Group Privacy Compliance Director

Job title:

Group Privacy Compliance Director

Company

Jaguar Land Rover

Job description

POSITION: Group Privacy Compliance DirectorPOSTING END DATE: 05/08/2024LOCATION: Gaydon, Warwickshire (UK)SALARY: CompetitiveJLR is a House of Brands. Range Rover. Defender. Discovery. Jaguar. Truly distinct, global brands that embrace our modernist design philosophy and are emotionally compelling and unique. JLR’s Reimagine strategy – to realise our vision to be proud creators of the most desirable, modern luxury brands, for the most discerning of clients – is delivering a sustainability-rich vision of modern luxury by design and we are transforming our business to become carbon net zero across our supply chain, products, and operations by 2039.WHAT TO EXPECTThe Group Privacy Compliance Director leads the development and implementation of JLR’s Group Privacy Compliance programme globally, providing strategic and tactical advice on personal data protection compliance matters.The role is responsible for: leading the Data Protection team and its extended network; developing data protection compliance standards across the JLR Group; implementing privacy policies and risk assessment frameworks; overseeing the response to personal data breach incidents; and delivering Privacy thought leadership supporting data strategy / digitalisation projects (including use of AI technologies) and data Privacy best practice.The role includes being the UK Data Protection Officer (UK DPO) for JLR Limited, as expected under General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA2018). The role of the UK DPO will be formally notified to and registered with the UK Information Commissioner’s Office.The UK DPO role is directly responsible for all contact with regulatory authorities in case of breaches, complaints and investigations and involves direct reporting to the JLR Limited Board of Directors on a periodic basis.THE ROLEKey ResponsibilitiesLEAD JLR’S GROUP PERSONAL DATA PROTECTION STRATEGY AND GOVERNANCE

• Lead the development and implementation of JLR’s Group Privacy Compliance programme, and the development and maintenance of JLR’s Corporate Policies, Procedures and Guidelines on use of personal information.
• Lead the Data Protection Compliance Steering Group to promote compliance programme engagement across JLR.
• Oversee development and implementation of privacy risk assessment frameworks: driving completion of privacy impact assessments (PIAs) on relevant data processing systems, developing and optimising Privacy by Design and Privacy by Default frameworks.
• Inform and advise JLR UK and employees who carry out personal data processing activities of their obligations pursuant to the GDPR/DPA2018 and any associated privacy related requirements (UK DPO Role).
• Drive JLR’s maintenance of appropriate data flows and data protection registers of all systems, databases and repositories that process personal data, including those operated on JLRs behalf by third parties.
• Key member of the JLR Data Council and the JLR Data Ethics and AI Working Group.

OVERSEE THE DEPLOYMENT OF PRIVACY COMPLIANCE PROGRAMME INITIATIVES

• Oversee JLR’s global privacy and data protection training and awareness programmes.
• Oversee the implementation of controls and monitoring processes to identify, manage and mitigate data protection and privacy risk across JLR and coordinate with internal assurance functions for compliance monitoring.
• Work with the Information & Digital Technology and Procurement teams on procedures and controls for due diligence, contractual engagement and auditing of suppliers processing personal information on behalf of JLR.
• Drive cross-border data transfers compliance and drive a programmatic approach to address local market privacy requirements.
• Provide appropriate guidance, education, training, and regular communications on privacy compliance to relevant employees.

LEAD RELATIONS WITH REGULATORS AND OVERSEE PERSONAL DATA INCIDENTS AND INDIVIDUAL COMPLAINTS

• First point of contact for all interactions with privacy regulators.
• Oversee Privacy regulatory investigations and help resolve complaints from the public and staff.
• Supervise the Data Protection team’s management of privacy-related questions, complaints, individual rights (e.g. Data Subject Rights Requests) and incidents.
• Manage notifications to the regulator and affected individuals in case of data breach and oversee the JLR data protection breach response plan.
• Oversee annual regulatory filings and annual review of JLR and its associated companies’ personal data processing activities with relevant data protection regulators.
• Maintain an internal register of personal data processing projects and systems.

