Data Protection Officer

Company Description

At Jellyfish, we believe in the power of diverse perspectives and inclusive collaboration. We welcome individuals who excel in collaborative, varied teams and value the unique contributions that each person brings to the table.

Jellyfish is a global digital marketing agency; a unique fusion of tech enthusiasts, creative minds, and media and data experts all united to empower our clients along their digital journey. Our commitment to embracing diverse perspectives fuels our innovation and strategies that challenge the status quo, reinvent media activation, and craft influential stories for our global clients and their customers. Join us in shaping a future where business growth and personal fulfilment go hand in hand.

Job Description

Reporting to the general counsel, In this role, you will work closely with the Legal and Compliance and Information Security functions to develop and monitor policies and standards applicable to the business and in compliance with the GDPR and other relevant privacy legislation.

Your primary responsibilities will include:

• Implementing measures and a privacy governance framework to manage data use in compliance with the GDPR and other relevant legislation, including developing templates for data collection, advising on and assisting with data mapping and records of data processing and vendor management reviews.
• Working with key internal stakeholders in the review of operations and projects and related data processing to ensure compliance with data privacy laws, and where necessary, advising on and monitoring data protection privacy impact assessments.
• Serving as the primary point of contact and liaison for the relevant supervisory authority on all data protection related matters under the GDPR and other relevant legislation.
• Serving as the primary point of contact for data protection queries in the business.
• Reviewing supplier or client contracts (including relevant standard contractual clauses for international data transfers) and other third party data processing and data sharing arrangements in partnership with the organisation's Legal, Procurement and Information security functions.
• As privacy expert, partner with business teams to evaluate new initiatives, plans, and processes and systems to meet data protection compliance requirements
• Ensuring filing and fee requirements with the relevant supervisor authority are achieved.
• Participating in the Data Privacy and/or Information Governance Committee or similar.
• Managing and conducting ongoing reviews of Company's privacy governance framework including Binding Corporate Rules (BCRs)] and regular and ad hoc reporting on data privacy compliance within the organisation
• Monitoring changes to relevant privacy laws and making recommendations to the Company and any relevant committees when appropriate.
• Setting standards and reviewing policies and procedures globally that meet the requirements under the GDPR and any localisation requirements in countries of operation.
• Developing and delivering privacy training to various business functions and collaborating with the Information Security function(s) to raise employee awareness of data privacy and security issues and promote a culture of data protection and compliance across the organisation.
• Developing strategies and initiatives to ensure engagement with key internal and external stakeholders.
• Coordinating, conducting and monitoring data privacy audits and addressing any potential issues with solutions.
• Collaborating with the Information Security function(s) to maintain records of all data assets and exports and maintaining a personal data security incident management plan to ensure timely remediation of incidents impacting personal data including impact assessments, breach response, complaints, claims or notifications.
• Respond to and advising on data subject rights requests, including data subject access requests (DSARs) and other requests from individuals.
• Ensure that the Company IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data).
• Work with designated in-house Legal Counsel or outside legal advisers who are subject matter experts where necessary for data privacy law issues.
• Promote effective work practices, working as part of Legal and Compliance team member, and showing respect for co-workers.

Qualifications

• Strong knowledge of GDPR, UK GDPR data privacy and data protection regulations, and a good understanding of other major privacy frameworks and evolving legislation worldwide.
• Ability to interact effectively with people at all organisational levels of the firm.
• Experience of working in a large, global organisation.
• Ability to work unsupervised and exercise leadership.
• 10+ years' PQE / data privacy experience required.
• Main experience includes GDPR and UK GDPR data privacy laws plus evolving global data and privacy laws.
• 6+ years; experience within a compliance, legal, audit and/or risk function, with recent experience in privacy compliance.
• Experience in developing policy and compliance training

Note: We emphasise skills, expertise and behavioural attributes over years of experience and traditional degrees. If you want to join our collaborative team, we invite you to apply today with your resume in English.

Additional Information

Join Jellyfish and experience a workplace where we prioritise your growth, celebrate your contributions, and empower you to tailor your work environment to suit your needs.

💰 Reward: You'll receive a loyalty salary increase on your Jellyfish anniversary, in addition to our company-wide annual bonus.

💫 Custom Work Environment: Work remotely for up to 60% of your days and shape your day between 8am. and 6:30pm with flexible working hours.

📈 Growth, Your Way: Grow your career with one paid day each month for self-development and access to LinkedIn Learningwith unlimited online courses.

👪 Family Support: Enjoy 14 weeks of paid leave for primary caregivers and 4 weeks of paid leave for secondary caregivers. We also provide £1000 (or equivalent) towards courses for returning primary caregivers to support your transition back into work.

Unfortunately, there has been an increase in fake recruiters impersonating Jellyfish and unlawfully using our brand name. If you are unsure if an email with a job offer you have received is genuinely from Jellyfish, or if you suspect any fraudulent activity, please report it to [email protected].