Data Protection Officer (circa £120k)

We are working with an international law firm who is headquartered in the US and has had a strong UK presence for over 30 years and is currently seeking a Data Protection Officer (DPO) to join their high-performing Risk & Compliance team who manage and oversee compliance of all Privacy, Data Protection and Data Governance processes for the firm.

This is a key role for the UK and the firm globally and as the DPO you will have extensive responsibilities:-

• Responsible for management of the firm’s data privacy program.
• Responsible for evaluation of the risk associated with potential personal data loss due to unintended disclosure.
• Oversee the “privacy by design” and data protection activities of the firm related to internal operations and client engagements.
• Identify need for and help co-author any necessary privacy policy, process and standards.
• Review privacy terms for client and third-party agreements.  
• Implement procedures to ensure that third parties engaged by the firm are compliant with the firm’s privacy standards
• Conduct Data Privacy Impact Assessments (DPIA’s) on high-risk new systems, applications, workflows and third-party engagements, as appropriate.
• Develop recommended action plans as a result of DPIAs where necessary and appropriate.
• Respond to Data Subject Access Requests (DSAR’s) on behalf of the firm and coordinate their resolution.
• Prepare and maintain a high-level “enterprise personal data map” which includes firm and third party managed personal information.
• Define information and privacy data management framework, policy, procedures and work instructions in partnership with lawyers, IT, practice support, and administrative                    departments.·
• Plan and execute periodic privacy data audits to evaluate the health of prioritized enterprise data and facilitate remediation of personal data issues and defects.
• Ensure continued compliance with firm’s ISO27701 privacy certification.
• Educate firm employees about the firm’s data privacy compliance responsibilities and obligations by designing and implementing training plans.
• Track and monitor updates and developments to applicable data privacy law and regulation, and make program and training changes and recommendations accordingly.
• Act as primary point of contact within the firm for members of staff and attorneys on data privacy matters, and as point of contact for relevant data protection authorities.
• Work collaboratively with senior management including Chief Compliance Office, Chief Information Officer, and firm management on all data privacy issues.

To apply you will be a progressive, Data Protection expert – used to managing data privacy programs.

You’ll have strong knowledge of global privacy regimes and their intersection, including US (e.g., HIPAA, CCPA), EU (GDPR), and UK (ICO) data privacy regulations and experience with other regional privacy regulations such as POPIA, PIPA, PIPL, UAE Data Protection Law, etc. strongly preferred.

University degree required and at least one privacy certification such as CIPP, CIPM, CDPSE preferred, but not essential.

In return you will be joining a  highly successful global firm with genuine opportunities for career advancement.