UK Data Protection Officer

General Job description and person specification Job Title: UK Data Protection Officer Division: 2nd Line: Compliance Reports To: Head of UK Compliance & Regulatory Affairs Key Relationships: Head of UK Compliance & Regulatory Affairs; Heads of Compliance for the EU and North America and their teams, SMF16 for the BIdac UK branch, Regional DPOs and their teams; Group CRO and his SLT; Group COO and his functions: Group CISO, Head of IT, Head of Data Management, Commercial Management; People & Culture (Talent and HR Operations), Claims Operations, Underwriting: CUOs and Heads of product lines; External suppliers and retainers

Key Committees & Groups: Group Data Privacy Sub- Committee (member); Information Security Committee, AI Governance and Controls Committee; Data Retention Steering Group; Underwriting Data Working Group & TriFocus Review Group

SMCR: This role is certified in the UK under the SM&CR

Job Summary: Through the effective day-to-day management of the UK Data Protection team, and collaborative engagement with other regional DPOs and their teams (or DPO equivalents): Enable the UK Compliance function to manage data protection risk and regulatory compliance with applicable data privacy and data protection laws and regulation across the UK entities’ global licensed footprint including through effective Horizon Scanning and Training

Ensure all UK entity, and any applicable global, controls for DP are fit for purpose and adhered to

Contribute to, and enable the embedding of, a global DP framework to include all relevant Data Protection/Privacy policies, notices, systems, processes and controls

Support the effective and consistent management of cross-border data protection activities in collaboration with the regional DPOs, including through the Group sub-committee for Data Protection

Contribute to the development and delivery of high-quality reporting including through the use of relevant KPIs and KRIs across all relevant formal committees and forums internally, either as stand-alone DP papers or as part of the broader UK Compliance agenda and reporting

Key Responsibilities: Ensure that the UK entities’ legal and regulatory obligations for data privacy and protection across their licensed footprint are mapped to a comprehensive set of activities, processes and controls to enable compliance

Ensure that the global Horizon Scanning framework is embedded in the UK DP team’s BAU with appropriate contributions to formal UK Compliance reporting including to the Change Committee

Manage the UK DP team, tracking and monitoring the effectiveness of delivery against key activities, in line with internal SLAs, to ensure regulatory compliance (e.g

DPIAs/ ROPAs/ Policy, Notices and Marketing reviews/ Legitimate Interest Assessments/ Business Impact Assessments/Training/ Advisory requests/ relevant registrations) Keep workloads and resource needs under close observation and proactively identify problems or inhibitors and escalate where appropriate for resolution

Identify development opportunities for direct reports and support the team pastorally

Engage closely with internal stakeholders in Infosec, IT and co-sourcing relationships in Claims to support the effective and efficient delivery of DSARs, e-discovery requests, and subpoenaed information as required

Oversee any externally outsourced DP provision for the UK entities in jurisdictions where they operate, working with regional DPOs as required where resources are shared

Where appropriate and within your expertise, provide advice and guidance on technical DP matters including DP contract clauses where the contract is governed by English law

Ensure contracts and service agreements with, but not limited to, third party suppliers, cover holders, program administrators, etc meet information security, data security, privacy and breach notification requirements

Retain external advisors when needed to ensure appropriate levels of specialism are enlisted when required

Keep the UK Head of Compliance advised of accrued expenses

Ensure UK DP-owned actions arising from all applicable audit, assurance and testing activities are completed on time

Maintain a Privacy Incident Reporting and Response process to address any Privacy incidents that might occur in the UK or impacting UK data

This service should respond to alleged policy violations and complaints from external parties

Proactively escalate data breaches to the Boards of the relevant UK entity through the applicable Chair of the Risk Committee, ensuring it reaches the highest level of authority for the entity, while keeping the relevant CRO and Head of Compliance informed for potential notification to the UK regulators

Lead on required notifications to the ICO where required and participate in any relevant incident response activity and lessons learned

Work closely with Heads of Compliance, regional DPOs and their teams, European branch regulatory counsel, as well as other internal stakeholders, to create a global DP strategy and operating model, ensuring that global or cross-border activity is coordinated and our response to legal and regulatory requirements is consistent and clearly understood across the business

In collaboration with regional DPOs as required, perform information privacy risk analysis on cross-border and UK initiatives

Assist the IT department as required in the development of all system-related security plans throughout the organisation's network

Undertake consent audits to validate consent is being obtained and retained as required under UK laws

In collaboration with regional DPOs undertake records retention audits to ensure the organisation is retaining data as required

Attend and contribute to formal committees, working groups and steering committees as required

Oversee the production of insightful and thorough reporting on matters pertaining to the UK entities and their global footprint as part of standalone DP engagement with committees or the broader Compliance papers

General: Adopt the Beazley culture of Professionalism, Integrity, Effectiveness and Dynamic attitude that contributes to an internal environment of teamwork and promotes a positive brand image to our external customers

Comply with Beazley procedures, policies and regulations relevant to your role

Undertake relevant training on Beazley policies and procedures as required by your line manager, the Talent Management development or assurance teams (compliance, risk, internal audit) either directly, via e-learning or the learning management system

Comply with any specific responsibilities necessary for your role as outlined by your line manager, the Talent Management development or assurance teams (compliance, risk, internal audit) and ensure you keep up to date with developments in these areas

This may include, amongst others, Beazley’s underwriting control standards, Beazley’s claims control standards, other Beazley standards and customer relationship management

Ensure that you uphold the Beazley principle of Treating Customers Fairly and Acting to Deliver Good Outcomes

Carry out additional responsibilities as individually notified, either through your objectives or through the learning management system

Person Specification: Essential Criteria Proven experience in Privacy and Data Protection

Previous DPO experience

Degree level educated Education and Qualifications/ Experience Knowledge of information systems desirable Skills and Abilities Excellent written and oral communications skills

The ability to prioritise work and deliver results in a pressurised environment, through tactical and strategic planning

The ability to manage significant client contact, providing expert advice which demonstrates judgement and an understanding of the business

A demonstrated ability to develop strong relationships with internal clients

The ability to provide support to more senior roles in developing key client relationships through the design of leading-edge technologies

Self-motivated, with an ability to work with high degree of autonomy and to be results-driven with a flexible approach to working

The ability to work collaboratively with a broad range of constituencies

A thorough understanding of UK Data Protection laws and regulations

An unblemished career history holding positions requiring trustworthiness and personal integrity

The ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff and management

Knowledge and Experience Experience in financial services is highly desirable, but not required

Experience in the insurance industry is desirable but not required

Multi-country experience (i.e., beyond UK, and ideally including APac) is highly desirable, but not required

Experience with model contractual clauses for international data transfers is highly desirable, but not required

Aptitude and Disposition Outcome focused, self-motivated, flexible and enthusiastic

Professional approach to successfully interact with managers/colleagues/external suppliers

Competencies Technical expertise Conceptual thinking and problem solving Planning and managing resources effectively Delivery orientation, initiative and drive Purposeful communication and capacity to influence others Team player Customer focus