Role Profile
Page 1 of 2
Key responsibilities and accountabilities • Develop, monitor and maintain policies and standards applicable to the business and in compliance
with the DPA 2018 and relevant national legislation. • Work with internal stakeholders in the review of projects and related data to ensure compliance with
data privacy laws, conducting, advising on and monitoring data protection privacy impact assessments. • Serving as the primary point of contact for data protection related matters under the DPA 2018, , GDPR
compliance, escalating matters and risks to the DPO where appropriate. • Reviewing vendor contracts (including EU model clauses) needed to implement projects in partnership
with the firm’s Compliance and IT functions. • Managing and conducting ongoing reviews of Blue’s privacy governance framework and reporting on
data privacy compliance within the organisation. • Implement measures to manage data use in compliance with the DPA 2018, including developing
templates for data collection, assisting with data mapping, and vendor management reviews. • Management and oversight of Data Rights Requests and complaints within 1LOD • Responsible for data breach and security incident Management, ensuring escalation to the DPO where
appropriate • Monitoring changes to Data Protection laws and making recommendations to the DPO and Board or a
relevant committee when appropriate. • Develop and deliver privacy training to various business functions and collaborate with the IT function to
raise employee awareness of data privacy and security issues. • Ensuring that the business’ data assets and processes are up to date, effective and operational, including
data registers, LIA’s, privacy notices and key policies and procedures. • Assist the DPO in fostering and promoting a culture of data privacy across the business, developing
strategies and initiatives to ensure engagement with key internal and external stakeholders. • Coordinate, conduct and monitor data privacy audits and assurance reviews • Collaborate with the IT function to maintain records of all data assets and exports and maintaining a data
security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications.
• Ensuring that Blue’s IT systems and procedures comply with all relevant data privacy and protection law, regulation and policy (including in relation to the retention and destruction of data).
JOB DETAILS POSITION: Data Protection Manager DEPARTMENT: Compliance REPORTS TO: Chief Compliance Officer & DPO DIRECT REPORTS: 0 LOCATION: Sundridge, Kent DATE: April 2025
Data at Blue The Data Protection Function is part of the wider Risk & Compliance department, led by our Chief Compliance Officer. The data function is responsible for the business’ compliance with its regulatory obligations from a data protection perspective. We collaborate closely as one function and work with all other teams across Blue.
Overall purpose of the role The Data Protection Manager (DPM) will ensure Blue meets its obligations under the Data Protection Act 2018 (DPA 2018). Reporting to the Chief Compliance Officer & DPO, the DPM will monitor compliance and data practices internally to ensure that the business and its functions comply with the applicable requirements under the DPA 2018 and relevant national legislation. The DPM will be responsible for advising on, and where required, carrying out staff training, data protection impact assessments and internal audits. The DPM works across all business lines in an advisory role to help Blue maintain perspective on what constitutes “doing the right thing” objectivity, ability to challenge, commerciality and pragmatism to successfully operate across the business.
Role Profile
Page 2 of 2
Compliance and regulation Develop and maintain a full understanding of the Company’s compliance requirements (including the Financial Conduct Authority’s Conduct Rules) and act in accordance with the standards, instructions in, and the spirit of those requirements. Assume responsibility for ensuring that personal data is handled legally and fairly in accordance with the company’s data protections and policies and procedures, and act in a way that compiles with the standards, guidelines and spirit of those requirements. Act to deliver good outcomes for our customers and understand how this requirement specifically applies to your role at Blue. Person specification
• Expert knowledge of Data Protection Law and practices and able to fulfil the tasks in DPA 2018. • Hold at least one data protection and/or privacy certification, such as CIPP, CIPT, CIPM, ISEB, etc. • Minimum of 4 years’ experience within privacy and data protection compliance. • Ideally previously held a Data Protection Manager. • Ability to demonstrate leadership and project management experience. • Familiarity with privacy and security risk assessment and best practices, privacy certifications/seals and
information security standards certifications. • Experience working in an FCA regulated industry (desirable). • Experience in developing policy and compliance training. • Sufficient knowledge of information technology and data management systems required. • Strong change and project management skills, including the ability to manage time well, prioritise
effectively and handle multiple deadlines. • Ability to undertake large, long-term projects, develop alternative methods and implement solutions. • Good team player, flexible and able to work on own initiative. • Strong interpersonal skills, able to establish effective working relationships at all levels. • Appreciates the importance of confidentiality, accuracy and attention to detail. • Resilient, not derailed by a setback and returns to a high level of performance quickly. • Comfortable identifying and raising issues, particularly where driving good outcomes for customers are
concerned.
Additional requirements • This document is neither contractual nor exhaustive and may be amended to meet the needs of the
business. Where possible this will be done in consultation with the job holder • From time to time, and within reason, you may be required to carry out tasks that fall outside of your
position’s remit • From time to time, and within reason, you may be required to work outside of your standard
contracted hours • As part of your on-going development, you may be required to undertake training in order to meet the
requirements of your role. • Due to our remote location and lack of public transport it is suggested that you are a driver and are
able to get to our offices in Sundridge, Sevenoaks.