Data Protection & Risk Officer
- Act as the primary point of contact with the ICO.
- Provide subject matter expertise on privacy and data protection regulations to the business.
- Improve, drive and embed data privacy standards, governance and policies within the organisation.
- Advising on the data protection and privacy clauses in any contracts Brightside Group's companies may be considering.
- Act as the primary escalation point for data protection breaches, complaints and enquiries.
- Chair the Data Protection & Information Security Committee.
- Advise the business in the completion of Data Protection Impact Assessments, interpretation of 'right to be forgotten' requests, any changes in customer journeys which may have data protection considerations etc.
- Develop and implement a programme of continuous monitoring to ensure processes and controls in place to ensure ongoing compliance are operating effectively.
- Support the business in the implementation and embedding of the risk management framework to ensure that the group's risk profile is defined, understood and managed effectively across all areas of the business, and within appetite.
- Experience of working with Data Protection and Privacy Regulations
- Ability to work autonomously
- In-depth knowledge of GDPR
- Detailed understanding of Information Security and Cyber Security
- Commercially sensitive whilst considering business and regulatory risks
- Strong business knowledge, thorough understanding of insurance and medical reporting products, distribution and processes