Job Title:
Data Protection Manager
Based:
Ballymount, Dublin 12
Reporting to:
Operations Director
Contract:
Part time
Purpose:
Manage and develop the data protection function to provide assurance that Go-Ahead Ireland (GAI) meets relevant legal and internal compliance requirements at minimum cost.
Key success criteria (expected outcomes)
* Proactive compliance with relevant data protection law, and Go-Ahead Group and Go-Ahead Ireland policies and procedures when handling personal data
* The GAI Leadership team and the Group Data Protection Officer are aware of significant data protection risks and issues and proposed actions
* Data champions and other colleagues take responsibility for personal data and are empowered to implement local solutions
* Privacy by Design is embedded in new and existing systems
* Pragmatic, digital and cost-effective solutions are in place to mitigate personal data protection risks and issues
* Ensure all relevant GDPR policies are in place and reviewed annually, or as required
* Work with National Transport Authority, as required, to deliver requirement relating to data protection
Key results area (how those expected outcomes will be achieved)
Success criteria 1
* Work with the Group DPO to implement a GDPR compliance framework and structure that is consistent with group directions on GDPR
* Maintain the content of IMS to include group and local policies and procedures, and other data protection information
* Assess personal data risk across the business with recommendations for mitigation. Maintain the data protection risk register
* Be the point of contact for breach notification, be part of the incident management team and determine whether DPC notification is required under the supervision of the Group DPO. Maintain the data breach register.
* Be the point of contact for Data Subject Access Right (DSAR)s, complaints and contact with the regulator under the supervision of the Group DPO. Maintain the DSAR register
* Maintain the personal data inventory and data sharing agreements with other group companies and third parties
Success criteria 2
* Escalate personal data issues to the Managing Director, Operations Director and the Group DPO as applicable
* Write a monthly data protection report with relevant KPIs as well as successes, risks, and issues for distribution to the list above
Success criteria 3
* Manage and coordinate GAIs data protection training and awareness programme
* Set up an on-going awareness campaign to promote group and GAI data protection policies, procedures and guidance
* Be an initial point of contact for all personal data protection queries and provide high quality advice to colleagues with personal data protection concerns. Escalate queries and concerns to the Group DPO as necessary.
* Chair regular meetings and work with data champions, heads of departments and others where appropriate to develop, implement and maintain GDPR compliance
* Act as an enabler to data protection champions and colleagues for implementing sustainable GDPR compliance
Success criteria 4
* Convene a meeting with GAG IT at least quarterly to align the approach to data protection and system security
* Identify new and changing systems that process personal data. Support the project manager or business owner to complete Data Protection Impact Assessment (DPIA)s. Obtain approval (and / or assistance) from the Group DPO. Maintain the DPIA register
Success criteria 5
* Oversee auditing and compliance with personal data protection policies and procedures and report non-compliance to the Managing Director and Group Data Protection Officer
Competencies, Desirable Traits Or Attributes
* Good analytical and problem-solving skills, analysing issues and breaking them into component parts
* Ability to reprioritise and adjust plans considering business needs
* Proactive and inquiring attitude
* Excellent communication skills, ability to present and persuade key points of an argument
* Excellent interpersonal and people management skills to motivate, develop and enhance performance of the team
* Excellent presentation skills and an ability to explain complex data protection issues to all audiences
* A relationship builder
Knowledge And Skills Requirements
* Relevant professional qualification in data protection, or other relevant discipline preferred.
* Experience in data protection, particularly subject access requests
* Experience of transport industry
General Safety Responsibilities
To act in a manner as to ensure the health, safety, welfare, environment and fire safety of yourself and others in the organisation as well as any clients and visitors.
Ensure that you and any guests to any company premises understand emergency and evacuation arrangements.
Ensure your working environment is maintained in a safe and tidy condition. To act proactively in identifying and any unsafe practices or safety risks in the organisation and reporting these through the appropriate channels.
Ensure adherence to all relevant company and Go-Ahead group company policies and procedures.
Note
This job description is a guide only. Any omission from this job description does not in any way imply that it is not part of the required duties. Employees are expected to comply with the instructions of any Company Official. Go-Ahead Ireland is an equal opportunities employer. We welcome enquiries from everyone and value diversity in our workforce