Data Protection Officer

Our client is a leading financial services institution that provides asset and liability management services and is now looking to recruit a Data Protection Officer.

Role Summary

This is an exciting opportunity to join the Compliance Unit of our client in providing oversight, support, and assurance on data protection, compliance, and governance matters across the various businesses within the organisation. The Compliance Unit provides advice and support to the organisation, various Boards/Committees, and staff in relation to statutory, governance, and other compliance obligations while The Data Protection Officer (DPO) provides data protection services to the organisation and certain affiliate divisions.

The successful candidate will be an ambitious and highly experienced senior manager with extensive data protection, compliance, and/or legal expertise. They will play a key role within a dynamic team, handling data protection matters and providing general compliance and governance oversight, advice, and assurance.

Principal Accountabilities

The Data Protection Officer (DPO) is, in accordance with the EU General Data Protection Regulation (GDPR), responsible for monitoring compliance with the GDPR and other European and national data protection and privacy laws and policies. The DPO reports to the Chief Legal Officer on overall data protection risk strategy and planning matters and reports to the Head of Compliance (HoC) on administrative and operational matters. The DPO also has an independent reporting line on data protection matters to the Audit and Risk Committee.

This role works closely with the HoC, and the primary responsibilities of the DPO will include:

Ensuring ongoing compliance with GDPR and other European and national data protection and privacy laws and policies:

• Inform, advise, and promote awareness among management and staff of their obligations under GDPR and other data protection laws.
• Monitor compliance with GDPR and data protection laws, assign responsibilities, raise awareness, train staff, and perform related audits.
• Provide advice on high-risk processing and Data Protection Impact Assessments (DPIAs), and monitor their performance.
• Devise, implement, and update policies and procedures on data protection and privacy, ensuring awareness both within and outside the organisation where appropriate.
• Oversee interactions with Data Subjects regarding the processing of their personal data, ensuring their rights are upheld within statutory timelines.
• Investigate and act on complaints concerning data protection policies and procedures.
• Oversee the maintenance of business unit records of processing activities (RoPA).
• Monitor ongoing risks associated with data processing activities, considering the nature, scope, and purposes of processing.
• Advise on contract provisions, due diligence, and data instructions to third-party data processors, ensuring they have adequate technical and organisational measures in place to protect personal data.
• Stay updated on technological developments in data protection and privacy.
• Act as the contact point and cooperate with the Data Protection Commission on data protection issues.

Team Leadership and Motivation:

• Manage effective working relationships with key personnel across all business units.
• Continuously identify ways of improving operational efficiencies in data protection and privacy practice.
• Lead, manage, and mentor team members within the reporting line.

Stakeholder Engagement and Accountability:

• Report to the Audit and Risk Committee and relevant Affiliate Agency Audit and Risk Committees on data protection matters.
• Report to the Chief Legal Officer and HoC on the progress and delivery of relevant projects and data subject matters.
• Act as the contact point for all interactions with the Data Protection Commissioner, cooperating in supervisory work and consulting on matters like DPIAs, data breaches, and data subject access requests.
• Engage with data processors to ensure compliance with GDPR and oversee audits as needed.
• Provide training on GDPR and data protection laws to all levels of the organisation, keeping training updated with changes in the law and policy.
• Provide support to Tier 1 projects as required.
• Contribute to the design and execution of the Data Protection aspect of the annual Compliance and DPO plan.
• Provide services to Affiliate Agencies in accordance with agreed Service Level Agreements (SLAs).
• Protect the organisation's reputation in all data processing operations.

General Compliance Work:

• Execute the compliance framework to support all units in meeting statutory and governance obligations.
• Support ongoing compliance with the Compliance Framework and the control framework within the Compliance function remit.
• Complete Compliance actions in the Compliance and DPO plan and provide services to Affiliate Agencies in accordance with SLAs.
• Promote awareness, advice, and support for a strong compliance culture.
• Deliver elements of an agreed training programme.

Knowledge and Experience

• 10+ years' experience in data protection, with at least 5 years in a senior management position with legal/compliance experience.
• Relevant third-level qualification or equivalent professional qualification, particularly in data protection.
• Expert knowledge of European data protection law, including GDPR and the Data Protection Acts 1988-2018, and experience in implementing these laws.
• Strong understanding of Irish/EU financial industry legal and regulatory requirements, with knowledge of financial markets and services within the sector.
• Ability to communicate effectively with data subjects, data protection authorities, processors, and colleagues on data protection matters.
• A good technical understanding of the processing operations, information systems, and data security within the organisation and its Affiliate Agencies.
• Demonstrated awareness of the commercial environment and relevant risks to the organisation in carrying out its objectives.
• Experience working with diverse stakeholders in a pressurised environment.
• Experience in a compliance, assurance, monitoring, or audit role is an advantage.
• Proven track record of high performance in completing tasks and projects.
• Understanding of compliance matters in a public-sector context would be advantageous.

Skills

• Strong leadership and relationship management skills, with the ability to influence at all levels.
• Ability to quickly understand the business drivers of the organisation and provide relevant advice.
• Ability to communicate complex information clearly and concisely, both orally and in writing.
• Demonstrable ability to act with integrity and work in a highly organised manner.
• Ability to interface effectively with all levels of the organisation.
• Strong personal impact and influencing skills.
• Confident, decisive, and with good judgment.
• Adaptable and flexible in approach.
• Ability to handle multiple projects simultaneously and meet deadlines.
• Strong IT skills, including MS Office, MS Teams, OneTrust (or similar), and project management tools.