Data Protection and Privacy Officer - Part Time
At Xanadu, we provide services to the online sports
betting industry. We currently have an opportunity within our Legal and
Compliance team for the right candidate to take responsibility for the
development and implementation of all things GDPR.
Matchbook has more in common with the New York Stock Exchange than with a bookmaker. It operates at scale. Its API processes over 500 million API requests per day and it manages billions of dollars’ worth of transactions. To put some of this in perspective, it processes more transactions each day than Amazon.com does on Black Friday. At Matchbook you’ll work at a scale which you’ll rarely find anywhere else.
While supporting Matchbook, we produce vast amounts of
data from multiple data sources and clients every day in a highly transactional
and dynamic environment. We are looking for an experienced data protection
professional to head up our efforts to ensure compliance with GDPR.
What will I
be doing?
=Monitoring
and recording GDPR compliance - including collecting information to identify
processing activities, analysing/checking the compliance of processing
activities and informing, advising and issuing appropriate recommendations;
=Advising across the business on all types
of data protection issues -, informing individuals of their obligations under
GDPR, giving detailed guidance on matters of compliance, informing all relevant
decision makers of developments relating to data protection and advising on the
risk elements of new and existing operations;
=Educating and training the organisation
and employees at all levels - including in respect of data protection
principles, processes and procedures for GDPR compliance and avoiding and
dealing with data breaches;
=Cooperating with the Data Protection
Commissioner of Guernsey and ICO (and Gambling Commission) and being a key
contact - including responding to complaints submitted to the ICO and, if
required, data breach notification;
=Advising on and monitoring performance of
Data Protection Impact Assessments (DPIA) - including a description of the
processing activity and its purpose, outlining any risks and measure taken in
response and advising on the methodology of the DPIA;
=Responding to individuals whose data is
being or has been processed - including dealing with subject access requests,
executing the right to be forgotten, and considering the restrictions on
processing;
=Full involvement in all future data
processing (privacy by design);
Other duties may include:
=Data
audits, writing and updating policies and procedures, and organising,
monitoring and reviewing record keeping.
What are we looking for?
=Experience
in a similar role is really important. This is a leadership role in our
business, so you have to demonstrate your leadership experience in Data Protection/Privacy.
=3-5 years of previous experience of data
privacy/data protection policy implementation as well as experience of
assessing and monitoring adherence to said policies and principles
=IT Security/Information security
background
=An understanding of European and
international data protection law;
=An in-depth knowledge of the GDPR;
=Ideally the CIPP/E and/or CIPM
qualification(s) from the International Association of Privacy Professionals,
and
=An ability to quickly develop a full understanding of Xanadu’s information systems and its data security and data protection needs.
=Be business focused and practical
=Commercial facing