We have an exciting opportunity for a Group Data Protection Officer to join our team based in Wythall.Â
Hybrid working 3 days per week in the office and two at home.
As our Group Data Protection Officer, you will be responsible for developing and managing policies and processes that apply across all Grafton brands to ensure they adhere to data protection laws. You will also reduce the risk to Grafton’s sensitive and personal data by supporting the brands and reporting on compliance with key data protection and information security processes and standards.
Our Group Data Protection Officer will be a resourceful, self-motivated individual who is comfortable getting things done in matrix structures. This is a proactive outreach role, you will be expected to help Grafton brands ensure that they are implementing data protection practices, behaviours, and processes in an appropriate and pragmatic fashion in line with risk and commercial needs.
Key responsibilities of our Group Data Protection Officer will include:
- Liaison with Supervisory Authorities -Â Serve as the primary point of contact and liaison for the Lead Supervisory Authority and other Data Protection Authorities on all data protection related matters under data protection laws
- Monitor Compliance -Â Ensure the organisation complies with all regional and local data protection laws, such as GDPR and the UK Data Protection Act, including internal audits, reviews and risk assessments
- Inform, Consult and Advise -Â Create and maintain all data protection policies and standards to apply across Grafton companies, including but not limited to the Data Protection policy, Data Retention policy and Schedules, and the Data Protection elements of the Information Security Framework
- Training and Awareness -Â Provide a programme of mandatory data protection training for all colleagues and brands including raising awareness on compliance issues
- DPIA’s, LIA’s, ROPA - Work with key stakeholders in brands to identity processing activities and provide guidance on the correct methods of recording, maintaining and completion of risk assessing such as Data Privacy Impact Assessments (DPIA), Records of Processing Activities and Legitimate Interests Assessment (LIA)
- Handle Data Subject Requests -Â Act as contact point for escalations and ensure that all requests, across the organisation, from data subjects who wish to exercise their rights are responded to in compliance with the law
- Review Data Processing Activities -Â Ensure that data processing activities are lawful, fair and transparent and that only necessary data is collected and processed across the organisation
- Incident Management -Â Manage and report data breaches to the appropriate supervisory authority within legal timelines and coordinate internal responses to mitigate damage
- Documentation and Reporting -Â Report on compliance with data protection standards and processes on a per business basis, supporting brands through any related self-assessment activities. This should include but not be limited to reporting on the compliance and performance of Group functions and business units in respect of records of data processing, records of third-party processors, data breach incidents, data processing impact assessments and legitimate interest assessments, complaints, claims or notifications, cookie compliance, and responding to subject access requests (SARs)
- Advise on Data Sharing -Â With input from Group legal colleagues as required, provide guidance on data sharing agreements, transfers to third parties, and international data transfers to ensure legal compliance
What we are looking for in our Group Data Protection Officer:
- Experience in data protection and legal compliance management in a publicly listed company
- Demonstrable knowledge of the EU General Data Protection Regulation (GDPR)
- Solid knowledge of GDPR and local data protection laws
- Knowledge of data processing operations within the industry sector (merchanting and retail)
- The ability to handle confidential information
- Ethical, with the ability to remain impartial and report cases of non-compliance
- Experience of embedded data protection processes in diverse and dispersed organisations
- Solid organisational skills with strong attention to detail and multitasking skills
- Excellent written and verbal communication skills
- etherlands and Finland and to grow internationally in distribution and related markets.
Click apply today to be considered or to find out more about the Group Data Protection Officer role
- Excellent inter-personal and communications skills. Able to communicate equally well with technical and non-technical colleagues at all levels, getting the message across effectively in all cases
- Matrix management and influencing capabilities – can evidence examples of delivering change . through persuasion and influence outside of direct line control
- A disciplined thinker and capable of working across organisational boundaries in a demanding, high-output environment
Grafton Group plc is an international trade focused, multi-channel distributor of construction productsThe success of the business is based on the quality of the products it distributes and the quality of the service it provides to its customers. The Group aims to build on its leading market positions in the UK, Ireland, The Netherlands, and Finland and to grow internationally in distribution and related markets.
– we would love to hear from you!