Data Protection Manager
€70.000 | Wiesbaden, Germany
We are currently working on behalf of an international insurance, who are looking to add a Data Protection Manager to their growing team in Wiesbaden. The role will coordinate the activities of the local Data Protection & Privacy teams, such as those in Spain, Italy, Germany, France and the USA, to ensure a consistent approach across the group. Profile: languages: English and German fluent (C1+), any other additional languages are a plus University degree in a relevant field, data protection qualifications are a plus 3-5 years of experience within the data protection/information security legislation in Germany, especially GDPR and related ePrivacy law Experience within the financial services industry is a plus but not necessary Proven track record in managing data protection activities Strong communicator across various seniority levels and countries Tasks: Assist the Group DPO as required, escalating issues as appropriate. Give appropriate input and practical advice to the specific international business units, following the agreed processes to demonstrate compliance. Involvement in the design phase of solutions to ensure these will meet international compliance requirements. Individual Rights – ensure that requests are managed within the legal time limits allowed, with any issues escalated. Privacy Notices should be checked for completeness and accuracy. Records of Processing Activities (ROPA) – ensure these are complete for each international data controller and kept up to date through regular review, including to verify that data is not retained longer than necessary. This should cover the processing of all customer and colleague data, as well as maintain a register of suppliers and third parties involved in these activities. Risk management – identify data protection risks and ensure Data Protection Impact / Legitimate Interest Assessments are carried out where required. Manage all risks using the group’s agreed framework and log these in the centralised risk system (currently Magique). Contracts – ensure that data protection clauses in client / supplier contracts are in line with the standard terms agreed in the Legal Data Protection Handbook. Escalate to the Group DPO and local management, instances where non-standard DP clauses are being negotiated. Breach management – ensure all confirmed personal data breaches are recorded on the group’s central log and risk assessed / escalated in line with the group Data Breach Scoring Matrix. Assist with the investigation, notification and remediation of breaches as agreed with the Group DPO. Data transfers – ensure a documented lawful mechanism is in place to allow international transfers to be made with adequate safeguards. Supervisory Authority – liaise as appropriate with the relevant regulatory bodies to provide the necessary input on registration, complaints, breach notification and consultations. Compliance monitoring – provide management information on a regular basis to demonstrate compliance for the international business units and highlight any compliance gaps. Exceptions – where the applicable laws or group policies cannot be followed and an exception or derogation is formally agreed, maintain a log of these instances. We aim to be an equal opportunity recruiter and we are determined to ensure that no applicant receives less favourable treatment on the grounds of gender, age, disability, religion, belief, sexual orientation, marital status, or race, or is disadvantaged by conditions or requirements.