Data Protection Officer
Reporting to : Company Secretary
Overall Purpose of Job:
To provide expert project management and guidance for the implementation of and compliance with the EU General Data Protection Regulations (GDPR) and the UK Data Protection Bill (DPB) within the Scottish FA, its subsidiary and associated companies, Affiliated National Associations, recognised leagues and member clubs. Advising and monitoring, organisational GDPR compliance through training and raising awareness.
Main Duties and Responsibilities
· Organisation, coordination and execution of project and processes involved in readiness for GDPR and DPB and ongoing compliance;
· Coordination with various organisational departments, updating and maintenance of the business processes in terms of data protection;
· Installing and updating records of compliance;
· Identifying business processes and the personal data included;
· Development and implementation of policies concerning deletion of personal data and storage of personal data;
· Inform and advise management, staff and wider membership on data protection regulation issues and new developments;
· Monitoring compliance with legal obligations under GDPR and DPB and provide updates on the data protection compliance programme;
· Developing and delivering a programme of training in order to raise awareness for data protection related matters within the Scottish FA and the wider membership;
· Review data processing elements in relation to commercial agreements and contracts;
· Contact point for authorities, staff, wider membership and data subjects;
· Monitoring and advising on the initial and on-going data protection risk assessments (privacy impact assessments) to ensure that personal data is protected;
· Any other reasonable duties as directed by the Company Secretary.
This job description should be seen as enabling rather than restrictive, and will be subject to regular review.
Knowledge & Experience
• Extensive experience of leading on privacy and data protection issues within a substantial and complex organisation, alongside liaising with a diverse range of stakeholders
• Expertise in global data protection laws, regulations and practices and an in depth understanding of GDPR
• Experience of conducting data privacy compliance reviews and audits
• Working knowledge of IT security and network architecture is preferable
Qualifications & Training
• Formal qualification or significant experience in project management.
• Able to demonstrate an understanding of, and commitment to, equality and diversity, and its practical application.
Data protection qualification (e.g. IESB in data protection / CIPP / PDP certification with substantial data protection experience).
• Ability to communicate effectively with the highest levels of management and key senior stakeholders
• Ability to work independently and pro-actively
• An analytical mind set with problem-solving skills
• Previous experience of corporate / statutory duties
• Demonstrates experience of data protection and general awareness of GDPR
• Ability to interpret legal and statutory documents and guidance
• Ability to assimilate information quickly and explain complex legal, regulatory and policy requirements to colleagues and external partners at all levels.
• Ability to meet deadlines and to work proactively
• Demonstrable influencing skills, gained through previous leadership role
Additional Related Requirements
• The confidence to challenge existing practices and to lead initiatives for new and efficient use of resources
• Full, clean driving licence
• Commitment to on-going professional development for self and others
Competitive Salary and Benefits.
To apply please visit:
Please note that CV's will not be accepted.