Data Protection Officer

Location - Bristol Employment Type - Full Time - Permanent Salary - Competitive Package Hours Per Week - 37.5 We have an opportunity for a Data Protection Officer to work with senior management and key stakeholders, ensuring our business understands and adheres to Data Protection legislation. This role will cover all functional areas, interfacing with multiple group businesses to ensure compliance and an understanding of data protection requirements for the company. Key Responsibilities: Being the nominated DPO for the Information Commissioner's register of Data Controllers. Engaging with the Information Commissioner's Office (or relevant Supervisory Authority) in relation to queries and investigations. Informing and advising the controller or processor and their employees of their data protection obligations. Monitoring compliance with data protection regulations and PECR, including the assignment of responsibilities, reporting of non- conformities/security weaknesses and corrective action plans. Maintain a register of data owners for sets of information and educate the data owners on their responsibilities (what is data, how is it used, who has access to it). Maintain data flow maps. Maintain and monitor systems and controls to ensure compliance with relevant data protection legislation and regulations. Report to the board on the effectiveness of the firm's data protection arrangements and recommendations for improvement. Ensure Data Protection legislation is understood by key stakeholders and the wider business through advising, training and supporting teams to understand their obligations and fostering a data protection culture within the organisation. Provide Technical guidance and support on Subject Right Requests such as subject access requests. Be the first point of contact for data security breaches and investigate and manage all data protection complaints and data security breaches. Ensure appropriate notices are in place for all data processing activities, internal and external. Ensure data processing agreements are in place with third parties processing personal data. Undertake periodic data protection audits including all manual or digital and internal or outsourced processes. Work with IT to ensure ongoing data retention and data cleansing is implemented into systems used to manage personal data in compliance with our Data / Information Retention policies. Provide pragmatic, quality and timely ad hoc advice to all areas of the organisation to ensure all new initiatives comply with the DPA, GDPR, PECR and future legislation as it arises. Determine the policy for when and how Data Protection Impact Assessments should be carried out and provide advice and support to the Company in respect of their completion Required Skills/Experience: Detailed technical knowledge of data protection regulations, including the European General Data Protection Regulation (GDPR), Data Protection Act 2018 and PECR. Good understanding and experience of how Data Protection supports business objectives. Knowledge and application of compliance with UK & EU Data Protection & Privacy laws. Experience managing incidents & breaches. Experience devising, implementing and monitoring stringent policies. Experience of dealing with practical aspects of data protection compliance (i.e. preparing fair processing information, privacy statements, profiling, dealing with subject access requests and regulatory notifications where necessary). Experience conducting information management compliance reviews/audits CIPP/E certification or equivalent Our Benefits: Hybrid working - 2 days in the office and 3 days working from home 25 days annual leave, rising to 27 days over 2 years' service and 30 days after 5 years' service. Plus bank holidays! Discretionary annual bonus Pension scheme - 5% employee, 6% employer Flexible working - we will always consider applications for those who require less than the advertised hours Flexi-time Healthcare Cash Plan - claim cashback on a variety of everyday healthcare costs 100's of exclusive retailer discounts Professional wellbeing, health & fitness app - Wrkit Enhanced parental leave, including time off for IVF appointments Religious bank holidays - if you don't celebrate Christmas and Easter, you can use these annual leave days on other occasions throughout the year. Life Assurance - 4 times your salary 25% Car Insurance Discount 20% Travel Insurance Discount Cycle to Work Scheme Employee Referral Scheme Community support day Christmas and Summer parties Working at SBG At Somerset Bridge Group we aim to build a sustainable and innovative business focused on underwriting, broking and claims handling of UK motor insurance, offering transparent products and an efficient and fair service to our policy holders. We are very proud to have been awarded a Silver Accreditation from Investors in People! We recognise that all of our people contribute to our success. That's why we are always looking for talented people to join our team - people who share our vision, who are passionate about what they do, and who want to be part of something special. Equal Opportunity Employer Somerset Bridge Group is committed to creating a diverse environment and is proud to be an Equal Opportunity Employer. We prohibit discrimination or harassment of any kind based on race, color, religion, national origin, sexual orientation, gender, gender identity or expression, age, pregnancy, physical or mental disability, genetic factors or other characteristics protected by law. SBG makes hiring decisions based solely on qualifications, skills and business requirements.