Job Description Purpose of the role We are looking for a highly experienced Group Data Protection Officer / Data Privacy Lawyer who is looking for a new challenge and to progress their career, who has a genuine love of data protection, who wants to work on a range if interesting projects, accelerate their professional development, can think innovatively and provide practical and commercial advice in relation to data protection. Main Responsibilities Reporting to Head of Group Legal & Governance you will be the designated Group Data Protection Officer (GDPO) for all data controllers and responsible for carrying out the tasks prescribed by Article 39 of the EU/UK General Data Protection Regulation. You will be expected to provide specialist, pragmatic, regulatory and legal guidance and support to ensure that Ocorian has the right policies, processes, procedures and controls in place to operate in line with its obligations under applicable data protection laws and regulations that apply to our global businesses. The role will include: Working collaboratively with the Legal Team, colleagues in Risk & Compliance, Information Technology and Information Security as well as the wider business to ensure that legal and regulatory requirements / best practices relating to data protection laws and regulations are effectively identified and implemented. Reviewing, maintaining and providing guidance on the development of compliant policies, procedures, privacy notices, processes and controls to facilitate compliance with applicable data protection laws and regulations. Reviewing / providing guidance on data privacy aspect of 3rd party supply contracts including carrying out data privacy due diligence on 3rd party suppliers. Working closely with the wider Risk & Compliance team to provide expert guidance on key aspects of data protection, privacy risk strategy, and compliance focussing efforts on areas that present higher data protection risks. Providing regular data protection compliance reports to the Information Governance & Security Committee. Serving as the primary point of contact and liaison with applicable supervisory authorities in each of our jurisdictions. Serving as the primary point of contact for data privacy queries in the Ocorian Group. Facilitating the identification, investigation management and resolution of data protection compliance related issues. Preparing relevant compliance reporting to meet both internal and external regulatory requirements. Engaging with front line operational business teams to inform, advise and train our employees about our obligations to comply with data protection laws and regulations. Monitoring compliance with the EU/UK GDPR and other applicable data protection laws, and with our data protection policies, including managing internal data protection activities and conducting compliance reviews. Ensuring that Ocorian is appropriately registered in compliance with regulatory requirements and maintains an active Article 30 Register of Processing Activities, and responsible for driving internal audit processes. Managing data privacy breaches or near misses, support the identification of the root cause, mitigations and monitor implementation to prevent recurrence. Overseeing the data subject access request procedure and monitor individual rights balanced with the legitimate interests of the businesses. Consulting with the business acquisition programme with due diligence support activities to ensure compliance with the applicable data protection regulations. Developing and delivering data privacy training to the Ocorian Group. LI-SM1 LI-Hybrid