Data Privacy Manager

Data Privacy Manager

Application Deadline: 20 January 2025

Department: Data Privacy

Employment Type: Permanent - Full Time

Location: Poole - Hybrid

Compensation: £45,000 - £65,000 / year

Description

Diversity matters We are building a brand that represents the people of the world. It’s what you do that counts, and we are always looking to expand perspectives and voices to shape our future. 
We see you, we celebrate you, we want you!
Who we are
You might know us as the inventors of the bath bomb, but there’s more to this great-smelling, partly employee-owned, family-run company than pioneering cosmetics. We believe our business should put more back into the world than it takes and demonstrate that capitalism can be a force for good.

The Living Wage Foundation’s statement 'a hard day's work deserves a fair day's pay' is one that we are proud to commit to in the UK. As an accredited Living Wage employer, we put our people first and fight cruel practices like animal testing, promote regeneration, and show that it is what’s inside that counts - whether that’s an ingredient in a product, or the minerals in a smartphone.

Overview:
With overall responsibility for the team, this role would provide leadership, management, and direction. Your deep understanding of data protection principles and practices combined with strong people management skills would ensure alignment with business objectives and a motivated, dynamic team.
Team:The Data Privacy team is a highly efficient and dedicated team working globally to support the ethical management of data throughout the business. In this role, you'll be leading a team of 6 talented individuals spread across the UK & Ireland, Germany, and Canada. Fostering strong communication and collaboration within this diverse team is essential. It’s important for the team to stay connected, informed and aligned globally to ensure consistent and effective data privacy practices across all regions.

Please note: We may close this vacancy early if we receive an overwhelming response or our business requirements change.

Key Responsibilities

• Review, maintain, and continuously improve the organisation’s data privacy framework
• Conduct regular risk assessments to identify, analyse, and evaluate data privacy risks and processing activities within the organisation
• Oversee the implementation and maintenance of data protection policies, procedures, and guidelines in line with global regulations (e.g., GDPR, PECR, CCPA, etc.)
• Ensure compliance with data subject rights (e.g., access, rectification, erasure, etc.) 
• Provide expert advice and guidance on data protection matters whilst staying up to date with evolving data protection legislations and regulatory guidance
• Work closely with key stakeholders across different departments (e.g., Legal, IT & Security, Health & Safety, Leadership, third party service providers and many more) to integrate data privacy into business processes and engage with leadership on strategic approach of the business’ data protection practices
• Develop and implement remediation plans to address identified risks found in audits 
• Manage data breach response plans and procedures, including investigation and notification requirements
• Liaise with external data protection authorities and legal counsel as required
• Raise awareness of data protection best practices across the organisation and develop training programmes for employees 
• Manage and mentor team members globally, holding regular check-ins, providing guidance and support, fostering development, connectedness and team’s wellbeing
• Delegate and manage the workload of the team, setting clear objectives
• 1:1’s and reviews globally
• When required, oversee the recruitment & onboarding of any new roles joining the team 
• Promote a culture of data privacy and security in the business

Skills, Knowledge and Expertise

• Strong strategic thinker with problem-solving abilities
• Excellent communication and interpersonal skills
• Previous experience managing a team
• Adaptable, able to work in a dynamic, fast-paced environment 
• Knowledge of data protection team functions and requirements
• Knowledge and application of legislation on data protection to the business
• Legal understanding and experience is an advantage 
• Strong organisational skills and project management experience CIPP/E, CIPP/M or similar data protection qualification is desirable

Benefits

• 25 days holiday plus bank holidays
• *6 months’ full pay for parental leave (primary caregiver)
• *Enhanced paternity leave
• Bonus scheme
• Day off for weekday birthdays
• Holiday purchase scheme
• 50% discount on Lush products and spa treatments
• Cycle to work scheme
• Discounted rail and bus season tickets 
• Employee assistance programme
• *Financial childcare support on return to work
• We’re 10% Employee Owned - all colleagues play a role in protecting our ethics, our independence, contributing ideas for the future and share in the rewards of success when the company is doing well.
• Support groups, film nights, yoga, meditation sessions and much more