THOUGHT LEADERSHIP ON PRIVACY COMPLIANCE AND DATA BEST PRACTICE

• Represent JLR at industry groups focusing on data usage and data privacy matters.
• Build external privacy networks and providing global privacy thought leadership on industry privacy matters and monitor legislative developments.
• Stimulate and contribute to innovative approaches to data privacy, consistent with local law, company policy and strategic objectives.

Key Performance Indicators

• Timely deployment of ‘JLR tailored’ framework of data privacy policies and guidelines.
• Managing privacy compliance budget.
• Demonstrable implementation of Privacy by Design and Default processes across JLR.
• Reportable metrics on data complaints, access requests and regulatory complaints.
• Delivery of Privacy Compliance training and awareness plan.
• Feedback on data privacy compliance communications and awareness initiatives.
• Establish strong relationships with leadership and senior management.
• Timely reporting to JLR Boards and oversight committees.

Key Interactions

• Leaders of Enterprise Chapters and Value Creation Streams and JLR’s overseas entities.
• Data protection authorities and privacy regulators.
• Privacy liaisons, National Sales Company compliance officers and privacy leads/champions.
• Customer complaints management and escalation process.
• Industry peers in other OEMs.

WHAT YOU’LL NEEDEssential Knowledge, Skills and Experience

• Strong impact, collaborative and engaging, with excellent interpersonal and influencing skills.
• Proven ability to engage effectively with Board level stakeholders and partnering with the business to get to the right outcomes.
• Extensive post qualification experience as a solicitor / data protection specialist with thorough knowledge of UK and EU data protection legislation. Sound knowledge of cross-border privacy laws and regulations (including GDPR) and related legal frameworks (PECR, FOIA, employment law, etc.).
• Experience of operationalising privacy compliance: to include privacy practices such as impact assessments, handling data subjects’ requests, employee monitoring, vendor contracts and breach management.
• Experience of advising on privacy compliance for major data and cyber security incidents.

Desirable Knowledge, Skills and Experience

• International Association of Privacy Professionals ‘IAPP’ (CIPM/CIPP) qualified.
• Good technical understanding of IT security and information security standards.
• Keen interest and experience in digitalisation and Artificial Intelligence initiatives.
• Experience in leading change management.

Personal Profile

• Demonstrates our Creators’ Code behaviours of Customer Love, Unity, Integrity, Growth and Impact.
• Pragmatic, striking the right balance between business objectives / data innovation and risk-based compliance.
• Strong leadership and negotiation skills.
• Integrity and independence to manage potential conflicts of interest.
• Strong communication, presentation and training delivery skills (must have the ability to convey complex legal concepts into simple operational requirements).
• Ability to operate in and understand different cultural/compliance environments.

#WEAREJLRAt JLR, we are passionate about our people. They are at the heart of our business. We are committed to fostering a diverse, inclusive culture that is representative of our global customers and the society in which we live; a culture in which every one of our employees can bring their authentic self to work and reach their full potential.You will find the opportunities to further your career with a world-class team, access to select two of our luxury premium vehicles to lease at an extremely favourable cost compared to traditional company car lease schemes, membership of a competitive pension plan, private medical cover (which includes travel insurance) and performance related bonus scheme. All this and more makes JLR the perfect place to continue your journey.This role may offer the opportunity for hybrid working where you can split your time between working from home and in the office. At JLR, hybrid working is a voluntary, non-contractual arrangement providing employees with more choice and flexibility around how, when and where they work, if suitable for their role. Further details can be discussed with the Hiring Manager at interview stage.Please be aware that we may close this vacancy for applications before the stated deadline if we receive a high volume of interest. We strongly advise you to submit your application as early as possible.#WEAREJLRAt JLR we are passionate about our people. They are at the heart of our business. We are committed to fostering a diverse, inclusive culture that is representative of our global customers and the society in which we live; a culture in which every one of our employees can bring their authentic self to work, and reach their full potential.OUR RECRUITMENT PROCESSFind out what to expect at each stage of the process along with some hints and tips.INSIDE JLRFind out more about working here in our JLR Life Blog:WHAT WE OFFERWe look after our employees by offering a host of benefits and investing in their talent through award-winning training

Expected salary

Location

Gaydon, Warwickshire

Job date

Sat, 27 Jul 2024 00:55:19 GMT

To help us track our recruitment effort, please indicate in your email/cover letter where (hiring-jobs.com) you saw this job posting.