Job Description

Job Advert


Act as BACP's designated Data Protection Lead in accordance with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and other prevailing legislation. Monitor and ensure BACP's compliance with data protection laws and promote a culture of accountability.



Provide expert advice on data protection matters: Serve as the primary point of contact for data protection queries from staff, members, and stakeholders, including handling Subject Access Requests (SARs), responding to requests for erasure (right to be forgotten), and providing clear, practical guidance.



Ensure transparency in data processing: Coordinate all communications with data subjects, including the drafting and review of Privacy Notices, to ensure individuals are informed of how their data is processed, their rights, and the legal basis for processing, maintaining compliance with GDPR requirements and best practices.



Manage data breach responses: Act as the lead contact for managing data breaches and near-miss incidents. Maintain a robust breach register, ensure timely investigation and resolution of breaches, and report qualifying incidents to the Information Commissioner's Office (ICO) within statutory deadlines. Oversee root-cause analyses and implementation of corrective actions.



Oversee Data Protection Impact Assessments (DPIAs): Collaborate with internal teams to ensure DPIAs are conducted for relevant projects or systems. Identify risks to data protection, provide advice on mitigation measures, and ensure decisions are compliant with GDPR standards.



Conduct regular data protection audits and training: Perform regular audits to identify potential compliance gaps or risks and implement corrective actions. Develop and deliver data protection training to staff and volunteers, fostering awareness and reducing risks.



Prepare data protection reports: Report regularly on data protection activities, risks, and incidents, including presenting updates and insights to BACP's leadership and trustees to ensure they are informed and engaged with compliance efforts.



Support IT infrastructure and website privacy compliance: Collaborate with IT and relevant teams to ensure compliance with privacy requirements for shared information systems, website platforms, and IT infrastructure. Ensure robust security measures are in place to safeguard personal data.



Promote data security across the organisation: Advise on and support data security improvements, including risk management related to systems, processes, and organisational practices. Build strong cross-departmental relationships to ensure data security considerations are embedded into daily operations. Provide actionable recommendations to strengthen data security and compliance.



Champion staff training and awareness: Deliver ongoing training to ensure that all employees and volunteers understand their responsibilities under data protection law. Develop and share resources to build knowledge and ensure consistency in compliance practices across the organisation.



Collaborate with contracts team: Assess data requirements and restrictions for new software and services, ensuring all projects and initiatives comply with relevant data protection legislation.



Problem-Solving: Apply a uniform approach to problem-solving for GDPR-related issues, including handling SARs and other data protection requests. Adapt solutions based on the specific problem while following established processes and guidelines.



Operational Knowledge: Maintain a strong operational knowledge of the organisation's activities related to data protection. Advise on data protection matters with an understanding of the broader organisational context.



Knowledge & experience:


Education: Educated to degree level or substantial senior technical experience.



Experience: Working in a senior expert role within a local authority or membership organisation.



Competencies:

Expert knowledge and practical experience of data protection law, to include the Data Protection Act and GDPR. High-level of IT literacy with direct experience of working with data security applications, systems and solutions and document controls. IT and Cybersecurity awareness with a general understanding of cybersecurity principles, encryption, data anonymization, and network security Competence to drive forward change effectively, using a flexible, consultative and supportive approach. Ability to get things done without direct authority over a team. Good negotiating and influencing skills. Capable of communicating effectively at all levels in both written and oral presentation. Proven experience in dealing with all aspects of the Data Protection Act, including handling breaches, SAR's, policies and risk management. Previous experience and evidence of undertaking data security checks. Excellent time management skills to work effectively under pressure. A solid understanding of good project delivery and case management so that objectives are achieved to deadline and within budget. High-level of discretion when dealing with confidential and/or sensitive issues and information. Skills required to analyse complex issues and data, including research, financial and management information, both verbally and in writing. Ability to undertake research and development work to have a strong awareness of the latest developments and innovations in data protection. To ensure the organisation has suitable compliancy management tools in place. Experience of providing training and guidance around data protection and security issues, to staff with varying abilities. * Ability to work flexibly and on occasions out of office hours.