Data Protection Analyst
Smartest Energy
- Ipswich, Suffolk
- Permanent
- Full-time
- The General Data Protection Regulation (GDPR).
- The Data Protection Act 2018.
- Privacy and Electronic Communications Regulations (PECR).
- Ability to review and interpret legislation in order to establish the data privacy obligations which are relevant to the Company's activities;
- Contractual review experience;
- Experienced in the application of “best practice” to data privacy procedures using a “risk based” approach;
- Meeting management and presentation skills;
- Experience of carrying out Data Privacy audits and gap analysis;
- Thorough knowledge and understanding of the General Data Protection Regulation (GDPR) and Data Protection Act 2018.
- Act as a supporting contact point alongside the Head of Data Protection & Privacy, and Senior Data Protection Analyst;
- Providing support for maintaining and updating the Company's Data Privacy Policy, Internal Privacy Notice, External Privacy Notice, Record of Processing Activities (ROPA) and the Data Retention Policy;
- Support with ongoing review of the Company's data processing activities and compliance with data privacy requirements and, in that context, identify the critical matters requiring compliance focus;
- Support with developing and documenting Training materials, policies, procedures and guidance to assist compliance within the business;
- Support with the communication of ongoing compliance requirements to the relevant stakeholders at SmartestEnergy Limited, escalating any issues to the Head of Industry Regulatory Risk along with a remediation plan;
- Support with the facilitation of implementation of “privacy by design” into systems and processes and provide expert support and guidance on such matters;
- Support with ensuring that annual GDPR training is provided to all staff;
- Support with maintaining and updating the Company's Record of Processing Activities (ROPA) as required under Article 30 of the GDPR;
- Engage with the business to ensure robust and timely completion of Data Privacy Impact Assessments (DPIA), Legitimate Interest Assessments (LIA), Contract reviews, Data Protection Agreement reviews and Data Privacy risk assessments;
- Supporting the Head of Data Protection & Privacy with liaison with legal counsel to ensure contracts with customers and third parties have the relevant data protection clauses, where required;
- Maintain and manage the procedure for reporting of Personal Data Breaches, escalating to the Head of Data Protection & Privacy as appropriate;
- Support with the procedure for Data Subject Access Requests (DSARs);
- Work closely with the Company's Information Security Officer (ISO) to align IT Security systems, processes, and procedures with data privacy obligations;
- Work closely with IT, Marketing and HR functions to ensure that best practice is operating in departments that process sensitive personal data;
- Liaise with business and provide information with regard to Data Privacy compliance, as required from time to time, for Company audits.
- The opportunity to work from anywhere in the world for up to 30 days a year;
- A genuine commitment to smarter working - we recognise your work/life balance matters;
- Paid time off to volunteer in your community;
- Excellent benefits package including private medical insurance/dental cover and 10% non-contributory pension from month three;