This is a Hybrid role, the Data Protection team work from our Cardiff Office 3 days per week.
The Data Protection Team at Capital on Tap
The data protection team sits within Cybersecurity and is made up of a Data Protection Manager reporting to the DPO.
The Role
We are looking for a Data Protection Analyst who will be responsible for supporting the development, implementation, and management of the company's data protection and privacy policies, ensuring compliance with relevant laws and regulations (such as GDPR, CCPA or equivalent frameworks).
This role will assist in safeguarding sensitive data, performing risk assessments, and providing expert guidance on data protection practices to ensure data security across all organisational operations.
This role involves overseeing data protection procedures, ensuring secure handling of personal data, and assisting in privacy-related advice, projects and audits.
You will be the first point of contact for the operational side of the business, promoting a culture of data protection and compliance within the organisation. The ideal candidate will have strong organisational skills, attention to detail, and a comprehensive understanding of data protection principles.
What You’ll Be Doing
* Ensure compliance with applicable data protection laws, including GDPR, PECR, CCPA, The California Privacy Rights Act (CPRA) and other regional regulations.
* Support the Data Protection Officer (DPO) and Data Protection Manager (DPM) in monitoring compliance across departments.
* Management of the data rights process, including DSAR’s and erasure requests.
* Maintain and update records of processing activities (RoPA) and ensure it remains accurate and up to date.
* Support due diligence processes for vendors and third parties, ensuring compliance with data protection standards.
* Coordinate data protection training sessions and ensure all employees understand their responsibilities.
* Act as a point of contact for employees with queries regarding data protection practices.
We’re Looking For Required skills/attributes:
* Excellent understanding of the GDPR/ Data Protection Act (2018).
* Experience with processing data protection rights (like SAR’s, Right to erase).
* Financial services regulation knowledge.
* Proactive stakeholder management skills.
* Strong reporting skills.
* High level of integrity and commitment to confidentiality.
* Proactive and able to work independently or as part of a team.
* Eagerness to learn and adapt to evolving data protection requirements.
* Strong organisational skills, and the ability to effectively prioritise key activities.
Nice to have skills/qualifications:
* Any privacy qualification such as CIPP/E, CIPM, CIPP/US, BCS Foundation Certificate in Data Protection.
* Experience working with the CCPA (California Consumer Privacy Act).
* Experience working with European data protection regulations.
Diversity & Inclusion We welcome, consider and encourage applications from anyone who shares our commitment to inclusivity. Join us in creating a space where authenticity thrives, and everyone can do their best work.
Great Work Deserves Great Perks We try not to take ourselves too seriously (all the time) so we make sure our office is decked out with a pool table, arcade machine, beer tap, and a couple of office dogs thrown in for good measure. Check out our benefits:
* Private Healthcare including dental and opticians services through Vitality.
* Worldwide travel insurance through Vitality.
* Anniversary Rewards (£250, £500, £750, 4-week fully paid sabbatical).
* Salary Sacrifice Pension Scheme up to 7% match.
* 28 days holiday (plus bank holidays).
* Annual Learning and Wellbeing Budget.
* Enhanced Parental Leave.
* Cycle to Work Scheme.
* Season Ticket Loan.
* 6 free therapy sessions per year.
* Dog Friendly Offices.
* Free drinks and snacks in our offices.
Check out more of our benefits, values and mission here.
Interview Process
First stage: 30 minute intro and values call with Talent Partner (Video call).
Final stage: 60 minute technical/ CV overview interview with the Data Protection Manager and Cybersecurity & Infrastructure Director (Video call/In Person).
#J-18808-Ljbffr