Job Description. No of Direct Reports : 0. Titles of Direct Reports: Size of Department: 4. Budget Responsibility (direct) : 0

Transcription

1 Job Description Job Title : Department : Data Privacy Manager Legal Reporting to (Job Title) : Director, Privacy No of Direct Reports : 0 Titles of Direct Reports: N/A Size of Department: 4 Budget Responsibility (direct) : 0 Revenue Responsibility (direct) : 0 Date of issue: 11 th December 2017 Issued by (name): Director, Privacy Overall Purpose of Role: The Data Privacy Manager is a hands on role for an experienced practitioner that demands a good level of expertise in data privacy, data protection and applying clear and logical reasoning to problems. The person in this position will share a range of tasks with others in the Data Privacy team, but will be primarily responsible for developing and operating processes relating to Incident Management, and operating a point of escalation for complaints and complex queries relating to Information Rights requests. The role will be responsible for ensuring readiness to respond to incidents with a personal data processing impact, in line with the expectations set out in statute law, regulation and sectoral standards. It will develop and conduct training to ensure continued awareness of incident response processes to business and team stakeholders, and for carrying out periodic exercises and reviews of the process. The Data Privacy Manager will be expected to act as an escalation point to investigate and respond to complex queries and complaints relating to individuals exercising their Information Rights, and to maintain oversight of the business processes responsible for responding to these requests in a timely manner. The role will monitor and report on agreed metrics and KPIs to deliver assurance to the Data Protection Officer and senior management. Page 1 of 5

2 This role will interact closely with individuals (including those external to the organisation), internal business units at all levels of seniority, external service providers and with stakeholders across the global Carnival Corporation organisation. Main Activities and Responsibilities Incident Management Own and operate the process to prepare and respond to incidents Train stakeholders and maintain an appropriate level of awareness across the business Conduct review and exercises to evidence readiness of incident response plans Maintain comprehensive records relating to incidents and resulting actions Communicate with internal and external stakeholders as appropriate for the nature of an incident Information Rights Processes Act as the primary escalation point for all complex queries relating to individuals ability to exercise their Information Rights. Act as a primary escalation point for complaints relating to Information Rights Maintain oversight of the business ability to respond correctly to Information Rights requests Escalate non performance or failings to the Data Protection Officer and/or senior management Communicate with requesters and any other applicable stakeholders Administration Responsibilities Ensure dashboards monitor and report on status of Privacy function and processes Produce monthly exception and management reports Maintain documentation for relevant processes and procedures Assist and train team members in processes, tools and techniques to ensure resilience and continuity. HESS Responsibilities Lead by example by taking care of the health and safety of yourself and others Report all accidents, near miss incidents and work related ill health conditions to your manager and to the Facilities department. Follow safety rules and procedures Use work equipment, personal protective equipment, substances, and safety devices correctly Take part in safety training & risk assessments and suggest ways of reducing risks. Act safely in accordance with our Elev8 safety behaviours General Responsibilities Adhere to corporate policies and procedures, including Codes of Conduct, Audit Procedures and any other control related responsibility for financial data entered, stored, or reported via business systems within employee s control (list not exhaustive). To undertake other duties flexibly as required to support the Data Privacy team. To undertake ad hoc duties as required. Page 2 of 5

3 Other Features of Job (travel, hours of work, working conditions etc): Main place of work will be the Carnival UK Southampton Office Travel away from the office such as ship visits or to other Carnival operating companies may be required on an occasional basis. Out of hours work as required to meet outcomes Location: Southampton Offices Page 3 of 5

4 Person Specification Job Title : Data Privacy Manager Department : Legal Education, Qualifications and Training An undergraduate or postgraduate degree, or appropriate supporting training and work experience, in a broadly relevant subject area such as Law, English or History Excellent language comprehension skills A good understanding of privacy controls An understanding of risk and good practice in identifying, recording and communicating risks Ability to produce and conduct training and awareness exercises for small group audiences Understanding of data privacy concepts as applied to Information Rights and Incident Management Desirable: The ability to identify and act upon opportunities for improvement Experience Knowledge of applicable legislation, regulation and best practice relating to data privacy 3+ years of experience in handling Information Rights requests 3+ years of experience in managing difficult customer communications, such as responding directly to complaints or legal claims Desirable: Experience in producing process documentation and procedural instructions Experience in the travel or cruise industry Work Based Competencies Excellent problem solving and analytical skills Proven ability to deliver during high pressure situations Flexibility to handle multiple high pressure situations simultaneously Ability to work well under minimal supervision Commitment to deliver to agreed deadlines Ability to exercise professional secrecy Page 4 of 5

5 Behavioural Competencies Strong team oriented interpersonal skills, with the ability to interface effectively with a broad range of people and roles, including vendors, IT staff and business personnel Strong written and verbal communication skills Excellent organisational skills Pervasive customer/client focus, with the ability to manage stakeholders expectations appropriately Provide a superior customer/client experience and build long term relationships Page 5 of 5