Privacy Officer

England, Surrey
29 Jan 2021
26 Feb 2021
JN -012021-2002867
Heather Ninnes
Practice Area
PQE Level
2-4, NQ
Contract Type
Full Time

Broad, operational data protection role based in Surrey, this role will see you involved in: data protection training, roll out and improvement of data protection policies and procedures, management of SARs, conducting DPIAs, training and advisory to the business. This role will suit someone who has some experience and a keen interest in data protection compliance, the opportunity to learn and develop within the role will be offered and encouraged.

Client Details

This Privacy Officer role is based in Surrey, the company has been in operation for over 30 years, it is a key player in the Aerospace industry.


This Privacy Officer role focused on operational data protection compliance responsibilities, reporting to the Compliance Manager, specifically:

The Privacy Officer is responsible for overseeing data compliance programme, data privacy, and in particular ensuring the organisation meets its obligations under the Data Protection Act 2018 (DPA 2018). The Privacy Officer is not the statutory role of Data Protection Officer as created by the DPA 2018. The Privacy Officer will act as the primary contact point for the parent company and the Information Commissioner's Office (ICO) and provide independent objective advice for the executive team. The role will refine and execute the Data Protection management plan.

  • Manage compliance to the Data Protection Act 2018 and compliance with Group Data Protection Policies and data protection elements of the Binding Corporate Rules (BCRs)
  • Advise the Executive Team and Board of Directors on all matters related to data protection. Providing regular board reports on data protection activities.
  • Play an active role in the Group Data Protection Network, reporting on company activities and ensuring Group is kept up-to-date with data processing activities
  • Create and maintain appropriate data protection Policies, Management Plans, and Procedures and manage an assurance programme and related audits including, but not limited to, data processing, data sharing, disclosure and data retention
  • Monitor changes to the law and guidance on all matters relating to data protection ensuring the company takes timely action to update and implement changes in Policies, Management Plans and Procedures
  • Oversee the maintenance of records required to demonstrate Data Protection compliance including Data Processing Instructions and the Data Processing Register
  • Provide leadership, management and direction in relation to all areas of data protection through the Privacy Champions and the Privacy Team
  • Manage a programme of awareness-raising and training to deliver compliance and to foster good practice and a data privacy culture through the Privacy Team.
  • Operate as the primary contact point for the ICO and lead data incident response and data breach notification procedure
  • Lead the response to any regulatory or Parent investigation or request for information
  • Review data protection clauses in contract terms in conjunction with Procurement, Contracts and Sub-Contracts teams
  • Work closely with the Privacy Champions and Data Processors on privacy matters, advising and ensuring they are regularly updated
  • Maintain and update Data Privacy Notices and ensuring Data Processing Agreements are complete and Authorised by both parties before commencement of processing.
  • Be the contact point with and co-operate with data subjects when exercising their individual data rights as well as supervise and advise on the response to such requests.
  • Liaises with internal processors to ensure requests are dealt with and redacted in a timely manner.
  • Advise on Data Protection Impact Assessments relating to regulatory function.
  • Lead on specific work programmes and projects, which relate to data management and protection.
  • The Privacy Officer will also provide support to the Compliance Team as directed.


This Privacy Officer role focused on operational data protection compliance responsibilities, reporting to the Compliance Manager, the role requires:

  • Certified EU GDPR Practitioner qualification (desirable)
  • Additional recognised privacy qualifications e. CIPP, ISEB (desirable)
  • Knowledge of data protection legislation, in particular the DPA 2018 with a compliance, IT security, legal or audit background
  • Previous experience of monitoring compliance with regulatory requirements and effectively engaging regulatory bodies
  • Experience in managing data incidents and breaches
  • Knowledge of cybersecurity risks and other information security standards
  • Experience in a similar role and an understanding of the data protection risks faced by large data-driven organisations with the ability to conduct the role independently and with integrity
  • Ability to make good judgements regarding data privacy risks and to prioritise resources and activity around managing those risks
  • Excellent senior stakeholder management, including the ability to communicate effectively
  • The ability to plan, organise and prioritise tasks and projects and to provide clear advice and direction even when faced with competing demands and short deadlines
  • Strong personal communication skills capable of dealing with a wide range of stakeholders, including senior management, and to exercise professional judgement

Job Offer

Please submit application for full details of the role.

This role is looking to pay £40,000 - £45,000 depending on experience

12 month fixed term contract with potential of extension/ permanent employment beyond this