Data Protection and Securities Officer
| Posting date: | 16 May 2025 |
|---|---|
| Salary: | Not specified |
| Additional salary information: | £46,957 |
| Hours: | Full time |
| Closing date: | 15 June 2025 |
| Location: | Lutterworth, LE17 4HB |
| Company: | BACP |
| Job type: | Permanent |
| Job reference: | 36 |
Summary
Job Advert
Act as BACP’s designated Data Protection Lead in accordance with the UK General Data Protection Regulation (UK GDPR), the Data
Protection Act 2018, and other prevailing legislation. Monitor and ensure BACP’s compliance with data protection laws and promote
a culture of accountability.
Provide expert advice on data protection matters: Serve as the primary point of contact for data protection queries from staff,
members, and stakeholders, including handling Subject Access Requests (SARs), responding to requests for erasure (right to be
forgotten), and providing clear, practical guidance.
Ensure transparency in data processing: Coordinate all communications with data subjects, including the drafting and review of
Privacy Notices, to ensure individuals are informed of how their data is processed, their rights, and the legal basis for
processing, maintaining compliance with GDPR requirements and best practices.
Manage data breach responses: Act as the lead contact for managing data breaches and near-miss incidents. Maintain a robust breach
register, ensure timely investigation and resolution of breaches, and report qualifying incidents to the Information
Commissioner’s Office (ICO) within statutory deadlines. Oversee root-cause analyses and implementation of corrective actions.
Oversee Data Protection Impact Assessments (DPIAs): Collaborate with internal teams to ensure DPIAs are conducted for relevant
projects or systems. Identify risks to data protection, provide advice on mitigation measures, and ensure decisions are compliant
with GDPR standards.
Conduct regular data protection audits and training: Perform regular audits to identify potential compliance gaps or risks and
implement corrective actions. Develop and deliver data protection training to staff and volunteers, fostering awareness and
reducing risks.
Prepare data protection reports: Report regularly on data protection activities, risks, and incidents, including presenting
updates and insights to BACP’s leadership and trustees to ensure they are informed and engaged with compliance efforts.
Support IT infrastructure and website privacy compliance: Collaborate with IT and relevant teams to ensure compliance with privacy
requirements for shared information systems, website platforms, and IT infrastructure. Ensure robust security measures are in
place to safeguard personal data.
Promote data security across the organisation: Advise on and support data security improvements, including risk management related
to systems, processes, and organisational practices. Build strong cross-departmental relationships to ensure data security
considerations are embedded into daily operations. Provide actionable recommendations to strengthen data security and compliance.
Champion staff training and awareness: Deliver ongoing training to ensure that all employees and volunteers understand their
responsibilities under data protection law. Develop and share resources to build knowledge and ensure consistency in compliance
practices across the organisation.
Collaborate with contracts team: Assess data requirements and restrictions for new software and services, ensuring all projects
and initiatives comply with relevant data protection legislation.
Problem-Solving: Apply a uniform approach to problem-solving for GDPR-related issues, including handling SARs and other data
protection requests. Adapt solutions based on the specific problem while following established processes and guidelines.
Operational Knowledge: Maintain a strong operational knowledge of the organisation’s activities related to data protection. Advise
on data protection matters with an understanding of the broader organisational context.
Knowledge & experience:
Education: Educated to degree level or substantial senior technical experience.
Experience: Working in a senior expert role within a local authority or membership organisation.
Competencies:
* Expert knowledge and practical experience of data protection law, to include the Data Protection Act and GDPR.
* High-level of IT literacy with direct experience of working with data security applications, systems and solutions and document
controls.
* IT and Cybersecurity awareness with a general understanding of cybersecurity principles, encryption, data anonymization, and
network security
* Competence to drive forward change effectively, using a flexible, consultative and supportive approach.
* Ability to get things done without direct authority over a team. Good negotiating and influencing skills. Capable of
communicating effectively at all levels in both written and oral presentation.
* Proven experience in dealing with all aspects of the Data Protection Act, including handling breaches, SAR’s, policies and risk
management.
* Previous experience and evidence of undertaking data security checks.
* Excellent time management skills to work effectively under pressure.
* A solid understanding of good project delivery and case management so that objectives are achieved to deadline and within
budget.
* High-level of discretion when dealing with confidential and/or sensitive issues and information.
* Skills required to analyse complex issues and data, including research, financial and management information, both verbally and
in writing.
* Ability to undertake research and development work to have a strong awareness of the latest developments and innovations in
data protection. To ensure the organisation has suitable compliancy management tools in place.
