Data Protection Manager

The Company

Based in Huntingdon, Cambridgeshire, EPM is an award-winning and accredited education services business with 25 years of expertise.

We are a technology-enabled business, but people are at the heart of what we do. We believe in developing long-lasting relationships with our customers and employees, with our relationships lasting, on average, 11 years.

We are 100% dedicated to education and our expert team of nearly 200 highly qualified employees support more than 1,600 schools nationwide.

Our culture is unique and is based upon our motivated and passionate team. As a result, we encourage our employees to flourish and unleash their talent by building their confidence and providing them with the opportunities and support to empower them and realise their full potential. This is just one of the many reasons we were awarded ‘Employer of the Year’ at the Hunts Post Business Awards 2018 and have been shortlisted again for 2019.

EPM’s performance in the market has been and continues to be, exceptional, resulting in significant growth year after year. Our success can be attributed to our proactive, forward-thinking approach and passionate team. Our plan for the future is to continue this growth, increase our geographical reach and consider expanding the services offered.

Purpose of the Job

To review process flows on current procedures and implement plans enabling the business to minimise risk. Working closely with the EPM board as well as the wider Citation group Supporting and implementing organisational policies and processes that ensure the organisation complies with data protection law and good information management practice. You will also lead on or support workstreams at a senior level to sustain compliance across all data streams in order to meet business objectives.

This role is pivotal in supporting the business achieve its goals, finding the balance between objectives, data protection law, group policy and each department’s influence will be critical. Standing firm from pressures in all directions whilst trying to find solutions that enable and not restrict will be a key.

Main Responsibilities/Duties of the Job

Company Responsibilities

  1. Lead the implementation of the group data protection and information governance framework locally, keeping leaders on at EPM and Citation group updated on progress and challenges.
  2. Work with the business in setting and achieving data retention timeframes
  3. Ensure that appropriate due diligence is carried out prior to onboarding a new supplier, ensuring that appropriate information security practices and data protection compliance are at play.
  4. Keep up to data record of processing activity, data maps and ensure they are a primary reference point for all projects and data processing
  5. Be the onsite SME for data protection laws and their practical application, in particular dealing with the exercise of rights and supporting the business in meeting each of the data protection principles
  6. Managing significant projects requiring dedicated time to manage, review and implement
  7. Analysing and making recommendations against information security concepts and working with IT and the business to identify risks to information and mitigation strategies
  8. Influencing stakeholders at all levels of the business and lead change
  9. Be the contact point for the ICO
  10. Support the business with privacy impact assessments when they are necessary

Internal Team and Broader Responsibilities

  1. Contribute to the sharing of good practice and knowledge amongst colleagues, as required.
  2. Attend and participate in regular team meetings as appropriate and training to keep up-to-date with current legislation, policies and procedures and other relevant guidance.
  3. Be compliant with EPM employee policies and procedures.
  4. Provide support for other colleagues when necessary.
  5. Proactively participate in the EPM Appraisal process.
  6. Maintain high levels of confidentiality and integrity at all times.
  7. Perform miscellaneous job-related duties as assigned.
Five 9 - 5 GCSEs including Maths and English, or equivalentQualifications in or proven ability to apply GDPR and DPA 2018 to meet business objectives
An sound understanding of Data Protection and compliance Legislation Experience of working in a customer focused environment
Experience in the creation and application of Data governance policies and processes as well as the ability to bring these to lifeExperience of working within an every changing corporate environment
Practical and working knowledge of information governance with key areas being data protection, records management and information securityAn understanding of ISO27001
Ability to contribute proactively to a strong team working culture that is privacy, security and customer focused
Experienced in undertaking complex analysis and problem solving and communicate the results clearly
A proved track record of quickly establishing good working relationships and gaining credibility with a range of internal customers
Able to demonstrate careful attention to detail and accuracy
Ability to communicate effectively with customers and colleagues both verbally and in writing switching styles, tones and platforms as required
Ability to demonstrate sound proofreading and editing skills to create high quality content and documentation
Excellent ICT skills including use of Microsoft office
Experience of supporting individuals exercise their data protection rights.
Experience of being point of contact for and dealing with the ICO
Experience of dealing with data breaches and incidents
Ability to remain calm and composed especially under pressure
Confident in training and presenting in an engaging manner