Senior Data Protection Assistant
The Senior Data Protection Assistant (SDPA) will assist the Data Protection Officer (DPO) in leading stakeholders across multiple teams in the implementation of data protection compliance activities. The SDPA will help to drive privacy by design throughout the organisation and be responsible for coordinating activities with regards to privacy and governance related matters as directed by the DPO or the Risk Director.
The Data Protection team is a part of the Risk and Compliance function, the SDPA will work in a small team responsible for ensuring regulatory compliance and embedding a culture of learning and continuous improvement so that TLT can demonstrate the highest possible standards to our clients, regulators, and other key stakeholders.
In a fast-changing regulatory environment and as TLT continues to innovate and develop new programmes of work, the SPDA’s role will be pivotal in championing the highest data protection standards and drive forward compliance across the Firm. As well as building expertise within the organisation and working on a range of exciting new projects weekly, you will capture learning and embed improved ways of working to ensure that our legal and regulatory position is robust.
Crucial to this role will be an expert knowledge of data protection legislation such as the UK GDPR (General Data Protection Regulation), the EU GDPR, the Data protection Act 2018, PECR and a proactive and pragmatic approach. This will include deputising on the behalf of the DPO when required to report to or present at the management committees of the firm on data protection matters including Executive Board, Operations Board, Governance and Oversight Board, Risk and Compliance Committee, Information Security Forum, IT Security Forum, Business Services Forum, and Group Risk Managers meetings as and when required as instructed by the DPO or the Risk Director.
In return we will invest in you. We want you to be successful. You will receive a bespoke, on-going training programme to ensure you develop your commercial and technical skills to allow you to deliver the varied workload to a high standard. As a member of our Support team you will be a vital part of our continued success. There isn't an "us and them" mentality and you will be recognised for your hard work and support.
- To work proactively as a Data Protection subject matter expert, promoting best practice and
developing policies and procedures to support this.
- To manage from first notification through to completion of all low to medium risk rated personal data breaches or incidents concerning impact and severity; including drafting written responses to regulators, clients or customers and reporting and communication with stakeholders within the Firm.
- To document TLT’s business practices in the GDPR risk register and to ensure that recommendations are issued as necessary to ensure that risks are mitigated effectively.
- As part of a small team, you will be the first port of call in supporting the smooth running of the DP team’s data protection best practice ethos, by championing the highest levels of customer care and providing a responsive, high-quality service to colleagues across the Firm.
- To provide specialist advice and recommendations across a range of data protection topics including individual rights requests, data breach management, DSARs (Data Subject Access Requests) and external data sharing practices within and outside of the UK.
- To reviewing supplier contracts (including Model Clauses, International Data Transfer Agreements) and consents needed to implement projects in partnership with the Firm’s Procurement and Information Security functions and ensuring filing requirements with local regulators are achieved.
- To lead on advice and instructions on how to conduct and complete Data Protection Impact Assessments (DPIAs) and Legitimate Interest Assessments (LIAs) exercises.
- To assist on the delivery of tailored data protection training and specific infographics awareness communications to different business teams and functions.
- To create and maintain documentation that provides evidence of legal and regulatory compliance based on the accountability principle and the GDPR risk register with little supervision.
- To support the development and implementation of all data protection policies, processes and procedures, and to maintain an appropriate review cycle and ensure joined up working is taking place across the IT and IS teams in order to support and achieve the Firm’s security and GDPR strategic aims.
- To assist the DPO on all aspects of data protection compliance when collaborating with Internal Audits to ensure that robust policies, procedures and controls are in place, meet the Firm’s needs and are effectively implemented.
- To develop the Data Protection Champions (DPC) network by working with key stakeholders in relevant teams and functions within the Firm.
- To perform quality control on the records of processing activity from each function to ensure consistency and alignment with relevant business policies and practices.
- To ensure that we address all queries from data subjects within legal timeframes (e.g. delete their information from our databases) and drive compliance with data governance policy requirements to archive and destroy data at the end of the information lifecycle across the Firm.
- Perform any other ad hoc activities or projects required for TLT related to privacy or data protection as instructed by the DPO.
The Ideal Candidate
Knowledge and experience
- Substantial recent experience of managing data protection and information rights functions within a large organisation or professional services company.
- Excellent knowledge of data protection laws (UK GDPR, EU GDPR, DPA (Data Protection Act)) and practices.
- Accredited qualification like a professional diploma in data protection and governance or hold at least one Data Protection and/or Privacy certification such as, CIPP, CIPT, ISEB/BCS. Consideration will also be given to experienced data protection professionals with three - five years’ experience in a data protection/privacy role.
- Educated to degree level (law degree or in social sciences preferable).
- Ability to handle confidential information.
- Extensive experience in data protection and knowledge of relevant legislation including the UK GDPR, EU GDPR, DPA 2018 and PECR.
- A self-starter with proven ability to work to a high standard, with minimal supervision when attending meetings and with an eye for detail, overseeing multiple projects and a range of complex and varied data protection related issues simultaneously.
- Ability to identify any compliance gaps and problems, undertake analysis, challenge poor practices diplomatically and make effective recommendations through pragmatic solutions.
- Experience developing effective data protection training skills and excellent written and oral communication skills.
- Ability to quickly establish personal credibility and to develop and maintain effective stakeholder’s relationships, including working with people with differing perspectives and agendas.
- High degree of IT literacy, with excellent experience of using Microsoft Office (Word, Excel, Outlook, PowerPoint). Excellent document and formatting skills for reporting.
- Knowledge and understanding of equality and diversity and what this means in relation to this post and the ability to incorporate this into all aspects of work.
- Good knowledge of best practices in information security and new technology practices.
- Ability to manage workload independently and autonomously when required by the DPO.
- Specialist knowledge in a relevant area e.g. data security, individual rights requests and data breaches.
- Experience of audit and risk assurance as it relates to data protection.
- Experience working in a law firm or professional services organisation or regulatory organisation.
- Preferably some understanding of the US, European and Asian data protection regimes as it relates to regulated firms or bodies and international data transfers.
TLT is committed to creating a diverse working environment and encourages applications from all suitably qualified people, regardless of any of the characteristics protected by the laws in the locations in which we operate. We welcome applications from people with disabilities and as a Disability Confident Employer, we are committed to providing reasonable adjustments, where necessary, to make interviews and jobs more accessible. Should you have any difficulty during the recruitment process, require any reasonable adjustments or an application to Access to work please contact the recruitment team on HR-Recruitment@TLTsolicitors.com
We value our employees highly and we want you to feel valued. You will receive a competitive basic salary with an annual pay review. You will also have access to an extensive range of benefits via our flexible benefits scheme including 25 days holiday (which will increase to 30 days based upon length of service) and private medical insurance.
About the Firm
We’re an ambitious UK law firm built around the needs of our high profile clients. With over 1000 employees and 100 partners across our six UK offices, we’ve grown considerably in the last three years – and so have our revenues. Open-minded? Definitively. Forward-focused? Absolutely. An energetic firm with an entrepreneurial, collaborative culture, we’re always looking to recruit highly talented individuals with the drive to succeed. So if you’re dynamic, determined and looking for a firm where you can develop your skills, join us and we’ll give you everything you need to thrive.