversight programme and ensure the records of processing activities is maintained.
- Manage TLT’s own response to subject access requests (SARs) to include directing fee earner teams and working with the Document Review and Collation team (DRC), part of TLTReSource.
- Provide expert advice and assistance where we are instructed on SARs on behalf of our clients to include providing guidance on scoping and approach, advice on personal data and third level support to reviews and to work closely with the DRC team to ensure the effective management of the SAR process, ensuring compliance.
- Monitor and advise on the undertaking and completion of data protection impact assessments when new or alternative processing activities are proposed under TLT’s functions, to enable solutions to be developed which meet compliance and the strategic and organisational objectives of the service.
- To respond to requests for personal data made by individuals under subject access provisions ensuring that the supply of information does not prejudice ongoing legal matters by the correct application of the exemptions contained within the Data Protection Act.
- To undertake risk assessments as necessary and required.
- Maintain and develop active and effective relationships with fee earning teams across all sectors as well as business support teams (HR, business development, IT, knowledge management, facilities, project management office, risk and compliance).
- Represent TLT at meetings with both client and TLT auditors, including the completion of comprehensive audit questionnaires beforehand, and the resolution of any audit finding.
- Review and draft data protection clauses in client service agreements, non-disclosure agreements, and data controller and processor agreements with clients and suppliers.
The Ideal Candidate
Our employees are talented people, distinguished by technical excellence, with a willingness to embrace team working and a passion for client service. You will be able to demonstrate a similar supportive, flexible and driven ethos and will have accumulated the following experience and skills:
Knowledge and experience
- Accredited or equivalent professional qualification in data protection
- Expert knowledge of data protection law and practices
- Substantial recent experience of managing data protection and information rights functions within a large organisation or professional services company
- Educated to degree level or equivalent
- Possession of a management qualification is highly desirable
- Able to identify the likely future needs and obligations of TLT in relation to the information management function, taking account of internal and external factors, and positively create strategic change within TLT in response to such factors (including the impact of the UK leaving the EU)
- Able to use a range of communication and influencing techniques to successfully negotiate, collaborate or effect change, in relation to matters of a specialist/ technical nature and with senior stakeholders.
- Deliver effective outcomes, balancing complex competing demands and making risk-based decisions within the available budget.
- Able to assess progress, identify emerging risks, issues and opportunities, and take corrective steps as required to ensure that the right results are achieved.
- Ability to identify and recognise opportunities for new or improved technologies to enable a more effective data protection compliance function and improvements to TLT effectiveness and efficiency.
- Able to effectively investigate and manage data breaches including establishing the potential consequences of the breach, taking all necessary steps to contain and mitigate the effects of the breach, and notifying the ICO and data subject (where necessary).
- Able to perform the duties and tasks in an independent manner
TLT is committed to creating a diverse working environment and encourages applications from all suitably qualified people, regardless of any of the characteristics protected by the laws in the locations in which we operate. We welcome applications from people with disabilities and as a Disability Confident Employer, we are committed to providing reasonable adjustments, where necessary, to make interviews and jobs more accessible. Should you have any difficulty during the recruitment process, require any reasonable adjustments or an application to Access to work please contact the recruitment team on HR-Recruitment@TLTsolicitors.com
We value our employees highly and we want you to feel valued. You will receive a competitive basic salary with an annual pay review. As a fee earner if you exceed your targets you will receive a generous annual bonus. You will also have access to an extensive range of benefits via our flexible benefits scheme including 25 days holiday (which will increase to 30 days based upon length of service) and private medical insurance.
About the Firm
We’re an ambitious UK law firm built around the needs of our high profile clients. With over 1000 employees and 100 partners across our six UK offices, we’ve grown considerably in the last three years – and so have our revenues. Open-minded? Definitively. Forward-focused? Absolutely. An energetic firm with an entrepreneurial, collaborative culture, we’re always looking to recruit highly talented individuals with the drive to succeed. So if you’re dynamic, determined and looking for a firm where you can develop your skills, join us and we’ll give you everything you need to thrive.