Data Security Compliance Adviser

Key Tasks/Accountabilities:

• Be primarily responsible for the end to end process of fulfilling data subject requests made under the UK General Data Protection Regulation (UK GDPR), such as subject access requests and erasure requests, as well as requests for information from other organisations, such as law firms, law enforcement or government departments.
• Build on existing internal documentation and communications regarding the data subject request process so that:
• Other departments are clear about their responsibilities
• The Data Security Compliance Team handles requests in the most structured, efficient and cost effective manner possible, while complying with UK data protection legislation and meeting legal deadlines
• Work with members of the team on the development and integration of tools involved in the data subject request process, such as the OneTrust Privacy Rights Automation module and other internal platforms
• Share the responsibility to conduct reviews of existing assessment and accountability processes and work with business stakeholders to create new ones where required. Assist with the recommendation of improvements to achieve compliance and reduce risk and help to ensure the delivery of agreed recommendations. Examples of processes are:
• Data Protection Impact Assessments (DPIAs)
• Legitimate Interest Assessments (LIAs)
• Legal Basis for Processing Checklists
• Records of Processing Activities (ROPA)
• Assist with the optimisation of the above record, list and assessment processes and the continual improvement of associated documentation
• Contribute to the application of Club wide processes such as Data Protection by Default and by Design, working with business teams and the IS department as necessary
• Assist in the refresh and communication of the Club's Data Security Policy set
• Contribute to the development and execution of data protection and data security training, awareness campaigns and eLearning training rollouts
• Support the DPO in ensuring the importance of data security compliance is appropriately communicated across the Club by assisting with the production of Club communications as well as articles and guidance for the team’s intranet presence
• Assist with the production of well written and carefully considered advice and guidance in response to data protection and data security enquiries, both internal and external
• Be willing to take on ad hoc challenges and find solutions for implementation
• Represent the team in meetings and for projects and initiatives, where required
• Attend industry events, conferences and seminars to keep up to date with the threat landscape and any upcoming legislative change

Essential Skills & Experience Required:

• Strong knowledge and experience of current and upcoming UK data protection law, e.g. the UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, Privacy and Electronic Communication Regulations (PECR) and familiarity with guidance published by the Information Commissioner’s Office
• One or more recognised data protection qualifications, e.g. UK GDPR Practitioner, CIPP/E, CIPM
• Extensive experience of fulfilling data subject requests made under the UK GDPR
• Experience of working in a team where providing guidance and advice about UK data protection law to internal and external stakeholders is a primary focus
• Proven experience in handling confidential and sensitive information
• First rate planning and organisation skills with the ability to manage conflicting priorities while meeting tight deadlines
• Must have the ability to work well under pressure while maintaining discretion
• Ability to work with minimum supervision, as well as collaboratively and flexibly with others to achieve team objectives
• Excellent written English coupled with clear and articulate verbal communication skills
• Methodical, with a high attention to detail and accuracy
• Highly motivated and focused with a desire to help, use initiative and add value
• Confident general IT skills, ideally primarily with use of Google Workspace and Adobe Acrobat Pro (see below) but as a minimum, with Microsoft Office / O365 software suites

Desirable Skills & Experience Required:

• Highly proficient use of Google Workspace (Gmail, Drive etc), Microsoft Office (Outlook, Word and Excel in particular) and use of the redaction tools and other key features in Adobe Acrobat Pro
• Familiar with information security best practice, e.g. ISO 27001, Cyber Essentials
• Awareness of payment card industry standards and requirements, i.e. Payment Card Data Security Standard (PCI DSS)