Data Protection Officer (DPO)

Marcus Donald are currently looking for a Data Protection Officer (DPO) who will have the overall responsibility for the ongoing implementation and delivery of the businesses Data Protection Policy, assuring compliance with the Data Protection Act 2018 and the General Data Protection Regulation, and other applicable data protection legislation and regulation.

**This a home based position with minimal travel involved**

The successful DPO will oversee the data privacy and data protection procedures and guidance notes, to ensure adherence by all business operations, and make sure that the organisation processes Personally Identifiable Information (PII) of data subjects (employees, customers, volunteers, and other individuals) in compliance with its obligations.

You will ideally be a PECB Certified Data Protection Officer with relevant experience of working in data protection and/or information security, with experience of developing, implementing and enhancing data protection compliance programmes.

Main duties and Responsibilities - Data Protection Officer:

• Ensuring compliance with the Data Protection Act 2018 and the General Data Protection Regulation
• Completing a full audit of current data governance arrangements (strategy, framework, privacy notices and policies, processes, systems, and contracts) including all business functions and ensuring all align to the ISO 9001 QMS and 27001 ISMS.
• Investigating potential and actual data protection breaches and incidents and ensuring that appropriate corrective and preventive actions are implemented.
• Reporting breaches and incidents to interested parties
• Where necessary, preparing Data Protection Impact Assessments and other Controller/Processor records
• Responding within the required timeframe to all Data Subject Requests (including interrogation of databases, email servers, recordings and all other repositories of personal data, including hard copies)
• Producing Privacy Notices for groups of data subjects, websites etc. and any other data protection-specific documents
• Liaising with the Head of Information Security to ensure that data protection training for all the business functions is included in the businesses Information Security Awareness Training module
• Liaising with the Head of Information Security to ensure that data protection risks, and associated mitigations are identified on the Information Security Asset Risk Assessment and Treatment Register

If this position is of interest, please do not hesitate to contact Ben James (bjames@marcusdonald.com) for any questions that may need answering and/or further information regarding the company and role.