Recognised as one of the fastest growing Companies in the UK, it’s a really exciting time to be joining END. If you’re positive, passionate and dedicated and want to be part of our future success this could be the role for you.
DATA PROTECTION OFFICER – FULL-TIME, NEWCASTLE
Over the last 15 years, END. has evolved into a technology led retailer that provides luxury and contemporary apparel and exclusive sneaker drops to a global audience. One of the most influential, forward-thinking and inspirational fashion companies in the world, we have fresh products hitting our website daily and our service never stops.
END. prides itself on delivering a first-class customer experience, which has underpinned our success. With over 2 million customers we deliver to over 80 countries around the world and our online business is complimented by our industry leading retail stores in Newcastle, Glasgow and London.
We currently have an exciting opportunity for an experienced Data Protection Officer to join the team and take ownership of data protection at END. The successful candidate will be responsible for all areas of data protection and will have a proven track record in a similar role. Demonstrable experience is required, and a data protection qualification (CIPP, CIPT, CIPM, ISEB) is preferred.
What you’ll be doing:
- Complete understanding of the company’s position as regards its compliance with data privacy laws
- Develop strategies and initiatives to ensure engagement with key stakeholders on data privacy
- Regular and ad hoc reporting on data privacy compliance within the Group
- Implementing (or where it already exists building upon) a privacy governance framework and measures to manage data use in compliance with data privacy laws
- Managing and conducting ongoing reviews of the privacy governance framework
- Monitoring changes to privacy laws and making, and driving forward, recommendations
- Coordinating, conducting and monitoring data privacy audits and risk management
- Maintain records of all data assets and exports, and maintain a personal data security incident management plan to ensure timely remediation of incidents impacting personal data including impact assessments, breach response, complaints, claims or notifications
- Developing and delivering privacy training to various business functions and raising employee awareness of data privacy and security issues
- Serving as the primary contract and liaison for the Information Commission and other EEA Data Protection Authorities and the Group’s designated representative in Europe on all data protection related matters
- Reviewing supplier contracts (including EU standard contractual clauses) and other third-party data processing and data sharing arrangements
- Ensuring filing and fee requirements with local Data Protection Authorities are achieved
- Responding to and advising on data subject rights requests, including data subject access requests (DSARs) and other requests from individuals.
- Working with group employees, consultants etc. in the review of operations and projects/initiatives and related data processing to ensure compliance with data privacy laws, and where necessary advising on and monitoring data protection privacy impact assessments
- Ensuring, with the company’s IT team, that the Group’s IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data)
- Reviewing vendor contracts (including EU standard contractual clauses) and other third-party data processing and data sharing arrangements in partnership with the Group’s IT team
What you’ll be able to demonstrate:
Skills and experience
- Proven track record in a similar role
- Ability to understand the big picture as far as data privacy is concerned
- Background in setting standards, and reviewing policies around data privacy
- Strong knowledge of - and experience in applying - UK & EU data privacy laws
- Experience in conducting data privacy compliance reviews and audits
- Experience developing and delivering policy and compliance training
- Data protection qualification (CIPP, CIPT, CIPM, ISEB) is preferred
- Diligent record keeping ability
- Law degree or post graduate legal qualification (desirable, not essential)
What we can offer you
- Competitive salary
- 33 days holiday (including bank holidays)
- Company pension scheme
- Generous staff discount
- Eye-test vouchers
- Cycle-to-work scheme
Our core values underpin everything we do as a business. We always put our customers first, are passionate and dedicated and strive for excellence. To achieve this, we are positive and collaborative and keep it simple.
If you have what it takes to be part of our future success we want to hear from you.
Please note - for the successful candidate, any employment is conditional on you having the right to work in the UK in the role in which you are employed.
Type of employment: Permanent, full-time