0% found this document useful (0 votes)
3 views4 pages

Data Protection Analyst

The document outlines the role profile for a Data Protection Analyst at Changing Lives, focusing on compliance with UK GDPR and the Data Protection Act 2018. Key responsibilities include managing Subject Access Requests, data breach reporting, and supporting GDPR training and awareness. The position requires relevant qualifications, experience in data protection, strong administrative skills, and a commitment to equality and diversity.

Uploaded by

k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
3 views4 pages

Data Protection Analyst

The document outlines the role profile for a Data Protection Analyst at Changing Lives, focusing on compliance with UK GDPR and the Data Protection Act 2018. Key responsibilities include managing Subject Access Requests, data breach reporting, and supporting GDPR training and awareness. The position requires relevant qualifications, experience in data protection, strong administrative skills, and a commitment to equality and diversity.

Uploaded by

k
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

ROLE PROFILE

MISSION STATEMENT

Changing Lives aims to be an outstanding organisation which supports vulnerable people


and families to make positive and lasting changes towards a fulfilling life.

Job Title Data Protection Analyst


Project Quality
Band / Tier / Level 7.3–6.1
Reporting to Quality Lead
Direct Reports 0
Location Agile working available
Salary Band £28,875–£30,150 (Pro rata)
FTE / Working Hours 0.6 FTE (22hours)

Overall Role Purpose

To support the organisation’s compliance with the UK GDPR and Data Protection Act 2018 by
handling operational and administrative data protection tasks including SARs, DPIAs, data
breach logs, and training coordination, also supporting the DPO in proactive risk
identification, policy development, audit preparation, and reporting. This role is key in
reducing our dependency on external consultants for routine matters, while maintaining high
standards of privacy and data governance.

Key Activities
1. Subject Access Requests (SARs) & Data Rights

 Receive and log SARs and other data rights requests (e.g., rectification, erasure,
objection).
 Coordinate with internal teams to gather data and ensure timely, accurate responses.
 Use redaction tools and apply exemptions under guidance from the DPO or
consultant.

2. Breach Reporting & Risk Management

 Maintain the data breach log and monitor for trends or risks.
 Assist with breach investigations, gathering information and escalating to the DPO
when required.
 Coordinate follow-up actions and support notification to ICO (if required).

3. Data Processing & DPIAs

 Support colleagues in completing and maintaining Data Protection Impact


Assessments (DPIAs).
ROLE PROFILE
 Help ensure that processing activities are documented and reviewed appropriately.

4. Vendor & Contract Management

 Maintain a register of data processors (third parties).


 Assist in reviewing and logging data sharing agreements, data processing clauses, and
due diligence.

5. GDPR Training & Awareness

 Monitor staff training completion rates and send reminders.


 Support delivery of GDPR induction content and keep learning materials up to date.

6. Records & Retention

 Maintain the Records of Processing Activities (RoPA).


 Monitor compliance with data retention policies and coordinate cleansing activities
where needed.

7. General GDPR Coordination

 Be the first point of contact for internal GDPR queries.


 Maintain the GDPR inbox and escalate complex issues to the DPO/consultant as
needed.
 Support periodic audits, reporting and updates to internal policies, notices, and risk
registers.

8. Web and Communications Compliance

 Coordinate reviews of cookie banners, website privacy notices, and online data
capture forms.

9. Proactive Risk and Policy Support

 Monitor regulatory updates and flag potential impacts on internal policies


 Assist the DPO in identifying and mitigating emerging data protection risks
 Contribute to drafting and reviewing of internal data protection policies and guidance

10. Audit and Reporting Support

 Support internal and external audit preparation, including evidence gathering and
follow-up actions
 Maintain dashboards or reports on key data protection metrics (e.g., SARs, Breaches,
ROLE PROFILE
Training)
 Provides regular updates to the DPO and Quality lead.
ROLE PROFILE
PERSON SPECIFICATION
CRITERIA EVIDENCED
QUALIFICATIONS Required Desirable Application Interview
 CIPP/E (Certified Information Privacy X
Professional – Europe)
 CIPM (Certified Information Privacy X
Manager).

EXPERIENCE Required Desirable Application Interview


 Working knowledge of UK GDPR and Data X
Protection Act 2018
 Experience handling SARs or data breaches x
 Experience in a regulated or safeguarding- x
sensitive environment
 ICO e-learning or GDPR Foundation x
certificate (or willingness to complete)
 Familiarity with GDPR platforms like x
GDPR365, Microsoft Compliance Centre, or
redaction software
SKILLS, KNOWLEDGE & PERSONAL Required Desirable Application Interview
ATTRIBUTES
 Strong administrative and coordination x
skills
x
 Excellent attention to detail and ability to
manage sensitive/confidential data
 Confident communicator across all levels, x
both written and verbal
 Ability to work independently and escalate x
issues appropriately
 Proficient in Microsoft 365, especially Excel, x
Word, and Outlook

OTHER Required Desirable Application Interview


 Commitment to ongoing personal, and X X
professional development
 Willingness to travel and work outside of X X
normal hours as required
x
 Committed to equality and diversity

You might also like