Data Protection Advisor - Edinburgh, United Kingdom - Mercy Corps

Mercy Corps

Verified Company

Edinburgh, United Kingdom

1 week ago

Posted by:

Tom O´Connor

beBee Recruiter

Description

Position Description

Location:
UK - flexible remote within UK or NL

Position Status:
Full-time, 12 months fixed term (leave cover)

Salary:
UK: circa K ; NL: circa 39K- 45K - circa ranges flexible based on professional experience

About Mercy Corps
Mercy Corps is powered by the belief that a better world is possible.

To do this, we know our teams do their best work when they are diverse and every team member feels that they belong.

We welcome diverse backgrounds, perspectives, and skills so that we can be stronger and have long term impact.

Team

The role would be responsible for the leadership of the data protection function at Mercy Corps in Europe and will report to the Director of Compliance, Governance and Risk.

The Position
The role will be responsible for the leadership of the data protection function across Mercy Corps in Europe (MCinE).

The role will also lead on delivery, maintenance and ongoing improvement of MCinE's strategic approach to data protection and its data protection framework, to ensure compliance with relevant law(s) and regulation(s).

In particular, ensuring that MCinE reviews, develops, implements and evidences a compliance programme which meets the requirements of the UK European General Data Protection Regulation and EU GDPR as appropriate.

The role has supervisory responsibilities for the Data Protection Officer (based in The Hague).

Essential Responsibilities

Lead and provide oversight of data protection within Europe and represent and advocate for the requirements of MCE and MCNL on matters of data protection at the global level.
To act as MCE's Data Protection Officer, the statutory role defined in Articles 3739 of the General Data Protection Regulation.

Data Protection and Privacy:

Review, develop, implement, and evidence a compliance programme which meets the requirements of the UK European General Data Protection Regulation and EU GDPR as appropriate.
Monitor changes to regulatory requirements resulting from the data reform bill and ensure that all policies and stakeholders are updated accordingly.
Develop and maintain a compliance framework which fulfils MC in E's obligations to meet the regulatory and operational requirements of the General Data Protection Regulation and any other regulatory domains that may be required.
Design and deliver effective audits to ensure compliance of key processes
Advise on cross border transfer requirement including Standard Contractual Clauses
Establish, undertake and maintain a programme of policy review and development to ensure robust and systematic arrangements in relation to data management related agendas.
Carry out regular reviews of the ROPA with department leads and provide advice and guidance.
Develop and lead training and awareness of data protection across MCE and promote a privacy first mindset. In association with department heads identify the needs and lead an ongoing suite of data protection awareness programmes tailored to meet the needs of team members and ensure all team members are aware of their responsibilities regarding data protection.
Work in collaboration with the MCE-IT team to develop and deliver training and awareness on information and cyber security.
Review Privacy Impact Assessments where appropriate on processing of personal data and ensure that all new systems implement privacy by design.
Lead on driving forward the implementation of existing data protection policies and practices within departments to ensure that MCE embeds a compliant and auditable data protection and management framework that provides assurance of compliance with the General Data Protection Regulation and associated legislation.
Act as internal point of contact on European data protection and privacy issues including providing pragmatic advice and guidance to colleagues operating in a global context as well as providing updates, advice and guidance to the ESLT.
Work in collaboration with the Director of Compliance Governance and Risk to develop and update a data protection risk register.
Build and nurture constructive relationships with key stakeholders across the agency.
Cooperate with and act as point of contact for the Information Commissioner's Office as the supervisory authority and any other statutory body in relation to the provision of information as MCE's first point of contact and where necessary cooperate with any other Data Protection Authority.
Produce an annual report on data protection for the executive director and provide regular updates to the MCinE Data Oversight group.
Serve as part of the MCinE Data Oversight group.

Supervisory Responsibility
Data Protection Officer (based in The Hague)

Accountability

Reports Directly To:
Director of Compliance, Governance and Risk

Works Directly With:
Operations team, IT Infrastructure Manager, Executive Director