Job Title: Data Protection Officer
Job Summary: Assist the Compliance function providing input into the privacy strategy and setting/maintaining the privacy policy in line with various regulatory requirements in the territories in which Beazley operates. This role serves to support the process owner for:
all ongoing activities that serve to provide appropriate access to and protect the confidentiality and integrity of customer, employee and business information in compliance with organisation policies and standards.
all ongoing activities that serve to comply with our privacy and data protection obligations and responsibilities set out in organisation policies and driven by the legal and regulatory bodies within the jurisdictions in which we operate.
Key Responsibilities:
Take ownership for data protection and privacy at Beazley, ensuring its smooth and effective functioning, that standards, objectives and accountabilities are clearly defined and communicated, that control systems are in place and all aligned to global strategy.
With a privacy remit, participate in Information Security Governance Committee which reports to the Operation Resilience Committee.
Ensure that the privacy area acts a source of technical expertise, providing expert advice and guidance on privacy, demonstrating sound commercial judgement and a thorough understanding of the business.
Build a strong relationship with internal clients, demonstrating a thorough understanding of their business and how privacy can add value to it. Contribute to the strategic decisions of the business through the introduction and implementation of appropriate systems and processes.
Approval of policies & Privacy Notice, Legitimate Interest Assessments, Data Privacy Impact Assessments, Business Impact Assessments
Incident response activities (including regulator liaison) relating to PII elements of suspected or actual data breaches
Maintaining data protection registrations
Collaborate on group wide issues, in particular, but not limited to compliance with privacy and data protection requirements and i mplementation and further development of privacy and policies, guidelines and processes.
Ensure that regional policies and procedures, if any, reflect the risk appetite and requirements of the group. This shall involve regular review of regional policies (if any) and procedures and the reissuing of these as required.
Assist with status and progress reporting of information privacy issues to management.
Undertake staff awareness of Privacy good practice in line with global standards. As required, provide direct training and oversight to employees, affiliate marketing partners, alliances, or other third parties, ensuring proper information handling in accordance with established global organisational information security policies and procedures.
Initiate, facilitate and promote activities to create Privacy awareness within the offices in line with global standards.
Perform information Privacy risk analysis on initiatives. Ensure that the group’s information security risks are consistently analysed and reported to local management.
Develop and implement a Privacy Incident Reporting and Response process to address any Privacy incidents that might occur. This service should respond to alleged policy violations and complaints from external parties.
In particular work to ensure that projects and products are verified and reviewed using the Beazley Privacy analysis tools as appropriate.
Ensure contracts and service agreements with, but not limited to, third party suppliers, cover holders, program administrators, etc meet information security, data security, privacy and breach notification requirements.
Assist the IT department in the development of all system-related security plans throughout the organisation’s network, and act as a liaison to IT. In particular, advise the IT department on Privacy technologies and related regulatory issues.
Provide input into the maintenance of the group’s Privacy policy and any regional variants are kept up to date and are in line with our responsibilities.
Coordination of any responses to privacy related emergencies and other potentially damaging events.
Monitor statutory and regulatory changes with regard to privacy related laws and regulations within the jurisdictions in which we operate.
Manage and addressing requests received (e.g. GDPR Subject Access Requests or similar rights under privacy rules in other jurisdictions ) in relation to our processing of an individual’s personal information and ensure it is in accordance with our regulatory obligations.
Undertake consent audits to validate consent is being obtained and retained as required.
Undertake records retention audits to ensure the organisation is retaining data as required.
General:
Adopt the Beazley culture of Professionalism, Integrity, Effectiveness and Dynamic attitude that contributes to an internal environment of teamwork and promotes a positive brand image to our external customers.
Comply with Beazley procedures, policies and regulations relevant to your role. Undertake relevant training on Beazley policies and procedures as delivered by your line manager, the Talent Management development or assurance teams (compliance, risk, internal audit) either directly, via e-learning or the learning management system.
Comply with any specific responsibilities necessary for your role as outlined by your line manager, the Talent Management development or assurance teams (compliance, risk, internal audit) and ensure you keep up to date with developments in these areas. This may include, amongst others, Beazley’s underwriting control standards, Beazley’s claims control standards, other Beazley standards and customer relationship management.
Ensure that you uphold the Beazley principle of Treating Customers Fairly.
Carry out additional responsibilities as individually notified, either through your objectives or through the learning management system. These may include, among others, European Strategy Team, US Management team or membership of any Beazley committees.

Personal Specification:
Education and Qualifications
Degree level educated ideally in information systems, or equivalent work experience
Skills and Abilities
Excellent written and oral communications skills.
The ability to prioritise work and deliver results in a pressurised environment, through tactical and strategic planning.
The ability to manage significant client contact, providing expert advice which demonstrates judgement and an understanding of the business.
A demonstrated ability to develop strong relationships with internal clients.
The ability to provide support to more senior roles in developing key client relationships through the design of leading edge technologies.
Self-motivation, with an ability to work with high degree of autonomy and to be results-driven with a flexible approach to working.
The ability to work collaboratively with a broad range of constituencies.
An understanding of the various data management regulatory requirements that Beazley is subject to, in the UK, the US and around the world.
An unblemished career history holding positions requiring trustworthiness and personal integrity.
The ability to communicate technical and security-related concepts to a broad range of technical and non-technical staff and management.
Knowledge and Experience
Proven experience in Privacy and Data Protection
Experience in financial services is highly desirable, but not required.
Experience in the insurance industry is desirable but not required.
Multi-country experience (i.e., beyond UK, and ideally including US) is highly desirable, but not required.
Knowledge of the EU Data Protection Directive, the EU E-Privacy Directive and their national implementation (for example, the UK’s Data Protection Act, France’s LOI INFORMATIQUE ET LIBERTES ACT N°78-17 and Spain’s LOPD) is highly desirable, but not required.
Knowledge of US laws and regulations, such as HIPAA, Gramm-Leach-Bliley Act and US state breach notification laws is highly desirable, but not required.
Knowledge of the Australian Privacy Act and associated Australian Privacy Principles is highly desirable, but not required.
Knowledge of the Singapore, Hong Kong, Dubai and Brazilian data protection and privacy regulations and laws applying to our operations within these jurisdictions is highly desirable, but not required.
Some experience with EU model contractual clauses for international data transfers is highly desirable, but not required.
Aptitude and Disposition
Outcome focused, self-motivated, flexible and enthusiastic.
Professional approach to successfully interact with managers/colleagues/external suppliers.
Competencies
Technical expertise
Conceptual thinking and problem solving
Planning and managing resources effectively
Delivery orientation, initiative and drive
Purposeful communication and capacity to influence others
Team player
Customer focus

This employer is a corporate member of
myGwork – LGBTQ+ professionals, the business community for LGBTQ+ professionals,
students, inclusive employers & anyone who believes in workplace equality.