The following job is no longer available:
Senior Data Protection Lawyer
Senior Data Protection Lawyer
Senior Data Protection Lawyer
Posted 14 days ago
- London, Greater London
- Any
- External
- Expired - 2 months ago
Overview:
We are seeking a highly skilled and experienced professional to join our team as a Senior Data Protection Lawyer. This is a hybrid role that combines application of legal expertise in data protection laws, commercial and regulations with the responsibilities of a Data Protection Officer. The candidate will lead the data protection practice and play a crucial role in ensuring our compliance with data protection laws and safeguarding the privacy and security of personal data.
The Candidate will be reporting to National Car Parks Limited and parent company, Park24 International Limited.
Submit your CV and any additional required information after you have read this description by clicking on the application button.
Purpose:
Monitoring Compliance:
The Candidate will be responsible for monitoring our compliance with data protection laws, such as the General Data Protection Regulation (GDPR). They will be required to ensure that our data processing activities align with legal requirements.
Data subject access requests and deletion requests:
The Candidate will be responsible for supervising the management and facilitation of all data subject access requests and deletion requests received in accordance with legislative requirements;
Providing Guidance:
The Candidate will be required to provide guidance and advice to the business and its employees regarding data protection practices. They will work to develop policies and procedures to ensure the proper handling and protection of personal data.
Data Protection Impact Assessments (DPIAs):
The Candidate will conduct DPIAs to assess the potential risks and impacts of data processing activities on individuals' privacy. They provide recommendations to mitigate these risks and ensure compliance.
Acting as a Point of Contact:
The Candidate will serve as a point of contact for individuals, supervisory authorities, and internal stakeholders regarding data protection matters. They will handle inquiries, complaints, and requests related to data protection rights.
Training and Awareness:
The Candidate will advise employees on data protection laws, regulations, and best practices. They will raise awareness within the Business about the importance of data protection and privacy.
Cooperation with Authorities:
The Candidate will be the point of contact with supervisory authorities, such as data protection authorities, during investigations or audits.
Data management system:
The Candidate will assist with the implementation of a new data management system.
Overall, the purpose of the Candidate is to ensure that the Business handles personal data in a lawful and ethical manner, protecting individuals' privacy rights and maintaining compliance with data protection regulations.
Responsibilities:
Legal Compliance:
Stay up-to-date with relevant data protection laws, regulations, and industry best practices.
Provide legal advice and guidance to the Business on data protection matters.
Review and analyse data protection policies, procedures, and contracts to ensure compliance with applicable laws and regulations.
Collaborate with internal stakeholders to develop and implement data protection strategies and initiatives.
Data Protection Officer Duties:
Act as the primary point of contact for data protection-related inquiries from individuals, regulatory authorities, and internal stakeholders. Including, but not limited to:
i. account deletions;
ii. the right to be forgotten;
iii. account closures;
iv. subject access requests; and
v. general queries.
Monitor and assess the Business's data processing activities to ensure compliance with data protection laws.
Conduct data protection impact assessments (DPIAs) and maintain records of processing activities.
Develop and implement data protection policies, procedures, and training programs to promote awareness and compliance.
Investigate and respond to data breaches or incidents, including notifying relevant parties as required by law.
Proactively supervise and manage the subject access requests in accordance with the data protection process flow. This will include, but is not limited to:
i. log requests and actions in the appropriate spreadsheet;
ii. respond to customers and colleagues in the relevant time frame;
iii. file all correspondence in the relevant files in order to allow accurate records to be kept;
iv. contact the relevant internal teams to request information;
v. collate information;
vi. review information;
vii. redact that information as appropriate; and
viii. ensure all legal timeframes are accorded with.
Risk Management:
Identify potential risks and vulnerabilities related to data protection and develop strategies to mitigate them.
Collaborate with cross-functional teams to assess and address data protection risks associated with new projects, systems, or processes.
Conduct regular audits and assessments to evaluate the effectiveness of data protection measures and recommend improvements. This may include conducting audits of third party suppliers to the Business and overseeing and co-ordinating audits by third parties.
