Data Protection and Governance Manager

Data Protection and Governance Manager - London

Euro Car Parks is one of the UKs leading car park management and operations companies.

We are seeking a highly skilled Data Protection and Governance Manager to join a dynamic team in London. This role is pivotal in ensuring the integrity, security, and effective use of our data assets and you would be responsible for ensuring the companys adherence to all relevant laws, regulations, and industry standards and support the delivery of data privacy and data protection across the organisation.

Salary £60,000 plus bonus and excellent career progression.

This role is suited to a data privacy professional with the ability to bring both legal and operational experience to their role. The successful candidate will need the ability to multi-task, and take a pragmatic, risk-based approach to data protection compliance and detailed approach to data privacy in a fast-paced commercial environment.

The role will require a deep understanding of data protection laws, such as GDPR, as well as other privacy legislation and compliance frameworks applicable to the industry.

You will be working closely with senior management to make sure that we support the business in any innovative projects and manage data appropriately and would develop and implement compliance programs, conduct risk assessments, and provide guidance to employees on data protection and compliance matters.

Roles and Responsibility

• Ensure full compliance with UK data protection laws, as well as adherence to specific regulations relevant to our organisation and our internal and external audit obligations.

You will assist in the development and implementation of the business-wide GDPR framework.

Maintain and update the Data Privacy Framework to ensure compliance with relevant policies, standards, and regulatory requirements and ensuring the Data Asset Catalogue is comprehensive, up to date, and has clear ownership.

• Developing an understanding GDPR, you will be providing a gap analysis for all IT processes, procedures and controls
  * Reviewing IT procedures, IS protocols, and information classification
  * Translating compliance standards to business and data management requirements, using user stories - functional specifications - business change documents.
• Installing a data protection culture within the organisation (data processing, data subjects' rights, data protection design/default, security processing, data breaches)
• Implement procedures and processes for Data Controller and Data Advisor.
• Maintaining comprehensive and detailed reports on data protection-related complaints, incidents, breaches, and subsequent actions; regularly monitoring these records to identify trends.
• Managing Data Protection Impact Assessments (DPIAs), determining when DPIAs are necessary, and ensuring their timely completion across the business effectively.
• Drafting and developing data protection policies and procedures.
• Ensuring effective communication throughout the organisation, fostering strong working relationships, and handling sensitive information with the utmost discretion and confidentiality.
• Work in collaboration with the Security information response team on the management and investigation of all reported data protection incidents and where required manage information governance and security enquiries, incidents and risks.
• Serving as an advisor to departments across the organisation, providing strategic and legal guidance on privacy issues, including controller and processor obligations
• Work closely with various departments to analyse and collate data from multiple sources, ensuring data quality and consistency
• Ownership of the Data Subject Requests process and management of this with the team
• Actively monitoring and staying informed about current and upcoming data protection and information security news, case law, legislative changes, and updates to ICO guidance.

Qualifications / Experience/ Skills

• Relevant degree (Data security / Information security) or Law degree

3+ years of relevant data protection and privacy experience.

Additional qualifications in data protection or technology law would be advantageous (e.g., CIPP/E, EU GDPR Practitioner, CISSP, CISM);

Experience and knowledge around EU GDPR legislation and installing principles and changes enabling GDPR compliance.

Experience of conducting risk assessments desirable along with in-depth knowledge of risk management methodology

Proven experience with data protection impact assessments (DPIA)

Experience in running the day-to-day management of a Data Protection service.

Excellent communication and influencing skills, capable of engaging effectively with a range of stakeholders on complex data protection and information security issues to ensure change is adopted and sustained.

Experience working in a privacy and data protection operational discipline, including process analysis, conducting assessments, and drafting documentation.

Demonstrable experience managing data breaches, complaints, and data subject rights requests, and advising the business on privacy, data protection, and information governance requirements.

ADZN1_UKTJ