Senior Data Protection Assistant

We have an exciting new opportunity for an experienced, senior Data Protection individual to join TLT.

The Senior Data Protection Assistant (SDPA internally) will work closely with the Data Protection Officer (DPO) in leading stakeholders across multiple teams in the implementation of data protection compliance activities. The SDPA will help to drive privacy by design throughout the organisation and be responsible for coordinating activities with regards to privacy and governance related matters as directed by the DPO or the Risk Director.

Your Role

In a fast-changing regulatory environment and as TLT continues to innovate and develop new programmes of work, the SPDA’s role will be pivotal in championing the highest data protection standards and drive forward compliance across the Firm. As well as building expertise within the organisation and working on a range of exciting new projects weekly, you will capture learning and embed improved ways of working to ensure that our legal and regulatory position is robust.

Your day-to-day remit will include:

• To work proactively as a Data Protection subject matter expert, promoting best practice and developing policies and procedures to support this.
• To manage from first notification through to completion of all low to medium risk rated personal data breaches or incidents concerning impact and severity; including drafting written responses to regulators, clients or customers and reporting and communication with stakeholders within the Firm.
• To document TLT’s business practices in the GDPR risk register and to ensure that recommendations are issued as necessary to ensure that risks are mitigated effectively.
• As part of a small team, you will be the first port of call in supporting the smooth running of the DP team’s data protection best practice ethos, by championing the highest levels of customer care and providing a responsive, high-quality service to colleagues across the Firm.
• To provide specialist advice and recommendations across a range of data protection topics including individual rights requests, data breach management, DSARs (Data Subject Access Requests) and external data sharing practices within and outside of the UK.
• To reviewing supplier contracts (including Model Clauses, International Data Transfer Agreements) and consents needed to implement projects in partnership with the Firm’s Procurement and Information Security functions and ensuring filing requirements with local regulators are achieved.
• To lead on advice and instructions on how to conduct and complete Data Protection Impact Assessments (DPIAs) and Legitimate Interest Assessments (LIAs) exercises.
• To assist on the delivery of tailored data protection training and specific infographics awareness communications to different business teams and functions.
• To create and maintain documentation that provides evidence of legal and regulatory compliance based on the accountability principle and the GDPR risk register with little supervision.
• To support the development and implementation of all data protection policies, processes and procedures, and to maintain an appropriate review cycle and ensure joined up working is taking place across the IT and IS teams in order to support and achieve the Firm’s security and GDPR strategic aims.
• To assist the DPO on all aspects of data protection compliance when collaborating with Internal Audits to ensure that robust policies, procedures and controls are in place, meet the Firm’s needs and are effectively implemented.
• To develop the Data Protection Champions (DPC) network by working with key stakeholders in relevant teams and functions within the Firm.
• To perform quality control on the records of processing activity from each function to ensure consistency and alignment with relevant business policies and practices.
• To ensure that we address all queries from data subjects within legal timeframes (e.g. delete their information from our databases) and drive compliance with data governance policy requirements to archive and destroy data at the end of the information lifecycle across the Firm.
• Perform any other ad hoc activities or projects required for TLT related to privacy or data protection as instructed by the DPO.

Your Skills and Experience

• Substantial recent experience of managing data protection and information rights functions within a large regulated organisation or professional services company.
• Excellent knowledge of data protection laws (UK GDPR, EU GDPR, DPA (Data Protection Act)) and practices.
• Accredited qualification like a professional diploma in data protection and governance or hold at least one Data Protection and/or Privacy certification such as, CIPP, CIPT, ISEB/BCS. Consideration will also be given to experienced data protection professionals with three - five years’ experience in a data protection/privacy role.
• Educated to degree level (law degree or in social sciences preferable).
• Ability to handle confidential information.
• Extensive experience in data protection and knowledge of relevant legislation including the UK GDPR, EU GDPR, DPA 2018 and PECR.
• A self-starter with proven ability to work to a high standard, with minimal supervision when attending meetings and with an eye for detail, overseeing multiple projects and a range of complex and varied data protection related issues simultaneously.
• Ability to identify any compliance gaps and problems, undertake analysis, challenge poor practices diplomatically and make effective recommendations through pragmatic solutions.
• Experience developing effective data protection training skills and excellent written and oral communication skills.
• Ability to quickly establish personal credibility and to develop and maintain effective stakeholder’s relationships, including working with people with differing perspectives and agendas.
• High degree of IT literacy, with excellent experience of using Microsoft Office (Word, Excel, Outlook, PowerPoint). Excellent document and formatting skills for reporting.
• Knowledge and understanding of equality and diversity and what this means in relation to this post and the ability to incorporate this into all aspects of work.
• Good knowledge of best practices in information security and new technology practices.
• Ability to manage workload independently and autonomously when required by the DPO.

Desirable skills

• Specialist knowledge in a relevant area e.g. data security, individual rights requests and data breaches.
• Experience of audit and risk assurance as it relates to data protection.
• Experience working in a law firm or professional services organisation or regulatory organisation.
• Preferably some understanding of the US, European and Asian data protection regimes as it relates to regulated firms or bodies and international data transfers.

Your Team

TLT is known for the way we set new expectations and push the boundaries, but this can never compromise our firm, reputation or clients. The Risk team are there to make sure we are compliant with all our obligations in areas such as Data Protection, SRA and FCA regulation as well as protecting our clients and people. The Risk team includes both experienced lawyers and technical specialists who address an extensive range of regulatory and ethical requirements, thinking both commercially and practically to make sure we remain compliant and true to our values.

The Data Protection team is a part of the Risk and Compliance function, the SDPA will work in a small team responsible for ensuring regulatory compliance and embedding a culture of learning and continuous improvement so that TLT can demonstrate the highest possible standards to our clients, regulators, and other key stakeholders.

About TLT

Fast paced, fast growing and forward thinking, TLT is the law firm that helps clients stay one step ahead, and we do the same for our people.

We work with high profile clients in innovative sectors. With local, national and international reach, we have over 1,200 people in offices across the UK and a network of partner firms across Europe, India and the US. In 2021 we were named The Lawyer’s Law Firm of the Year, recognising our incredible success story.

Our purpose is to protect, prepare and progress our clients for what comes next and it’s essential that we do the same for our people, our planet and our communities too. In our open and collaborative culture, we encourage everyone to be their whole self, to have a voice and to contribute.

Our Benefits

We value our employees highly and we want you to feel valued. You’ll receive a competitive salary with an annual pay review. You will also have access to an extensive range of benefits via our flexible benefits scheme including 25 days holiday (which will increase to 30 days based upon length of service) and private medical insurance.

At TLT we have a progressive fully flexible working approach. We empower our people to work in a place and at a time that meets their needs, those of their clients and of the wider team and firm. Part of this agile approach is a focus on hybrid working and supporting the work/life balance of our people.

TLT is committed to creating a diverse and inclusive working environment and encourages applications from all suitably qualified people, regardless of any of the characteristics protected by the laws in the locations in which we operate.

We welcome applications from people with disabilities and are committed to providing reasonable adjustments, where necessary, to make interviews and jobs more accessible. Should you have any difficulty during the recruitment process, require any reasonable adjustments or an application to Access to work please contact the recruitment team on Recruitment.Operations@TLTsolicitors.com