Senior Data Protection Assistant

We have an exciting new opportunity for an experienced, senior Data Protection individual to join TLT.

The Senior Data Protection Assistant (SDPA internally) will work closely with the Data Protection Officer (DPO) in leading stakeholders across multiple teams in the implementation of data protection compliance activities. The SDPA will help to drive privacy by design throughout the organisation and be responsible for coordinating activities with regards to privacy and governance related matters as directed by the DPO or the Risk Director.

**Your Role**:
In a fast-changing regulatory environment and as TLT continues to innovate and develop new programmes of work, the SPDA’s role will be pivotal in championing the highest data protection standards and drive forward compliance across the Firm. As well as building expertise within the organisation and working on a range of exciting new projects weekly, you will capture learning and embed improved ways of working to ensure that our legal and regulatory position is robust.

Your day-to-day remit will include:

- To manage from first notification through to completion of all low to medium risk rated personal data breaches or incidents concerning impact and severity; including drafting written responses to regulators, clients or customers and reporting and communication with stakeholders within the Firm.
- To document TLT’s business practices in the GDPR risk register and to ensure that recommendations are issued as necessary to ensure that risks are mitigated effectively.
- As part of a small team, you will be the first port of call in supporting the smooth running of the DP team’s data protection best practice ethos, by championing the highest levels of customer care and providing a responsive, high-quality service to colleagues across the Firm.
- To provide specialist advice and recommendations across a range of data protection topics including individual rights requests, data breach management, DSARs (Data Subject Access Requests) and external data sharing practices within and outside of the UK.
- To reviewing supplier contracts (including Model Clauses, International Data Transfer Agreements) and consents needed to implement projects in partnership with the Firm’s Procurement and Information Security functions and ensuring filing requirements with local regulators are achieved.
- To lead on advice and instructions on how to conduct and complete Data Protection Impact Assessments (DPIAs) and Legitimate Interest Assessments (LIAs) exercises.
- To assist on the delivery of tailored data protection training and specific infographics awareness communications to different business teams and functions.
- To create and maintain documentation that provides evidence of legal and regulatory compliance based on the accountability principle and the GDPR risk register with little supervision.
- To support the development and implementation of all data protection policies, processes and procedures, and to maintain an appropriate review cycle and ensure joined up working is taking place across the IT and IS teams in order to support and achieve the Firm’s security and GDPR strategic aims.
- To assist the DPO on all aspects of data protection compliance when collaborating with Internal Audits to ensure that robust policies, procedures and controls are in place, meet the Firm’s needs and are effectively implemented.
- To develop the Data Protection Champions (DPC) network by working with key stakeholders in relevant teams and functions within the Firm.
- To perform quality control on the records of processing activity from each function to ensure consistency and alignment with relevant business policies and practices.
- Perform any other ad hoc activities or projects required for TLT related to privacy or data protection as instructed by the DPO.

***Your Skills and Experience**:

- Substantial recent experience of managing data protection and information rights functions within a large regulated organisation or professional services company.
- Excellent knowledge of data protection laws (UK GDPR, EU GDPR, DPA (Data Protection Act)) and practices.
- Accredited qualification like a professional diploma in data protection and governance or hold at least one Data Protection and/or Privacy certification such as, CIPP, CIPT, ISEB/BCS. Consideration will also be given to experienced data protection professionals with three - five years’ experience in a data protection/privacy role.
- Educated to degree level (law degree or in social sciences preferable).
- Ability to handle confidential information.
- Extensive experience in data protection and knowledge of relevant legislation including the UK GDPR, EU GDPR, DPA 2018 and PECR.
- A self-starter with proven ability to work to a high standard, with mínimal supervision when attending meetings and with an eye for detail, overseeing multiple projects and a range of complex and varied data protection related issues simult