Glasgow Prestwick Airport (GPA) has an exciting opportunity for a part time Data Protection Officer to oversee, manage and monitor GPA’s compliance with regulatory and statutory provisions as directed by the Scottish Government. The role is permanent, office based, 24 hours per week between Monday to Friday.
The ideal candidate will have a genuine passion for data protection, a minimum of 2 years’ experience and hold an industry recognised qualification in Data Protection and / or Records Management or any other related subject. This is broadly a standalone role, reporting directly to the Human Resources Director so will require an individual who is self-motivated, has a “can do” proactive attitude, excellent administration skills and is able to work on their own initiative within agreed boundaries.
Key Accountabilities:
1. Act as the nominated officer and single point of contact for GPA in relation to Data Protection, Records Management and relevant associated Public Sector Requirements.
2. To oversee the management of (and compliance with) data protection and associated legislation, including relevant associated public sector requirements, as appropriate.
3. To lead on the implementation and progress of GPA’s Records Management Plan.
Key Responsibilities:
Data Protection:
4. Maintain and regularly review the policies and procedures contained in the GPA Information Governance Manual, ensuring they are compliant with data protection laws including UK GDPR.
5. Inform, advise, and issue recommendations to the Company regarding compliance with data protection laws including UK GDPR, and Company policies and guidelines with respect to data protection and records management.
6. Foster a data protection culture within the business and help to embed essential elements of the UK GDPR, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, security of processing, awareness training, and notification and communication of data breaches.
7. Provide advice concerning data protection impact assessments (DPIAs) and monitor their performance pursuant to the provisions of the law, including whether and how to carry out a DPIA, what safeguards (including technical and organisational measures) to apply to mitigate any risks to the rights and interests of the data subjects, and whether or not the DPIA has been correctly carried out in compliance with UK GDPR.
8. Maintain the record of processing operations and key repositories or personal data under the responsibility of the controller and manage related data protection inventories.
9. Co-operate with and be the contact person for the designated supervisory and other data protection authorities, and consult, where appropriate, on issues relating to processing.
10. Identify and manage risks related to data protection and records management, escalating risks and issues to Executive team when appropriate.
11. Offer consultation in relation to any information security events.
12. To record, liaise with and support HR in relation to subject access requests as required.
13. To support the IT department with access control of CCTV on site, ensuring the CCTV policy (Security Procedures Manual) is being adhered to.
14. To collate, push and burn CCTV footage in relation to any requests made, ensuring the Security IT Data form is completed and authorised.
Records Management:
15. To implement, maintain, monitor, and review GPA’s Records Management Plan and associated guidance, policies and procedures
16. Responsible for the GPA Publication Scheme, ensuring consistency against expected standards across all classes of information.
17. To advise and provide guidance on all aspects of records management, including the introduction of effective and appropriate management of both hard copy and electronic records.
18. To promote good records management and raise awareness of records management issues.
19. To advise on retention and disposal periods and establish schedules.
Other:
20. Attend regular/ongoing training for the role as required.
21. To develop, deliver and maintain training in data protection and records management for GPA employees as required.
22. To conduct internal audits on Data Protection and Records Management.
23. Prepare and provide Data Protection and Records Management statistics to the Executive Team as required.
24. To liaise with external stakeholders, such as the Keeper of the Records of Scotland, the Information Commissioner, the Scottish Information Commissioner, and the Scottish Government, as appropriate.
25. To participate in Projects and Working Groups as required, providing advice/support in relation to data protection and records management to ensure compliance with all relevant legislation and the policies/procedures contained in the GPA Information Governance Manual.
26. To chair any Data Protection Working Groups.
Person Specification
Qualifications:
An industry recognised qualification in Data Protection and/or Records Management or any other related subject would be a distinct advantage.
Experience and Skills:
27. A minimum of 2-years’ experience as a subject matter expert alongside leading/monitoring compliance with UK data protection legislation, including UKGDPR and the Data Protection Act 2018, including the related policy and process development is essential.
28. A genuine passion for data protection alongside a proven ability to effectively advocate the importance of compliance and good record keeping that will positively influence non-experts at all levels is essential.
29. Experience in managing an organisation’s records from creation, retention and eventual disposal is essential.
30. Experience of risk management principles and conducting internal compliance audits is essential.
31. Experience of leading on compliance with the Public Records (Scotland) Act 2011 including the preparation, implementation and on-going review of a Records Management Plan would be an advantage.
Personal Attributes:
32. Excellent communicator, both verbally and in writing, who can create clear requirements, guidance and documentation for both internal and external stakeholders at all levels.
33. Strong problem-solver who pays attention to detail and can analyse/extract information by questioning, active listening and interviewing.
34. Ability to work on own initiative within agreed boundaries.
35. Ability to work under pressure and manage conflicting priorities.
36. Flexible & Resilient
37. Pro-active; positive; enthusiastic
38. Self Confidence
Remuneration:
A competitive salary, this will be discussed upon offer, depending on the skills and knowledge of the individual and in addition you benefit from:
39. Free onsite parking.
40. Being auto enrolled into a pension scheme (after 3 months) – enhanced upon request.
41. Access to our health cash plan (after 6 months).
42. Staff discounts in partnership with Dufry World Duty Free.
43. Bike2Work scheme (after 6 months).
44. Learning and developing within a fast-paced aviation environment.
45. Being part of a dedicated and friendly team.
Please note that to work at GPA you are required to:
46. Comply with UK Right to Work checks and provide associated relevant documentation at interview.
47. Confirm your identity by providing a copy of your passport or driving licence.
48. Provide GPA with a complete five-year referencing history inclusive of all employment, self-employment, and education. Any gap period of 28 days or more must be covered by a personal reference to which you must also provide contact details.
49. Upon request, provide a Criminal Record Check Certificate (Basic Disclosure) from Disclosure Scotland. This must not display any disqualifying convictions as detailed on the Civil Aviation Authority website.
50. Where applicable, undertake a Counter Terrorist Check (CTC) and understand that deployment to any security related activities is conditional upon the satisfactory result of such a check.
We are proud to be a Disability Confident employer and are committed to applying equal opportunities at all stages of our recruitment and selection process. Reasonable adjustments will be made to our recruitment process to ensure that no applicant is disadvantaged.
If you are interested in applying, please complete the following:
51. A completed Company Application for Employment form
52. Read our Equal Opportunities Policy and complete an Equal Opportunities Form