Data Protection Specialist (Hybrid)

James Stevens Associates are delighted to be working with a Charitable organisation based in High Wycombe that are now looking to recruit a Data Protection Specialist. * £50,190 * 2 days in office / 3 from home * Benefits include: 26 days holiday per year plus bank holidays, birthday bonus day, volunteering day, health cashback plan, EAP * 12 month Fixed Term Contract * From June the organisation are running a (12 month) pilot of a 35 hour week The charity are recruiting an Interim Data Protection Specialist to review all of their data governance compliance and ensure the appropriate policies, procedures and processes are in place to meet the needs of the business and ensure we protect our customers data. This role will work as part of our Governance team, where our focus is about not only ensuring compliance with relevant legislation and regulation, but mitigating risk and providing assurance to the Board on the security of our systems. Data Protection Specialist - What they need you to do: The role will have 4 key objectives: * Working across the business to update legally required records; * Produce policies and procedures to ensure these are embedded; * Devise bite-size video arts training content; and * Identify where software solutions are available to manage requirements efficiently and effectively. Data Protection Specialist - What you will be responsible for: * Supporting the Senior Leadership Team (SLT) in Data Mapping exercise – priority from Data Governance Steering Group – devise process / training module to ensure remains updated; * Data Protection Impact Assessment and devising process / training to ensure this is embedded; * Devise data governance policies and procedures required to maintain and monitor compliance with the UK GDPR (eg Data Protection Policy, Data Subject rights Procedure, Data breach procedure, Data Sharing procedure); collect information to identify processing activities * Advises on breaches and queries, producing file notes for future reference * Review data privacy notices for candidates and volunteers; * Establish record keeping process and identify gaps from previous data protection reviews; * Ensure Group identifies legal basis for process data across the business; * Review data collection across the business to ensure collection points contain applicable data privacy notices; * Ensure we are meeting data minimisation requirements in customer data collection; * Work across the business with Data Governance Steering Group to address data retention issues, ensuring erasure processes are in place and documented; * Work with Internal Audit Senior Specialist to develop periodic checks to test verifying records held are process / stored / erased as required; * Review where data sharing agreements are in place, if they are up to date and devise training module to assist business to identify where needed and advise on new agreements during the period they are in place; * Conduct an audit with Internal Audit Senior Specialist against ICO’s Accountability framework; * Training modules on data breaches – how to recognise and what to do and training in privacy considerations in new business development; * Help identify a Data Subject Access Request software solution; and * Carry out Data Subject Access Requests. Data Protection Specialist - Your experience: * Graduate calibre * Experience of implementing GDPR compliance within an organisation * The legal and regulatory requirements of GDPR governance – compliance and monitoring experience of translating good practice into an organisation’s environment * Excellent verbal, presentation and written communication skills * Building effective and productive working relationships with staff, senior managers and executive teams and customers