UK Data Protection Officer

Overview

• Division: 2nd Line: Compliance
• Reports To: Head of UK Compliance & Regulatory Affairs

Key Relationships:

• Head of UK Compliance & Regulatory Affairs
• Heads of Compliance for the EU and North America and their teams
• SMF16 for the BIdac UK branch
• Regional DPOs and their teams
• Group CRO and his SLT
• Group COO and his functions including Group CISO, Head of IT, Head of Data Management, Commercial Management
• People & Culture (Talent and HR Operations)
• Claims Operations
• Underwriting: CUOs and Heads of product lines
• External suppliers and retainers

Key Committees & Groups:

• Group Data Privacy Sub-Committee (member)
• Information Security Committee
• AI Governance and Controls Committee
• Data Retention Steering Group
• Underwriting Data Working Group & TriFocus Review Group

SMCR: This role is certified in the UK under the SM&CR.

Job Summary:

Through the effective day-to-day management of the UK Data Protection team, and collaborative engagement with other regional DPOs and their teams (or DPO equivalents), enable data protection risk management and regulatory compliance across the UK entities’ global licensed footprint through Horizon Scanning and Training.

Responsibilities:

• Enable the UK Compliance function to manage data protection risk and regulatory compliance with applicable data privacy and data protection laws and regulation across the UK entities’ global licensed footprint, including through effective Horizon Scanning and Training.
• Ensure all UK entity controls for DP are fit for purpose and adhered to.
• Contribute to, and enable the embedding of, a global DP framework to include all relevant Data Protection/Privacy policies, notices, systems, processes and controls.
• Support the effective and consistent management of cross-border data protection activities in collaboration with regional DPOs, including through the Group sub-committee for Data Protection.
• Contribute to the development and delivery of high-quality reporting including KPIs and KRIs across relevant committees and forums, as standalone DP papers or as part of UK Compliance reporting.
• Ensure that the UK entities’ legal and regulatory obligations for privacy and protection across their licensed footprint are mapped to a comprehensive set of activities, processes and controls to enable compliance.
• Embed the global Horizon Scanning framework in the UK DP team’s BAU with contributions to formal UK Compliance reporting including to the Change Committee.
• Manage the UK DP team, tracking and monitoring the effectiveness of delivery against key activities, in line with internal SLAs, to ensure regulatory compliance (DPIAs/ ROPAs/ Policy, Notices and Marketing reviews/ Legitimate Interest Assessments / Business Impact Assessments / Training/ Advisory requests / registrations).
• Keep workloads and resource needs under close observation and proactively identify problems, escalating where appropriate for resolution.
• Identify development opportunities for direct reports and support the team pastorally.
• Engage with internal stakeholders in Infosec, IT and co-sourcing relationships in Claims to support DSARs, e-discovery requests, and subpoenaed information as required.
• Oversee any externally outsourced DP provision for the UK entities in jurisdictions where they operate, working with regional DPOs as required where resources are shared.
• Provide advice on technical DP matters where appropriate, including DP contract clauses governed by English law; ensure contracts and service agreements cover information security, data security, privacy and breach notification requirements.
• Retain external advisers when needed to ensure appropriate levels of specialism, keeping the UK Head of Compliance advised of accrued expenses.
• Ensure UK DP-owned actions arising from all applicable audit, assurance and testing activities are completed on time.
• Maintain a Privacy Incident Reporting and Response process for privacy incidents affecting the UK; address alleged policy violations and external complaints.
• Proactively escalate data breaches to the Boards of the relevant UK entity through the applicable Chair of the Risk Committee, keeping the CRO and Head of Compliance informed for potential regulator notification.
• Lead on required notifications to the ICO where required and participate in relevant incident response activities and lessons learned.
• Collaborate with regional DPOs, regional DPOs, European branch regulatory counsel and other internal stakeholders to create a global DP strategy and operating model, ensuring cross-border activity is coordinated and responses to legal/regulatory requirements are consistent and understood.

General:

• Adopt the Beazley culture of Professionalism, Integrity, Effectiveness and Dynamic attitude to contribute to teamwork and a positive brand image.
• Comply with Beazley procedures, policies and regulations relevant to your role.
• Undertake relevant Beazley training as required by line manager, Talent Management, development or assurance teams (compliance, risk, internal audit).
• Comply with responsibilities outlined by line manager or assurance teams, including Beazley’s underwriting/claims controls and other standards, and uphold the Beazley principle of Treating Customers Fairly.
• Carry out additional responsibilities as notified or through objectives or the learning management system.

Person Specification:

Essential Criteria:

• Proven experience in Privacy and Data Protection.
• Previous DPO experience.
• Degree level educated.

Education and Qualifications / Experience:

• Knowledge of information systems desirable.

Skills and Abilities:

• Excellent written and oral communications skills.
• Ability to prioritise work and deliver results in a pressurised environment, through tactical and strategic planning.
• Ability to manage significant client contact, providing expert advice with judgement and business understanding.
• Ability to develop strong relationships with internal clients.
• Ability to support more senior roles in developing key client relationships through leading-edge technologies.
• Self-motivated, autonomous and results-driven with a flexible approach.
• Ability to work collaboratively with a broad range of constituencies.
• Thorough understanding of UK Data Protection laws and regulations.
• Unblemished career history with positions requiring trustworthiness and integrity.
• Ability to communicate technical and security concepts to technical and non-technical staff and management.

Knowledge and Experience:

• Experience in financial services is desirable but not required.
• Experience in the insurance industry is desirable but not required.
• Multi-country experience (beyond UK, ideally including APac) is desirable but not required.
• Experience with model contractual clauses for international data transfers is desirable but not required.

Aptitude and Disposition:

• Outcome focused, self-motivated, flexible and enthusiastic.
• Professional in interacting with managers, colleagues and external suppliers.

Competencies:

• Technical expertise
• Conceptual thinking and problem solving
• Planning and managing resources effectively
• Delivery orientation, initiative and drive
• Purposeful communication and ability to influence others
• Team player
• Customer focus