Data Protection Analyst (12 Month FTC)

Fixed Term Contract (12 Month Fixed Term Contract)

Aberdeen plc is one of Europe’s largest investment companies, and we are built on a long-standing culture of caring about the future and making a positive impact. Together we invest for a better future. We do it to make a difference to the lives of our clients and customers, our employees, society, and our shareholders.

Our business is structured around three distinct areas focused on our clients' changing needs:

• Aberdeen Investments – a leading investment management business looking after £368bn of assets for Institutional, Wholesale and Insurance clients
• Aberdeen Adviser – one of the UK’s largest providers of platform services to financial advisers with £75bn in assets across our Wrap and Elevate platforms
• Interactive investor – the UK’s most trusted investment platform for individual investors with 430,000 customers who have invested almost £75bn with us

Our strategy is to build a vibrant and value-creating purpose-led organisation, with the current and future needs of our stakeholders at the heart of all we do.

About the role

As part of the central Aberdeen Risk & Compliance function, the Data Privacy Office plays a key role in the provision of oversight, challenge and assurance to relevant stakeholders that privacy related risks are identified and managed in line with Aberdeen’s statutory obligations under applicable privacy & data protection laws. The Data Privacy Office is also responsible for the development of appropriate policies and procedures which set the minimum standards and controls required to be met by the first line business teams and functions to demonstrate their ongoing compliance with the relevant laws.

Reporting directly to the Data Protection Officer and Global Head of Data Privacy (‘DPO’), the Data Protection Analyst plays a crucial role in ensuring that the company’s data privacy practices are in line with global standards and regulations. This role requires a deep understanding of privacy and data protection laws, as well as the ability to apply this knowledge in a practical way to support colleagues in the first line business teams.

Key responsibilities:

• Develop a sound working knowledge of the various privacy & data protection laws which apply to Aberdeen’s business operations in Asia Pacific, Americas, EMEA and UK.
• Identify legal/regulatory change and interpret new, often complex, laws (including case law) and regulatory guidance from relevant global privacy supervisory authorities e.g. the ICO, CNIL to support business areas to assess potential implications/actions required to be taken to demonstrate compliance.
• Provide prompt, effective, and pragmatic advice to colleagues and senior stakeholders on matters relating to privacy & data protection compliance, including data privacy impact assessments; personal data breaches; and responses to data subject rights requests.
• Maintain and develop Aberdeen’s privacy & data protection solution.
• Support the DPO to embed, maintain, and monitor compliance with the global Privacy & Data Protection Policy and Standards and RCSA.
• Provide advice to internal Legal on the relevant data processing clauses for inclusion in third party contracts/intra group agreements and, where necessary, conduct/oversee Data Transfer Impact Assessments to ensure compliance with the new international data transfer rules.
• Develop appropriate content for the internal Privacy & Data Protection Hub and the internal training module to support colleagues understand Aberdeen’s obligations and their personal responsibility to process personal data in line with policies and laws.
• Occasionally lead on, with minimal support from the DPO, the provision of advice in relation to some of the more complex matters/key strategic projects to support timely delivery of Aberdeen’s strategic objectives.
• Establish strong relationships with a network of data privacy ‘practitioners’ across the business to assist with reporting and alignment of practices with minimum standards set for Aberdeen as a whole.
• Assist with collation of evidence to support Audits, personal data breach investigations and reporting to regulators (where necessary).
• Develop appropriate metrics for regular reporting to stakeholders with supporting commentary on the DPO’s views on risks and actions required to address any compliance gaps.
• Maintain an accurate register of Data Controllers and registrations with the supervisory authority, where required.
• Assist the DPO on data protection incidents and in notifying relevant authorities, where required in line with statutory obligations.
• Proactively drive further improvements in DP Office and local business processes to ensure an effective and robust privacy management framework is in operation continually and reflects changes in the business operating model.

About the candidate:

• Experience in a privacy compliance role (across all disciplines of privacy & data protection from minor incidents to advising on complex contractual matters) within a fast paced, dynamic business.
• Educated to degree level or equivalent or holding a Data Protection qualification or certificate granted by an appropriately accredited awarding body (e.g. CIPP/E).
• Demonstrable experience and deep understanding of the legislative and regulatory landscape relating to data privacy & protection, in particular, but not limited to EU GDPR.
• Proven ability to prioritise effectively; adept at balancing a number of different pieces of work, working to tight timescales and reacting where required to support live issues.
• Must be able to understand and interpret complex legal and regulatory guidance; applying knowledge to provide pragmatic advice and guidance.
• Strong analytical skills; able to analyse large volumes of information to understand root cause, trends and assess materiality of risks; recommending actions to strengthen existing practices.
• Must be able to professionally challenge yet support colleagues in delivery of business objectives; knowing when to escalate to support compliance with statutory obligations.
• Strategic thought leadership – ability to identify and provide a view on issues and risks which may impact the company’s strategic objectives beyond those specifically relating to data protection matters (‘thinking and acting like an owner of the business’).

We’re committed to providing an inclusive workplace where all forms of difference are valued and which is free from any form of unfair or unlawful treatment. We define diversity in its broadest sense – this includes but is not limited to our diversity of educational and professional backgrounds, experience, cognitive and neurodiversity, age, gender, gender identity, sexual orientation, disability, religion or belief and ethnicity and geographical provenance. We support a culture that values meritocracy, fairness and transparency and welcomes enquiries from everyone. If you need assistance or an adjustment due to a disability please let us know as part of your application and we will assist.