We are recruiting for a GDPR Manager to work for a company based in central Swindon. This is a hybrid role that will be based in the office and working from home. Salary is £39,748, full time, 37 hours a week.

Duties include:

• Responsible for monitoring and managing the Freedom of Information, Data Protection, and Security mailbox
• To investigate incidents and data breaches
• Escalating risk in a timely manner, but presenting risk with possible solutions for discussion, not being lead.
• Manage and oversee the initial acknowledgement and triage of all information rights requests, working with relevant business units to complete evidence gathering and investigation, and response/resolution within required deadlines
• Provide regular reporting on information rights and assurance to stakeholders as required
• Provide analysis, address and follow up on key areas where improvements are needed to address the cause of data breaches
• To resolve Freedom of Information, Data Protection queries and requests, engaging with the Head of role as appropriate.
• To manage and deal with escalations and complex requests
• Drafting NDAs, MOUs, data sharing, contracts and other agreements
• Ensuring appropriate agreements and contractual terms are in place with organisation, individuals, suppliers that may have access to sensitive information to protect data
• To assist with developing information assurance policies and procedures
• Undertake the management of data breaches/incidents for commercial data and reporting
• Work with teams to ensure that Information governance is on the minds of all staff and that appropriate refresher training is in place, along with robust induction procedures.
• Ensure staff training records in relation to mandatory training sessions are accurate and up to date
• Build and maintain excellent working relationships with key external stakeholders
• Deputise for the Head of Information Assurance & Complaints in their absence, in all matters relating to Information Rights and Assurance. Providing cover for other colleagues in the team during sickness and long term absences.

Essential skills required

• Demonstrable experience of multi-tasking, prioritising and working proactively to deliver at high quality and pace against multiple priorities.
• A demonstrable willingness to keep up to date with best practice and wider developments in information management and complaints handling
• Experience in complex organizations, preferably public sector, and interaction with internal and external stakeholders at all levels
• Experience in writing clear briefs
• Previous information rights handling experience
• Ability to solve complex requests and incident handling, thinking strategically and with risk in mind
• Experience of working closely with senior strategic roles, to influence future decisions and contribute to shaping process/policy where there is scope to do so
• Experience of formulating new ideas and putting them into practice in relation to incident process to improve governance and risk management
• Experience of successfully leading on information rights request in line with legal and regulatory requirements and best practice in a large, complex organizational environment
• Full appreciation and a good understanding of information management and data legislation, particularly the Freedom of Information Act 2000, Environmental Information Regulations and General Data Protection Regulations.
• Experience of handling casework in these areas

• Development and review of contractual documentation and privacy terms and conditions

• Delivery of training and staff awareness events

We are looking for candidates who are degree or have equivalent experience and a professional qualification in Data protection, GDPR, Freedom of Information, Information Assurance and/or Information Management (practitioner level).