Data Protection Analyst, UK & EU

With a company culture rooted in collaboration, expertise and innovation, we aim to promote progress and inspire our clients, employees, investors and communities to achieve their greatest potential. Our work is the catalyst that helps others achieve their goals. In short, We Enable Possibility℠.

• Coordinate and collate data subject access requests (DSARs)
• Review and action data protection incidents/breaches, ensuring appropriate privacy controls and mitigating actions are in place
• Assist with data protection impact assessments (DPIAs)
• Regularly review and update records of processing activities (RoPAs) to demonstrate accountability and compliance with applicable regulations
• Measure and track data protection key performance indicators (KPIs) to track the effectiveness of the organisation’s data protection and privacy program
• Assist with data protection/privacy issues that may arise within the business as necessary
• Assist with reviewing and maintaining Arch’s internal regulatory documents, such as policies, procedures, and legitimate interest assessments, and providing training to staff to foster and maintain high standards of data protection and privacy
• Collaborate with colleagues across Arch Group to support other group projects and privacy issues
• Monitor changes to local privacy laws and regulations and make recommendations to the business as appropriate
• Assist with the review and drafting of agreements and notices, as appropriate, including privacy notices, inter-company transfer agreements, data processing agreements and vendor contracts (including Model Clauses)

• Excellent communication skills (both written and oral) for a wide range of audiences
• Organised and attention to detail in all tasks
• Excellent time management and the ability to prioritise own workload effectively and deliver to strict deadlines
• Ability to apply pragmatic solutions to complex problems
• Strong judgment and integrity

• Degree educated
• Professional certifications such as CIPP/E are desirable (or willingness to obtain) but not required

• One to two years in a data protection/privacy role
• Strong knowledge of EU and UK GDPR legislation and compliance requirements
• Experience in the Insurance industry is preferable but not required.