Data Protection Officer

Job Title: Data Protection Officer
Location: Cardiff Bay (Flexible), Wales
Salary: up to £80,000.00 per annum depending on experience.
Department: Data
Reports To: Chief Data Officer


We are looking for a Data Protection Officer (DPO) to ensure our company is compliant with the General Data Protection Regulation (GDPR.) and other local data protection laws. Creditsafe is an international business handling data globally therefore a good understanding of regulations within the EU and outside the EU is desirable however not essential.

The DPO will report to our CDO and senior management team. Data Protection Officer Responsibilities include advising on our compliance with GDPR and local data protection laws, monitoring our adherence to GDPR standards and acting as a point of contact with supervisory authorities and data subjects. You will also create policies that enforce compliance with legislation and deliver GDPR trainings to our staff to increase awareness of data protection measures.

To be successful in this role, you should have in-depth knowledge of GDPR and local data protection laws and be familiar with our industry and the nature of its data processing activities. You should also know how to perform audits to our current procedures.

Ultimately, you will facilitate GDPR compliance through transparent data protection policies, systems and procedures.

Primary Responsibilities:

  • Act as point of contact with EU residents, supervisory authorities and internal teams
  • Identify and evaluate the company’s data processing activities
  • Provide advice and instructions on how to conduct Data Protection Impact Assessments (DPIAs)
  • Monitor data management procedures and compliance within the company
  • Participate in meetings with managers to ensure privacy by design at all levels
  • Maintain records of processing operations
  • Ensure we address all queries from data subjects within legal timeframes (e.g. delete their information from our databases)
  • Liaise with other organisations that process data on our behalf
  • Write and update detailed guides on data protection policies
  • Perform audits and determine whether we need to alter our procedures to comply with regulations.
  • Offer consultation on how to deal with privacy breaches.
  • Advise the senior management team on all matters related to data protection.
  • Monitor changes to the law and guidance on all matters relating to data protection ensuring the Creditsafe takes timely action to update and implement changes in policies and procedures
  • Help review data protection clauses in contract terms in conjunction with our Corporate Legal Services when required to help provide guidance.
  • Provide leadership, management and direction in relation to all areas of data protection
  • Arrange for training on GDPR compliance for employees.
  • Follow up with changes in law and issue recommendations to ensure compliance

Qualifications and Experience

  • Expert knowledge of data protection legislation, in particular the GDPR with a compliance, IT security, legal or audit background.
  • Certified EU GDPR Practitioner qualification (desirable).
  • Additional recognised privacy qualifications e.g. CIPP, ISEB (desirable).
  • Previous experience of monitoring compliance with regulatory requirements and effectively engaging regulatory bodies.
  • Experience in managing data incidents and breaches.
  • Knowledge of cybersecurity risks and other information security standards.
  • Experience in a similar role and an understanding of the data protection risks faced by large data-driven organisations with the ability to conduct the role independently and with integrity.
  • Ability to make good judgements regarding data privacy risks and to prioritise resources and activity around managing those risks.

Skills, Knowledge and Abilities

  • Excellent senior stakeholder management, including the ability to communicate effectively.
  • The ability to plan, organise and prioritise tasks and projects and to provide clear advice and direction even when faced with competing demands and short deadlines.
  • Strong personal communication skills capable of dealing with a wide range of stakeholders, including senior management, and to exercise professional judgement
  • Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels
  • Strong team player, enthusiastic and positive, with the ability to remain calm, controlled and resilient.