Data Protection Officer, Compliance

Division: General Counsel and External Relations

Location: United Kingdom, London

Employment Type: Permanent

Salary: Competitive

Closing Date: 24 October 2021

Data Protection Officer, Compliance

Our mission

  • CDC is the UK’s development finance institution. Established in 1948 we invest in the most challenging markets of Africa and Asia with the aim of supporting economic development.
  • CDC has net assets of £6.4bn and a portfolio of £4.7 billion. In 2019 we committed over £1.66 billion of capital to business in Africa and Asia and are now invested in 1,200 businesses which directly employ over 875,000 workers and support many more.
  • CDC is a Public Limited Company and is wholly owned on behalf of the UK government by the Foreign, Commonwealth & Development Office (FCDO).
  • In the last few years, we have expanded our presence in Africa and Asia by opening new offices in Bangladesh, Egypt, Kenya, Myanmar, Nepal, Nigeria and Pakistan with additional locations opening soon.
  • At CDC, we take an entrepreneurial approach to investment. We think innovatively about ways to deploy our capital, attract and mobilise other investors, and drive transformational impact.
  • Primarily, CDC invests through direct equity, direct debt and funds products to achieve impact and a financial return which is reinvested into more businesses. We aim to create jobs and accelerate economic prosperity and focus on sectors that will do this; manufacturing, food and agriculture, infrastructure, financial institutions, construction, health and education.
  • CDC works with like-minded ambitious people who are primarily motivated by our mission to deliver impact. We are a growing team of over 485 and place immense value on diversity within our organisation.
  • Read more about us on our website cdcgroup.com

 

Team and role overview

The Data Protection Team are a cross functional team that has been established to support and oversee the implementation of the requirements of the DPA within our operations, which are implemented through CDC's data protection policies and controls. 

The Data Protection Team supports data protection within CDC by:

  • Developing and supporting the implementation of CDC's internal and external data protection related policies and procedures.
  • Providing advice to CDC staff on the collection, storage, use and deletion of personal data and sensitive personal data and compliance with the Data Protection Act and relevant legislation overseas.
  • Ensuring we have appropriate legal and/or contractual measures in place to share personal data with others when required.
  • Managing the technology platform(s) implemented by CDC to manage its data protection measures.
  • Acting as the focal point for data protection requests and queries from employees and external parties. ​​​​

 

Purpose

Reporting to the Head of Compliance, the Data Protection Officer (DPO) will manage and monitor CDC’s privacy and data protection compliance and practices internally to ensure the business and its functions comply with the applicable requirements under the UK GDPR and relevant legislation overseas. The DPO will be responsible for advising on, and where required carrying out, staff training, data protection impact assessments, policy reviews, privacy initiatives, responding to DSARs and compliance monitoring. The DPO will also be appointed as the statutory DPO and thus serve as the primary contact for supervisory authorities and individuals whose data is processed by the organisation.

 

Responsibilities

  • Implement and maintain a privacy governance framework to manage data use in compliance with the UK Data Protection Act, the GDPR and relevant legislation overseas, including developing a compliance monitoring programme, advising on and assisting with data mapping and records of data processing, and vendor management reviews.
  • Work with key internal stakeholders in the review of processing activities and projects and related data processing to ensure compliance with data privacy laws, and where necessary, advising on and monitoring data protection privacy impact assessments.
  • Serve as the primary point of contact and liaison for the Information Commissioner on all data protection related matters under the UK Data Protection Act, the GDPR and relevant legislation overseas. Managing filing and fee requirements with local Data Protection Authorities for CDC and any relevant subsidiaries.
  • Serve as the primary point of contact for data protection queries in the business.
  • Manage and conduct ongoing reviews of CDC’s privacy governance framework and regular and ad hoc reporting on data privacy compliance within the organisation.
  • Monitor changes to privacy laws in the UK and relevant jurisdictions overseas and make recommendations to the Operations Committee when appropriate.
  • Set standards and review policies and procedures globally to ensure they meet the requirements under the UK Data Protection Act, the GDPR and any relevant legislation overseas.
  • Develop and deliver privacy training to various business functions and raise employee awareness of data privacy and security issues.
  • Develop strategies and initiatives to ensure engagement with key internal and external stakeholders.
  • Coordinate conduct and monitor data privacy audits.
  • Managing the technology platform(s) implemented by CDC to manage its data protection measures.
  • Managing data breaches in accordance with company policy and relevant laws.
  • Collaborate with the Information Security team to maintain records of all data assets and exports, and maintain a personal data security incident management plan to ensure timely remediation of incidents impacting personal data including impact assessments, breach response, complaints, claims or notifications.
  • Respond to and advise on data subject rights requests, including data subject access requests (DSARs) and other requests from individuals.
  • Ensure that CDC’s IT systems and procedures comply with all relevant data privacy and protection law, regulation, and policy (including in relation to the retention and destruction of data).
  • Work with CDC’s Corporate Counsel and other lawyers, subject matter experts or champions across CDC’s offices.
  • Ensuring that CDC compliantly transfers data across borders and in line with the latest law and guidance.
  • Promote effective work practices, working as a team member, and showing respect for co-workers.
  • Handle compliance matters and queries arising from CDC’s operations in relation to Freedom of Information Act. This includes managing Freedom of Information Act requests.
  • Manage and oversee all reports received through CDC’s external complaint handling arrangements and provide appropriate compliance-related input to such reports.

 

The candidate

Background, skills, aptitude

  • Detailed knowledge of the European and UK Data protection regulatory framework and have worked in a data privacy management role for a minimum of five years.
  • Extensive experience in oversight of compliance and data protection controls in a large UK business with international operations.
  • Law degree and preferably a postgraduate qualification in a relevant discipline.
  • Hold at least one data protection and/or privacy certification, such as CIPP, CIPT, CIPM, ISEB, etc.

Essential skills:

  • Demonstrated leadership skills in achieving stated objectives involving a diverse set of stakeholders and managing varied projects.
  • Experience in the design, implementation and management of controls relating to personal data legislation.
  • Experience in developing policies and procedures, as well as preparing and delivering data protection training and awareness raising.
  • Well-developed and professional interpersonal skills; ability to interact effectively with people at all organisational levels of the firm.
  • Ability to work unsupervised, exercise leadership and influence change.
  • Detail-oriented approach and ability to recommend and implement strategic improvements on a range of data privacy and data protection issues.

Desirable skills:

  • Knowledge of PC applications, including MS Office and data protection system solutions/data management systems, including OneTrust.
  • Systematic approach to work with attention to detail.
  • Clear ability to look and plan ahead.
  • Proficient in managing diverse views and developing a consensus around standards.
  • Demonstrated ability to independently manage and prioritise a busy and diverse workload with a range of deliverables for a variety of stakeholders.
  • Strong team player who enjoys working as part of a close team and willing to collaborate and support the team on a variety of different initiatives and tasks.
  • Highly motivated and results driven.
  • Candidates should be strongly motivated by CDC’s development mission and ideally demonstrate some commitment to development or social goals through previous executive or non-executive activity.

 

Our cultural values

We look for team members who aspire, as we do, to work at our best and to be:

  • Impact-led, commercially rigorous
  • Tenacious in the face of challenges
  • Collaborative and caring

 

CDC is committed to diversity and inclusion and welcomes all applicants regardless of age, disability, gender reassignment, marriage and civil partnership, pregnancy and maternity, race, religion or belief, sex, sexual orientation or educational background. 

 

Please provide a cover letter with your application

Salary: Competitive

Apply now