Data at Blue The Data Protection Function is part of the wider Risk & Compliance department, led by our Chief Compliance Officer. The data function is responsible for the business’ compliance with its regulatory obligations from a data protection perspective. We collaborate closely as one function and work with all other teams across Blue. Overall purpose of the role The Data Protection Manager (DPM) will ensure Blue meets its obligations under the Data Protection Act 2018 (DPA 2018). Reporting to the Chief Compliance Officer & DPO, the DPM will monitor compliance and data practices internally to ensure that the business and its functions comply with the applicable requirements under the DPA 2018 and relevant national legislation. The DPM will be responsible for advising on, and where required, carrying out staff training, data protection impact assessments and internal audits. The DPM works across all business lines in an advisory role to help Blue maintain perspective on what constitutes “doing the right thing” objectivity, ability to challenge, commerciality and pragmatism to successfully operate across the business. Key responsibilities and accountabilities Develop, monitor and maintain policies and standards applicable to the business and in compliance with the DPA 2018 and relevant national legislation. Work with internal stakeholders in the review of projects and related data to ensure compliance with data privacy laws, conducting, advising on and monitoring data protection privacy impact assessments. Serving as the primary point of contact for data protection related matters under the DPA 2018,, GDPR compliance, escalating matters and risks to the DPO where appropriate. Reviewing vendor contracts (including EU model clauses) needed to implement projects in partnership with the firm’s Compliance and IT functions. Managing and conducting ongoing reviews of Blue’s privacy governance framework and reporting on data privacy compliance within the organisation. Implement measures to manage data use in compliance with the DPA 2018, including developing templates for data collection, assisting with data mapping, and vendor management reviews. Management and oversight of Data Rights Requests and complaints within 1LOD Responsible for data breach and security incident Management, ensuring escalation to the DPO where appropriate Monitoring changes to Data Protection laws and making recommendations to the DPO and Board or a relevant committee when appropriate. Develop and deliver privacy training to various business functions and collaborate with the IT function to raise employee awareness of data privacy and security issues. Ensuring that the business’ data assets and processes are up to date, effective and operational, including data registers, LIA’s, privacy notices and key policies and procedures. Assist the DPO in fostering and promoting a culture of data privacy across the business, developing strategies and initiatives to ensure engagement with key internal and external stakeholders. Coordinate, conduct and monitor data privacy audits and assurance reviews Collaborate with the IT function to maintain records of all data assets and exports and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications. Ensuring that Blue’s IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data). Compliance and regulation Develop and maintain a full understanding of the Company’s compliance requirements (including the Financial Conduct Authority’s Conduct Rules) and act in accordance with the standards, instructions in, and the spirit of those requirements. Take responsibility for ensuring that personal data within your remit is handled lawfully, fairly, and in line with the company’s data protection policies and procedures. Collaborate with the Data Protection Officer to ensure compliance with data protection standards, guidelines, and principles, acting in a manner that upholds these requirements while supporting the DPO’s overall oversight responsibilities. For customer data, ensure it is processed securely and in accordance with data privacy obligations to protect the rights of individuals. For employee personal data, handle it with strict confidentiality and in compliance with employment and data protection legislation. Act to deliver good outcomes for our customers and understand how this requirement specifically applies to your role at Blue. Person specification Expert knowledge of Data Protection Law and practices and able to fulfil the tasks in DPA 2018. Hold at least one data protection and/or privacy certification, such as CIPP, CIPT, CIPM, ISEB, etc. Minimum of 4 years’ experience within privacy and data protection compliance. Ideally previously held a Data Protection Manager position. Ability to demonstrate leadership and project management experience. Familiarity with privacy and security risk assessment and best practices, privacy certifications/seals and information security standards certifications. Experience working in an FCA regulated industry (desirable). Experience in developing policy and compliance training. Sufficient knowledge of information technology and data management systems required. Strong change and project management skills, including the ability to manage time well, prioritise effectively and handle multiple deadlines. Ability to undertake large, long-term projects, develop alternative methods and implement solutions. Good team player, flexible and able to work on own initiative. Strong interpersonal skills, able to establish effective working relationships at all levels. Appreciates the importance of confidentiality, accuracy and attention to detail. Resilient, not derailed by a setback and returns to a high level of performance quickly. Comfortable identifying and raising issues, particularly where driving good outcomes for customers are concerned. Additional requirements This document is neither contractual nor exhaustive and may be amended to meet the needs of the business. Where possible this will be done in consultation with the job holder From time to time, and within reason, you may be required to carry out tasks that fall outside of your position’s remit From time to time, and within reason, you may be required to work outside of your standard contracted hours As part of your on-going development, you may be required to undertake training in order to meet the requirements of your role. Due to our remote location and lack of public transport it is suggested that you are a driver and are able to get to our offices in Sundridge, Sevenoaks.