Commercial Contracts
Review commercial contracts from a data protection angle and advise on key clauses.
Have a good understanding of key commercial terms in a commercial contract, this includes: B2B contracts, supplier contracts and consumer terms and conditions.
The Candidate may be asked to undertake other duties, as required, which are not necessarily specified in this role profile but which are commensurate with the grade for this role. It may be amended from time to time within the scope and general level of responsibility attached to this role
Skill Requirements:
The Candidate must:
Have the ability to build and develop positive business relationships internally and externally;
Be able to supervise and manage junior lawyers in the team;
Be able to assess problems from multiple angles to ensure that we have comprehensive and pragmatic data protection advice to support decision-making;
Be PC literate with good knowledge of Microsoft Office i.e. Word, Excel, PowerPoint, Outlook
Have the ability to work pro-actively and as part of a team;
Be a confident communicator with excellent interpersonal skills;
Have excellent attention to detail and high levels of organisational skills.
Have the ability to problem solve in a constructive and timely manner and to actively seek to find solutions to problems;
Be a confident communicator with excellent interpersonal and organisational skills;
Have the ability to co-ordinate people/teams that are not your direct reports;
Have an understanding of business process analysis, identification of risk areas and controls; and
Have knowledge of risk assessment techniques.
Experience & Qualifications:
The applicant will be a data protection/commercial lawyer and be admitted by the Law Society as a solicitor to practice in England and Wales with at least 7 year’s PQE with experience of advising on compliance with data protection laws. In-house or private practice experience are both welcome.
The applicant will have experience in advising clients in the following areas:
Complex data protection compliance issues
Reporting on legislative requirements
Assessment of joint controller status and draft related documentation
Drafting of compliant data protection policies and procedures
Responding to data subject rights requests
Preparing for and responding to data breaches
Data transfer/data sharing arrangements
Liaising with authorities
Experience in some of the following sectors would be considered helpful:
Business and Commerce
Transportation (bus, rail, automobiles, mobility as a service)
Consumer law
Technology, Media & Telecommunications
We are seeking a highly skilled and experienced professional to join our team as a Senior Data Protection Lawyer. This is a hybrid role that combines application of legal expertise in data protection laws, commercial and regulations with the responsibilities of a Data Protection Officer. The candidate will lead the data protection practice and play a crucial role in ensuring our compliance with data protection laws and safeguarding the privacy and security of personal data.
The Candidate will be reporting to National Car Parks Limited and parent company, Park24 International Limited.
Submit your CV and any additional required information after you have read this description by clicking on the application button.
Purpose:
Monitoring Compliance:
The Candidate will be responsible for monitoring our compliance with data protection laws, such as the General Data Protection Regulation (GDPR). They will be required to ensure that our data processing activities align with legal requirements.
Data subject access requests and deletion requests:
The Candidate will be responsible for supervising the management and facilitation of all data subject access requests and deletion requests received in accordance with legislative requirements;
Providing Guidance:
The Candidate will be required to provide guidance and advice to the business and its employees regarding data protection practices. They will work to develop policies and procedures to ensure the proper handling and protection of personal data.
Data Protection Impact Assessments (DPIAs):
The Candidate will conduct DPIAs to assess the potential risks and impacts of data processing activities on individuals' privacy. They provide recommendations to mitigate these risks and ensure compliance.
Acting as a Point of Contact:
The Candidate will serve as a point of contact for individuals, supervisory authorities, and internal stakeholders regarding data protection matters. They will handle inquiries, complaints, and requests related to data protection rights.
Training and Awareness:
The Candidate will advise employees on data protection laws, regulations, and best practices. They will raise awareness within the Business about the importance of data protection and privacy.
Cooperation with Authorities:
The Candidate will be the point of contact with supervisory authorities, such as data protection authorities, during investigations or audits.
Data management system:
The Candidate will assist with the implementation of a new data management system.
Overall, the purpose of the Candidate is to ensure that the Business handles personal data in a lawful and ethical manner, protecting individuals' privacy rights and maintaining compliance with data protection regulations.
