Job Summary
Responsibilities include managing data subject requests, developing internal documentation, and working with the Data Security Compliance Team to ensure compliance with UK data protection legislation.
Key Responsibilities
* Manage end-to-end process of fulfilling data subject requests under the UK General Data Protection Regulation (UK GDPR)
* Develop and maintain internal documentation and communications regarding the data subject request process
* Work with the Data Security Compliance Team to handle requests in a structured, efficient, and cost-effective manner
* Collaborate with team members on the development and integration of tools involved in the data subject request process
* Conduct reviews of existing assessment and accountability processes and work with business stakeholders to create new ones where required
* Assist with the recommendation of improvements to achieve compliance and reduce risk
* Contribute to the application of Club-wide processes such as Data Protection by Default and by Design
* Assist in the refresh and communication of the Club's Data Security Policy
* Contribute to the development and execution of data protection and data security training, awareness campaigns, and eLearning training rollouts
* Support the DPO in ensuring the importance of data security compliance is appropriately communicated across the Club
* Assist with the production of well-written and carefully considered advice and guidance in response to data protection and data security enquiries
* Represent the team in meetings and for projects and initiatives, where required
* Attend industry events, conferences, and seminars to stay up-to-date with the threat landscape and any upcoming legislative change
Essential Skills and Experience
* Strong knowledge and experience of current and upcoming UK data protection law, including the UK GDPR, Data Protection Act 2018, and Privacy and Electronic Communication Regulations (PECR)
* One or more recognised data protection qualifications, such as the UK GDPR Practitioner, CIPP/E, or CIPM
* Extensive experience of fulfilling data subject requests made under the UK GDPR
* Experience of working in a team where providing guidance and advice about UK data protection law to internal and external stakeholders is a primary focus
* Proven experience in handling confidential and sensitive information
* First-rate planning and organisation skills with the ability to manage conflicting priorities while meeting tight deadlines
* Ability to work well under pressure while maintaining discretion
* Ability to work with minimum supervision, as well as collaboratively and flexibly with others to achieve team objectives
* Excellent written English coupled with clear and articulate verbal communication skills
* Methodical, with a high attention to detail and accuracy
* Highly motivated and focused with a desire to help, use initiative, and add value
* Confident general IT skills, ideally with use of Google Workspace and Adobe Acrobat Pro
Desirable Skills and Experience
* Highly proficient use of Google Workspace, Microsoft Office, and Adobe Acrobat Pro
* Familiarity with information security best practice, such as ISO 27001 and Cyber Essentials
* Awareness of payment card industry standards and requirements, such as the Payment Card Data Security Standard (PCI DSS)