Data Protection Advisor

Collinson is the global, privately-owned company dedicated to helping the world to travel with ease and confidence. The group offers a unique blend of industry and sector specialists who together provide market-leading airport experiences, loyalty and customer engagement, and insurance solutions for over 400 million consumers. Collinson is the operator of Priority Pass, the world’s original and leading airport experiences programme. Travellers can access a network of 1,500+ lounges and travel experiences, including dining, retail, sleep and spa, in over 650 airports in 148 countries, helping to elevate the journey into something special.

We work with the world’s leading payment networks, over 1,400 banks, 90 airlines and 20 hotel groups worldwide. We have been bringing innovation to the market since inception – from launching the first independent global VIP lounge access Programme, Priority Pass to being the first to sell direct travel insurance in the UK through Columbus Direct and creating the first loyalty agency of its kind in the travel sector with ICLP. Today we still invest heavily in innovation to ensure that we continue to deliver superior customer experiences.

Our mission is focused on doing good beyond profit, which for us means we seek out opportunities for our people to share in our success and that we give back to the communities and people within which we work. Never short of ambition, the success of our business is delivered through the diverse and talented team of over 1,800 global colleagues.

Purpose of the job

We have an exciting new role opportunity within Risk and Compliance for a Data Protection Advisor. This role will be instrumental in strengthening Collinson’s data protection compliance framework and compliance controls across the business. Responsible for assisting with the delivery of a risk-based data protection assurance program which enables the DPO to monitor Collinson’s compliance position. A strategic role providing advice and consultancy to the business to manage data protection risks and controls across personal data processing activities, IT systems, Third Party suppliers and subsidiaries.

What you'll be responsible for:

• Accountable for assisting with the delivery and implementation of the data protection assurance program focused on embedding and strengthening Collinson’s data protection compliance framework, and control environment through risk-based assurance.
• Understand and assist with the mapping of the personal data landscape using available tools to capture end-to-end data flows across line of business, IT systems, Third Party suppliers and Subsidiaries, as required to maintain the record of processing activities (RoPA) as well as satisfy accountability requirements of applicable data protection legislation, such as UK GDPR and EU GDPR.
• Responsible for assisting with the delivery of the data protection assurance program to assess appropriate controls are in place and provide advice and recommendations to business stakeholders which ensure responsibilities and accountabilities are understood and assigned where risks or control gaps are identified.
• As a subject matter expert, provide oversight, guidance and challenge on the identification and effective management of data protection risks, including the design and implementation of technical and organisational measures.
• Help drive a culture of accountability, ensuring data and risk ownership is assigned in the business and that security and compliance of data is maintained, working with the business to continuously review data processing, systems and suppliers as well as the delivery of data protection compliance reports.
• Understand the contractual elements and due diligence of Third Party suppliers who handle Collinson personal data and be able to provide insight on the security, data protection and data transfer requirements necessary at the procurement stage and through ongoing management of existing supplier contracts.
• As a member of the Data Protection team, be able to deputise for the DPO in the event of a personal data breach and related incident response processes.
• Provide the tools and knowledge to support the business in embedding data protection into daily activities, such as data protection by design and by default, and assist in building a data protection culture where staff understand the value of personal data and their responsibilities in safeguarding it.
• Build and maintain key relationships with internal stakeholders in order to remain aware of business developments in relation to data protection compliance.
• Understand and articulate data protection risk to technical and non-technical internal stakeholders and be able to robustly challenge where required.
• Develop and maintain a strong network with industry bodies, professional associations, information and data protection knowledge sharing forums in order to support ongoing data protection best practices and to benefit from expertise and experience developed by these bodies, including the ICO and EDPB.
• Stay abreast of key regulatory, legislative and technical changes which require Collinson to adapt its processes or strategies in order to uphold and maintain its compliance.
• Prepare and deliver training, and provide advice to the business, in relation to regulatory and compliance matters.
• Collating reliable, relevant, and timely management information for various governance forums and committees.
• Be a champion for quality and risk across the business and demonstrate a passion for meeting the highest standards.

Ideally you'll have the following:

• Hold accredited qualifications in information governance, records management and/or data protection (BCS/CIPP), or equivalent gained in relevant experience.
• Expert knowledge of data protection and applicable legislation, information security controls and compliance management.
• Proven experience in advising and/or implementing data protection compliance programmes in complex environments.
• Able to explain data protection risks clearly and in non-technical language to the business and how these apply to them.
• Proven project management skills with a focus on delivery and results.
• A thorough understanding of best practice in risk management and compliance frameworks.
• Ability to interpret information, identify risk and provide feedback in a clear and concise manner.
• Attention to detail and able to interpret information, make sound decisions and take ownership of issues to resolution.
• Excellent interpersonal and communication skills, both written and oral.
• Organized, time management skills and an ability to work under pressure and flexibly to meet business deadlines.
• Experience of using tools and technology to train, communicate and improve risk culture and demonstrable experience in developing simple, effective and easy to adopt policies.
• Solid understanding of regulations, industry standards, and leading Industry practices.

Collinson is an equal opportunity employer and welcomes differences in all their forms including: colour, race, ethnicity, gender identity, sexual orientation, neurodivergence, family status, age, individuals with disabilities and people from all backgrounds, cultures and experiences as we strongly believe this contributes to our on-going success. We are focused on continually evolving our purpose driven, high performing culture, providing an environment where our people have the opportunity to achieve their full potential and do interesting and meaningful work.

Our company values are: Act smarter, Do the right thing, One team and Be insight led. These help guide everything we do internally in terms of how we think, act and interact, right through to how we deliver value to our customers and clients.

In your application, please feel free to note which pronouns you use (For example - she/her/hers, he/him/his, they/them/theirs, etc). If you need any extra support throughout the interview process, then please email us at ukrecruitment@collinsongroup.com.