Responsibilities:
Legal Compliance:
Stay up-to-date with relevant data protection laws, regulations, and industry best practices.
Provide legal advice and guidance to the Business on data protection matters.
Review and analyse data protection policies, procedures, and contracts to ensure compliance with applicable laws and regulations.
Collaborate with internal stakeholders to develop and implement data protection strategies and initiatives.
Data Protection Officer Duties:
Act as the primary point of contact for data protection-related inquiries from individuals, regulatory authorities, and internal stakeholders. Including, but not limited to:
i. account deletions;
ii. the right to be forgotten;
iii. account closures;
iv. subject access requests; and
v. general queries.
Monitor and assess the Business's data processing activities to ensure compliance with data protection laws.
Conduct data protection impact assessments (DPIAs) and maintain records of processing activities.
Develop and implement data protection policies, procedures, and training programs to promote awareness and compliance.
Investigate and respond to data breaches or incidents, including notifying relevant parties as required by law.
Proactively supervise and manage the subject access requests in accordance with the data protection process flow. This will include, but is not limited to:
i. log requests and actions in the appropriate spreadsheet;
ii. respond to customers and colleagues in the relevant time frame;
iii. file all correspondence in the relevant files in order to allow accurate records to be kept;
iv. contact the relevant internal teams to request information;
v. collate information;
vi. review information;
vii. redact that information as appropriate; and
viii. ensure all legal timeframes are accorded with.
Risk Management:
Identify potential risks and vulnerabilities related to data protection and develop strategies to mitigate them.
Collaborate with cross-functional teams to assess and address data protection risks associated with new projects, systems, or processes.
Conduct regular audits and assessments to evaluate the effectiveness of data protection measures and recommend improvements. This may include conducting audits of third party suppliers to the Business and overseeing and co-ordinating audits by third parties.
Commercial Contracts
Review commercial contracts from a data protection angle and advise on key clauses.
Have a good understanding of key commercial terms in a commercial contract, this includes: B2B contracts, supplier contracts and consumer terms and conditions.
The Candidate may be asked to undertake other duties, as required, which are not necessarily specified in this role profile but which are commensurate with the grade for this role. It may be amended from time to time within the scope and general level of responsibility attached to this role
Skill Requirements:
The Candidate must:
Have the ability to build and develop positive business relationships internally and externally;
Be able to supervise and manage junior lawyers in the team;
Be able to assess problems from multiple angles to ensure that we have comprehensive and pragmatic data protection advice to support decision-making;
Be PC literate with good knowledge of Microsoft Office i.e. Word, Excel, PowerPoint, Outlook
Have the ability to work pro-actively and as part of a team;
Be a confident communicator with excellent interpersonal skills;
Have excellent attention to detail and high levels of organisational skills.
Have the ability to problem solve in a constructive and timely manner and to actively seek to find solutions to problems;
Be a confident communicator with excellent interpersonal and organisational skills;
Have the ability to co-ordinate people/teams that are not your direct reports;
Have an understanding of business process analysis, identification of risk areas and controls; and
Have knowledge of risk assessment techniques.
Experience & Qualifications:
The applicant will be a data protection/commercial lawyer and be admitted by the Law Society as a solicitor to practice in England and Wales with at least 7 year’s PQE with experience of advising on compliance with data protection laws. In-house or private practice experience are both welcome.
The applicant will have experience in advising clients in the following areas:
Complex data protection compliance issues
Reporting on legislative requirements
Assessment of joint controller status and draft related documentation
Drafting of compliant data protection policies and procedures
Responding to data subject rights requests
Preparing for and responding to data breaches
Data transfer/data sharing arrangements
Liaising with authorities
Experience in some of the following sectors would be considered helpful:
Business and Commerce
Transportation (bus, rail, automobiles, mobility as a service)
Consumer law
Technology, Media & Telecommunications
.webp "Apply4U | Sign Up")
.webp "Apply4U | Contact Us")
.webp "Apply4U | Sign up")
