Job Description: Data Protection Officer (DPO)
Job Title: Manager
Level: III-IV (Depending on experience)
Department: Management & Finance
Reporting to: Chief Financial Officer
The DPO is responsible for overseeing the firm’s data protection strategy and implementation to ensure compliance with data protection regulatory requirements
Basis 3-4 days per week, tbc
The job is based in London but the successful candidate may be able to work from home up to 2 days a week. They will need to be in the office part of the time in order to work with Investment Managers.
To inform and advise management and employees of their obligations to data protection regulation;
To oversee the subject access request and breach reporting process;
To maintain an inventory of the firms personal data processing activities;
To implement and operate a risk based GDPR compliance monitoring programme to check compliance with data protection regulation and with the firms internal data privacy policies;
To raise staff awareness and coordinate training for staff involved in processing personal data;
To monitor and advise on data protection impact assessments;
To act as a contact point with the Information Commissioners Office; and
To provide regular updates to the firm’s Operational Risk Committee on matters relating to data protection compliance;
The DPO shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.
The DPO may perform other duties however these other duties must not result in a conflict of interest.
Work within the regulatory and the firm’s compliance framework
To cooperate with requests from the Information Commissioners Office
Maintain own professional competence through training and course work
Ensure that the firm’s clients and staff are always treated fairly and responsibly, with respect and consideration.
Qualifications, skills, experience and competencies needed
Essential: Must hold, or be prepared to obtain, Certified GDPR practitioner certificate (or equivalent) – this can be achieved with a 4 day course
Advantageous: Professional qualification in IT, law, compliance, risk or audit
Academic/Other Skills Required:
Educated to degree level
- Well organised
- Excellent written and verbal communications skills
- Ability to maintain required standards when working under pressure
- Good attention to detail and ability to work with minimal supervision
- Good IT skills, especially Excel spreadsheets