Privacy Manager

 

Description:

Our business model is unique. We take a highly collaborative approach to any decision we make - working with our members (who are rewarded for helping) across all areas of the business. Our vibrant community, online platform and immense value proposition are key to our success. We’re both proud and humbled to say that over the past few years our member base has grown, but our job is far from done. We’re always looking to acquire new members - but to do that we need the best people to help and that’s why we’re hiring!

 

Key Responsibilities:

The privacy manager is responsible for ensuring all business processes and data exchanges

adhere to the privacy program of the organisation, including internal and third party data

processing. The privacy manager is also responsible for the implementation and maintenance

of a comprehensive data mapping deliverable, including cookie governance, third party risk

assessment and security due diligence. policies and procedures of the organisations privacy

programmes in accordance with security laws. Ensuring all business processes and data

exchanged adhere to the policies and procedures. The role will support the Head of

Information Security in assessing data privacy impact across the organisation, including data

processing activities which may take place outside of the EEA.

The privacy manager is responsible for:

- Delivering and maintaining the data mapping register

- Advising the business on recommendations following data protection queries from internal

stakeholders

- Reviewing the requirements relating to data privacy for any RFPs

- Continual improvement, review, and auditing of privacy policies in relation to GDPR, PECR and

other relevant regulatory requirements

- The development and maintenance of the Data Privacy Management System, including annual

audits to demonstrate compliance with GDPR, e-Privacy and PECR

- Developing and maintaining a systematic approach to privacy management within the

organisation including

o Purpose limitation and lawfulness

o Record of Processing Activities

o Privacy by Design

o Data Privacy Organisation

o Data Breach Management

o Data Subject Rights

o Consent Management

o Third Party Data Processing

o Cross Boarder Transfer

o Data Sharing

o Storage Limitation

o Cookie Management

- Promoting responsible behaviour by improving the culture internally to ensure all staff are

protecting against possible security incidents.

- Reporting of KPIs and relevant dashboards to the Head of Information Security

- Liaising with group on best practice throughout Telefonica to develop and maintain controls

for compliance with GDPR to ensure minimum standards across the business.

- Maintaining awareness of cyber security, privacy and data protection within giffgaff

- Chairing the giffgaff Data Privacy Squad, recording key decisions made by the team on data

privacy issues and review/approval of DPIAs.

- Stakeholder management; acting as the liaison between Information Security and other

functions in the business, including Legal, Operations, IT, Finance and HR.

 

Experience and Skills Required:

- Relevant professional qualification (PCdP, CISM etc.)

- A thorough knowledge of data protection including GDPR, PECR, e-Privacy, Schrems II/US

Privacy Shield and other data privacy/security regulatory and compliance requirements an

advantage.

- Experience within compliance, focused on information security, risk management, privacy, and

controls, with additional experience in project or program management

- A clear aptitude to evaluate risks to the company and articulate issues simply and clearly, while

working mutually to achieve the desired outcome (we don’t just say ‘no’!)

- Ability to mentor those around you to become more experienced in data protection and

privacy.