This website uses cookies to ensure you get the best experience. Learn more

Data Protection Officer, UKI Privacy Lead

Within the professional services environment, the application of risk management procedures is fundamental to the successful delivery of our client services and promotion of our brand.  Risk management encompasses the technical support and processes which underpin the delivery of service quality, contain the threat of litigation, limit damage to our reputation and seek to achieve full fee recovery.  This role is a key component of that aim ensuring we comply with privacy law.

The Central Risk Management team is responsible for supporting the UK firm in the execution of and compliance with Global, Regional and local risk management policies and procedures, including financial crime, data protection and the development, maintenance, communication and training of key RM policies, providing advice on complex risk matters and monitoring the application of these policies.  The team consists of a Risk Partner, a Financial Crime Director, a Risk Director, Data Protection Officer and supporting managers and associates.

With the implementation of the European General Data Protection Regulation (and its implementation into UK legislation via the UK Data Protection Act 2018), data protection is an area of increased risk for the firm.  The law has been modernised and strengthened and the penalties have increased and, as a result, the central DP team is looking to build up its compliance function.  The imminent departure of the UK from the European Union also has data protection implications for the firm.


The Opportunity


There is an opening in the team for a Data Protection Officer and UKI Regional Privacy Lead.  This role includes leadership and oversight of the UK firm’s Data Protection Team: seven members in the UK and an additional two members in our Global Delivery Services Team in India.


The main purpose of the role is to fulfil the statutory functions of the Data Protection Officer and to ensure the firm’s compliance with applicable privacy legislation, currently the EU General Data Protection Regulation; the Data Protection Act 2018; and the UK Privacy and Electronic Communications Regulations.  The role will involve interaction with employees of the UK firm, employees of the EY global network, third party service providers and the Information Commissioner ensuring that the firm’s ongoing requirement for Data Protection compliance is understood and satisfied.  


Key Responsibilities

Acting as the focal point for all aspects of the firm’s compliance with the Act and related legislation, specific activities include:

  • Informing and advising the firm with respect to its obligations under data protection law, as they impact the firm’s activities in general and/or specific functions across all service lines and business units;

  • Monitoring the firm’s compliance with data protection law and the EY Global Privacy Framework (notably EY’s Binding Corporate Rules), including the assignment of responsibilities, awareness-raising and training of our staff, and conducting and/or arranging for internal audits as appropriate;

  • Overseeing the firm’s Data Protection Impact Assessment process for the UKI and, when required under Article 35 GDPR, advising on high risk DPIAs;

  • Working and cooperating with our supervisory authority, the Information Commissioner and serving as the contact point for the ICO on issues relating to the processing of personal data;

  • Ensuring that requests from data subjects are dealt with promptly and in compliance with data protection law and being available to respond to inquiries from data subjects on issues relating to data protection practices and data subjects’ rights;

  • Responsibility for managing the firm’s data incident process, associated risk assessments and advising the business on an appropriate course of action, including assessing whether the data breach must be notified to the ICO and/or data subjects;

  • Keeping up to date the firm’s record of processing, as required by Article 30 of the GDPR;

  • Providing an annual report and compliance return for local and regional leadership respectively;

  • Liaising with Legal Counsel to ensure contracts with clients and third parties protect the firm;

  • Responding to all privacy/confidentiality matters related to the EY privacy framework asked by external regulators, auditors and clients;

  • Maintaining the general data protection web-based training programme within the firm and delivering other ad hoc awareness and in-depth training as necessary.

  • Ensuring that the firm’s notifications to the Information Commissioner are maintained and up to date and accurate.

  • Supporting the sharing of knowledge and best practice across the UKI region

  • Contribution and / or leadership of other relevant data protection projects.

Skills and attributes for success

  • Extensive knowledge and experience of relevant data protection legislation, to a leadership level.

  • Strong team player and proven ability to lead and manage a team.

  • You will have good personal communication skills capable of dealing with wide range of staff, including senior personnel.

  • The ability to remain calm, controlled and resilient.

  • Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels.

  • Ability to solve problems creatively and effectively.

  • Ability to plan, organise and prioritise tasks and projects.

  • Negotiation and influencing skills.

  • Enthusiastic and positive.

  • Ability to take responsibility.  

To qualify for the role you must have 

  • CIPP/E, ISEB Certificate or equivalent industry-recognised data protection qualification

  • At least 10 years previous experience of quality, risk management and compliance processes, with strong data protection expertise 

Ideally, you’ll also have 

  • CIPM Qualification
  • Experience of working in a financial or professional services environment. 

What we look for

You will be an experienced Data Protection Officer with multiple years’ experience of its application in a sophisticated business environment.
What working at EY offers
We offer a competitive remuneration package where you’ll be rewarded for your individual and team performance. Our comprehensive Total Rewards package includes support for flexible working and career development, and with FlexEY you can select benefits that suit your needs, covering holidays, health and well-being, insurance, savings and a wide range of discounts, offers and promotions. Plus, we offer: 
  • Support, coaching and feedback from some of the most engaging colleagues around
  • Opportunities to develop new skills and progress your career
  • The freedom and flexibility to handle your role in a way that’s right for you
EY is committed to being an inclusive employer and we are happy to consider flexible working arrangements. We strive to achieve the right balance for our people, enabling us to deliver excellent client service whilst allowing you to build your career without sacrificing your personal priorities. While our client-facing professionals can be required to travel regularly, and at times be based at client sites, our flexible working arrangements can help you to achieve a lifestyle balance.
About EY
As a global leader in assurance, tax, transaction and advisory services, we’re using the finance products, expertise and systems we’ve developed to build a better working world. That starts with a culture that believes in giving you the training, opportunities and creative freedom to make things better. Whenever you join, however long you stay, the exceptional EY experience lasts a lifetime.
Please note
Prior to finalizing your application, you will be asked to provide personal information across several dimensions of diversity and inclusiveness. The information you provide is kept entirely confidential and will not be used to evaluate your candidacy. We collect this data to help us analyse our recruitment process holistically and implement actions that promote diversity and inclusiveness. While optional, we encourage you to provide this information to hold us accountable towards our goal of building a better working world. Read more about our commitment to diversity & inclusiveness here. We ask because it matters!
If you can confidently demonstrate that you meet the criteria above, please contact us as soon as possible.
Join us in building a better working world. 
Apply now.

Apply Now

Share this