Global Data Protection Officer

Unique opportunity for an experienced Data Protection professional to act as the Global Data Protection Officer for an award-winning offshore law firm. This role will be based in the UK and can be fully remote.Role Profile:

• Act as the designated global Data Protection Officer (DPO) for all entities or where a local DPO is appointed, to support and oversee their activities.

• Lead a comprehensive data protection strategy aligned to the requirements within the General Data Protection Regulation (GDPR) and jurisdictional data protection laws.

• Encourage a culture of compliance by leading training initiatives, ensuring policy adherence, advising on effective data risk management and embedding data protection into day-today operations.

Data Protection Strategy

• Be the primary R&C contact for internal and external stakeholders on data protection (DP) issues across both the regulated and supervised businesses.

• Provide advice to the General Counsel Team on queries relating to data protectionissues in supplier contracts, client engagement terms, client questionnaires and other matters.

• Advise senior leadership and staff on data protection obligations.

• Be responsible for handling all requests related to data subject rights.

• Continuously review and update the data protection framework (being all policies, privacy notices, template documents and clauses) to align with evolving regulation and best practices, in consultation with relevant stakeholders.

• Monitor and audit data protection policies and procedures with best practice and guidance issued from the relevant regulator, to ensure compliance.

Compliance and Risk Management

• Maintain and enhance data processing protocols including internal cross border data transfer agreements.

• Maintain DP registrations.

• Maintain the DP policies and notices, in conjunction with the GC teams.

• Conduct regular internal risk assessments) and support internal completion of data protection impact assessments (DPIAs) to identify potential risks related to data processing activities.

• Establish, maintain and regularly update the Record of Processing Activities (RoPA) in accordance with Article 30 of the GDPR, ensuring it accurately reflects data processing operations and is available for inspection by supervisory authorities upon request. This includes liaising with all departments to ensure new or changing processing activities are recorded and assessed for compliance with data protection principles.

• Develop and carry out regular compliance monitoring reviews to assess adherence to data protection requirements as set out in internal policies, procedures and operational controls, and identify areas for improvement.

• Collaborate with the IT department to ensure that the appropriate technical and organisational measures are in place to protect personal data from unauthorised access, loss, or disclosure.

• Horizon scanning and analysing new legal and regulatory developments in DPmacross relevant jurisdictions, in consultation with the GC teams and other relevant stakeholders.

• In conjunction with the CISO, CRCO and other relevant stakeholders, manage andmrespond to data breaches and data subject access requests (DSARs) (alongside all other data subject requests in line with their rights underpinned by law), ensuring timely and effective reporting to relevant authorities and affected individuals.

Training

• Accountability for editing and releasing induction and refresher online DP training modules.

• In conjunction with the GC teams and relevant fee earners, develop and deliver ad hoc and supplemental training programs for partners, shareholders and employees to ensure a thorough understanding of DP requirements and data protection best practices.

• Promote a culture of data protection awareness throughout the organisation.

Collaboration & Communication

• Develop strong relationships and work closely with GC, IT, Project Management, Marketing and HR teams to ensure cohesive and comprehensive data protection measures in both our internal operations and agreements with third parties.

• Act as the primary point of contact for data protection authorities and regulatory bodies.

• Communicate with external stakeholders, including clients and third-party contacts, to ensure transparency and compliance with data protection legislation.

Reporting

• Draft and contribute to the DP section of Board and relevant Committee reports, including (where required) presenting updates on compliance monitoring outcomes, incidents, new initiatives and relevant regulatory developments.

• Prepare clear, concise reports following each compliance monitoring review, highlighting key findings, risk areas, and recommended actions.

Candidate Requirements:

• The successful candidate will be expected to hold relevant professional qualifications in Data Protecton. Legal training is also beneficial.

• At least 5 years of experience working in a compliance, legal, risk or operational control function focusing on DP within a law firm or regulated corporate services business ismrequired.

• Experience drafting and delivery of training and Board/senior management presentations is strongly preferred.

• Experience in assessing and developing DP compliance framework commensurate with the size and complexity of a regulated professional services firm would be preferred.

• Knowledge of developing, conducting and reporting on a DP compliance monitoring program is required. Prior policy and report writing experience strongly preferred.

• Strong knowledge of DP laws and regulations in the UK (including but not limited to DPA 2018, PECR, UK and EU GDPR), in the Channel Islands and wider EU would be beneficial.

• Experience in delivering commercial and operational pragmatism for effective DP risk management.

• Ability to conduct and analyse legal and regulatory horizon scanning is required, and having regard to other relevant jurisdictions and international developments.

• Data driven approach to compliance monitoring and reporting.

• Continuous improvement and pragmatic mindset to enhance data protection controls and reporting.

• Works well autonomously and with a high volume of information, with the ability to organise and analyse in a coherent manner.

• Strong organisational, analytical and time prioritisation skills.

On Offer:

On offer is a highly competitive salary and benefits package including pension and bonus and remote/ hybrid working.

To Apply:

For a confidential discussion about this position, to request the full job description or to apply, please contact:

David Thomson- Director

Edinburgh: +44 (0) 131 450 7164

Glasgow: +44 (0) 141 244 0260

Aberdeen: +44 (0) 1224 502 044

London: +44 (0) 203 174 2482

Dublin: +353 (0) 1 699 1360

Email: david@thomsonlrc.com