The role of Privacy Manager is in the Data team, which is part of the Operations department in the first line of defence. The role holder reports to the Data Protection Officer (DPO). The role holder is responsible for enabling the company’s business teams and European offices to process personal data in compliance with applicable data protection laws and the company’s procedures, through the provision of advice and by managing the systems, controls and processes required under GDPR.
1. Principal Accountabilities: 8-10 outcomes
- Support the DPO in the implementation of the Data Protection Policy and the Data Protection Framework.
- Promote a data protection culture within the company by providing advice and support on privacy issues to business teams and the European offices.
- Maintain all the company’s systems, controls, processes, tools and documentation that enable all the company's data processing activities to comply with GDPR and national data protection legislation in the European countries in which it operates. Eg, Records of Processing database, procedure documents.
- Handle and respond to all data subject requests and maintain appropriate records of them.
- Undertake all Data Protection Impact Assessments (DPIAs) and record all of them in a central location.
- Draft and review privacy notices and other non-contractual documents related to privacy.
- Identify staff training needs, preparation and delivery of training and communication material.
- Review and advise on privacy provisions in commercial contracts, including in relation to international transfers.
- Handle and respond to ad hoc enquiries on data protection from business teams, the European offices and outsourced providers.
- Obtain legal advice on points of law where necessary.
- Keep abreast of regulatory and technological developments in data protection.
- Work with the company’s Compliance, Regulatory, Risk Management, IT and Information Security functions as and when necessary.
- Ability to take part in other data-related matters, including the implementation of the Data Quality Management framework.
2. Leadership expectations
- Contribute to an open and transparent culture of risk management and demonstrate a strong awareness of the risks that need to be managed within the responsibilities of the role.
- Deliver responsibilities in line with all relevant risk appetites, policies, reporting and, when applicable, provide input to the company's committees
3. Management of Risk & Internal Controls
Management of Risk
- Support preventative and remedial actions as requested by the Risk Management function.
- Responsible for reporting non-compliance and risk incidents in accordance with company procedures.
- Ensure internal processes and standards are followe
4. Skills Knowledge and Experience
- Ability to apply data protection regulatory requirements to an operational environment
- Understanding of the data processing operations carried out by, and on behalf of, the company
- Understanding of information technologies and data security
- Pragmatic approach to problem solving
- Ability to promote a data protection culture within the organisation
- Provide strategic frameworks, leadership and enforcement in best practice information governance for privacy needs
- Communicate effectively with senior stakeholders
- Build relationships with and influence senior stakeholders
- Understand and work across a matrix management structure and achieve results
- Build and maintain effective working relationships
- Operate strategically as well as focus on the detail
- Work in a structured way and under minimum supervision
- Conceptual Thinking – Acquiring understanding of the underlying issues in complex problems or situations by correctly relating these to simpler or better understood concepts, models or previous experiences
- Cross-Functional and Inter-Disciplinary Awareness – Understanding the needs, objectives and constraints of those in other disciplines and functions
- Flexibility – Taking account of new information or changed circumstances and modifying understanding of a problem or situation accordingly
- Information Acquisition – Identifying gaps in the available information required to understand a problem or situation and devising means of remedying such gaps
- Organisational Awareness – Understanding the hierarchy and culture of own, customer and supplier organisations and being able to identify the decision makers and influencers
- The ability to present and communicate with senior stakeholders at ExCo level.
- Commercial insurance industry, terminology and strategic drivers
- Expertise and in-depth understanding of the GDPR and e-privacy regulations.
- Detailed knowledge of the GDPR
- Knowledge of data protection regulation, law and practices.
- Operational aspects of data protection; including privacy practices such as Data Protection Impact Assessments, handling data subject requests, vendor contracts and breach management
- Languages: Fluency in written and spoken English is essential. Any other European language is considered as an asset
- Experience of working in a DPO role or a data protection function in EU.
- Experience of working within the insurance/reinsurance industry is an asset but not essential.
- Demonstrable track record of working with Information Governance frameworks.
Delivering Results and Meeting Customer Expectations
- Anticipates customer needs and champions initiatives to increase customer satisfaction.
- Stands by the decisions and actions of their team, openly accepting responsibility and accountability.
Working with People
- Actively builds and nurtures effective relationships with people across all organisational levels and with external contacts
- A team player, strong interest in the performance of the business as a whole, rather than a single focus on their own area of expertise
- Proactively consults with a broad cross-section of stakeholders during all aspects of decision making
- Maintains and extends a broad and effective network of links with individuals both internally and externally and uses these to benefit the business
- Proactive, focused and diligent with outstanding communication skills, able to develop productive relationships at all levels
Creating and Innovating
- Produces a range of workable strategies aimed at solving a number of complex, possibly related issues
- Contributes radical ideas, approaches and insights that offer up new avenues of exploration
Adapting and Responding to Change
- Anticipates changes in the position of their customers, market or organisation and adjusts their own and others approach to take account of this
- Versatile, adaptable, proactive and comfortable with taking a hands-on approach, capable of delivering change, and transformation
- Uses many different approaches to interact successfully with others, adapting interpersonal style to fit the situation and the characteristics of groups and individuals
- Promotes large scale change initiatives across teams, creating a managed sense of urgency to bring the changes about
Leading and Supervising
- Provides teams and departments with clear directions that are translated from organisational strategy
- Guides conversations to desired end points; negotiates effectively by exploring a range of possibilities
- A collaborative leader who inspires trust and confidence in others. Pragmatic and operates with pace, energy and drive.
- Commercially focused, energetic and positive with a ‘can do’ attitude
Applying expertise and technology
- Demonstrates detailed and comprehensive knowledge of own area and is recognized as an expert by people across the organisation
- Shares knowledge and expertise openly and freely, positioning knowledge sharing as an organisational priority
- Strong attention to detail and also sees the bigger picture. Able to move seamlessly from focusing on detail to the broad strategic challenges, and contributing to the development of the business as a whole
The Spirit of the company
- Understands that the company always seeks to add value
- Acts dynamically and responsively to customer and market needs
- Seeks to ensure full, fair, straightforward and sincere exchanges within the market
- Behaves legally and uphold high ethical standards
- Is skilled and willing to have constructive conversations in challenging situations; avoids taking an easy route out
- Seeks to create valuable, high-impact solutions
- Is not attached to being right; open about difficulties, asking: How can I make this work?
- Places high value on effective working relationships and seeks to build and nurture them
- Shares information and insights with others so their work can benefit
Committed to excellence
- Brings the knowledge, experience and expertise needed to be credible in the role and keeps knowledge and expertise up to date
- Takes ownership for delivering against objectives
Relevant GDPR qualifications