Group Data Protection Officer

Job Description You will lead the Group’s data protection strategy and compliance programme, ensuring the company and its brands meet their obligations under all relevant privacy laws. Operating as a key function within the Group’s second line of defence, this role provides independent oversight, expert advice, and constructive challenge to the business on all data protection matters. The Group DPO will embed a culture of privacy by design and act as the primary point of contact for the Information Commissioner's Office (ICO).Your responsibilities will include:

• Develop, implement, and maintain the Group's data protection strategy, policies, procedures, and controls in line with UK GDPR, the Data Protection Act 2018, and other relevant privacy legislation.
• Provide expert, independent oversight of the Group's data protection compliance. Challenge first-line operational teams and business processes where necessary to ensure adherence to policies and mitigate risk.
• Inform and advise the Board, senior management, and employees of their obligations under data protection law, providing pragmatic, risk-based advice on all data processing activities.
• Specifically advise on and monitor compliance with the Privacy and Electronic Communications Regulations (PECR), ensuring all electronic marketing activities meet legal requirements for consent and communication.
• Monitor the effectiveness of the first line's data protection controls and overall compliance with data protection laws. This includes managing internal data protection audits, identifying gaps, and overseeing remediation plans.
• Advise on and monitor Data Protection Impact Assessments (DPIAs) for new projects, systems, and processes involving personal data. Maintain the Group's record of processing activities (ROPA).
• Lead the management and investigation of personal data breaches, ensuring timely reporting to the ICO and communication with affected data subjects where required.

The ideal candidate will have:

• Significant experience operating as a Data Protection Officer or in a senior data protection role within a large, complex, multi-site, and multi-brand Group.
• Substantial, hands-on experience managing ICO casework, including responding to subject complaints.
• Proven track record of developing and implementing pragmatic data protection frameworks, within a 'Three Lines of Defence' risk model.
• Demonstrable experience managing personal data breaches and responding to regulatory investigations.
• Experience in advising on and conducting Data Protection Impact Assessments (DPIAs
• A Recognised Data Protection Qualification
• Excellent communication and interpersonal skills, with the ability to articulate complex legal and technical concepts to a non-expert audience.
• Strong leadership and influencing skills, with the ability to engage stakeholders and build trust at all levels.
• The confidence and gravitas to provide constructive challenge to senior management and first-line operations.
• High level of professional ethics and integrity, with a commitment to maintaining independence
• Highly technical and deep understanding of Data Protection law and regulatory requirements (including those related to AI) such as UK GDPR, GDPR, PECR, DPA18

Connells Group UK is an equal opportunities employer and positively encourages applications from suitably qualified and eligible candidates regardless of sex, race, disability, age, sexual orientation, transgender status, religion or belief, marital status, or pregnancy and maternity.CF00679