* Experience of providing training and guidance around data protection and security issues, to staff with varying abilities.
* Ability to work flexibly and on occasions out of office hours.
Act as BACP’s designated Data Protection Lead in accordance with the UK General Data Protection Regulation (UK GDPR), the Data
Protection Act 2018, and other prevailing legislation. Monitor and ensure BACP’s compliance with data protection laws and promote
a culture of accountability.
Provide expert advice on data protection matters: Serve as the primary point of contact for data protection queries from staff,
members, and stakeholders, including handling Subject Access Requests (SARs), responding to requests for erasure (right to be
forgotten), and providing clear, practical guidance.
Ensure transparency in data processing: Coordinate all communications with data subjects, including the drafting and review of
Privacy Notices, to ensure individuals are informed of how their data is processed, their rights, and the legal basis for
processing, maintaining compliance with GDPR requirements and best practices.
Manage data breach responses: Act as the lead contact for managing data breaches and near-miss incidents. Maintain a robust breach
register, ensure timely investigation and resolution of breaches, and report qualifying incidents to the Information
Commissioner’s Office (ICO) within statutory deadlines. Oversee root-cause analyses and implementation of corrective actions.
Oversee Data Protection Impact Assessments (DPIAs): Collaborate with internal teams to ensure DPIAs are conducted for relevant
projects or systems. Identify risks to data protection, provide advice on mitigation measures, and ensure decisions are compliant
with GDPR standards.
Conduct regular data protection audits and training: Perform regular audits to identify potential compliance gaps or risks and
implement corrective actions. Develop and deliver data protection training to staff and volunteers, fostering awareness and
reducing risks.
Prepare data protection reports: Report regularly on data protection activities, risks, and incidents, including presenting
updates and insights to BACP’s leadership and trustees to ensure they are informed and engaged with compliance efforts.
Support IT infrastructure and website privacy compliance: Collaborate with IT and relevant teams to ensure compliance with privacy
requirements for shared information systems, website platforms, and IT infrastructure. Ensure robust security measures are in
place to safeguard personal data.
Promote data security across the organisation: Advise on and support data security improvements, including risk management related
to systems, processes, and organisational practices. Build strong cross-departmental relationships to ensure data security
considerations are embedded into daily operations. Provide actionable recommendations to strengthen data security and compliance.
Champion staff training and awareness: Deliver ongoing training to ensure that all employees and volunteers understand their
responsibilities under data protection law. Develop and share resources to build knowledge and ensure consistency in compliance
practices across the organisation.
Collaborate with contracts team: Assess data requirements and restrictions for new software and services, ensuring all projects
and initiatives comply with relevant data protection legislation.
Problem-Solving: Apply a uniform approach to problem-solving for GDPR-related issues, including handling SARs and other data
protection requests. Adapt solutions based on the specific problem while following established processes and guidelines.
Operational Knowledge: Maintain a strong operational knowledge of the organisation’s activities related to data protection. Advise
on data protection matters with an understanding of the broader organisational context.
Knowledge & experience:
Education: Educated to degree level or substantial senior technical experience.
Experience: Working in a senior expert role within a local authority or membership organisation.
Competencies:
* Expert knowledge and practical experience of data protection law, to include the Data Protection Act and GDPR.
* High-level of IT literacy with direct experience of working with data security applications, systems and solutions and document
controls.
* IT and Cybersecurity awareness with a general understanding of cybersecurity principles, encryption, data anonymization, and
network security
* Competence to drive forward change effectively, using a flexible, consultative and supportive approach.
* Ability to get things done without direct authority over a team. Good negotiating and influencing skills. Capable of
communicating effectively at all levels in both written and oral presentation.
* Proven experience in dealing with all aspects of the Data Protection Act, including handling breaches, SAR’s, policies and risk
management.
* Previous experience and evidence of undertaking data security checks.
* Excellent time management skills to work effectively under pressure.
* A solid understanding of good project delivery and case management so that objectives are achieved to deadline and within
budget.
* High-level of discretion when dealing with confidential and/or sensitive issues and information.
* Skills required to analyse complex issues and data, including research, financial and management information, both verbally and
in writing.
* Ability to undertake research and development work to have a strong awareness of the latest developments and innovations in
data protection. To ensure the organisation has suitable compliancy management tools in place.
* Experience of providing training and guidance around data protection and security issues, to staff with varying abilities.
* Ability to work flexibly and on occasions out of office hours.