Ref
18628
Brand
Department
Corporate functions
Location
Gibraltar
Employment type
Full-time
Salary
Competitive
Closing date
03/05/2024
Description

Purpose of the role:

As a Data Protection Officer in the dynamic and fast-paced online gambling industry, you will play a crucial role in ensuring our company's compliance with data protection laws and regulations. You will be responsible for ensuring that all personal data processed by the company is conducted in accordance with GDPR (and other data protection laws where the Company may have a presence). You will further develop and implement data protection strategies, operational processes and serve as the point of contact for data subjects and regulatory bodies.

You’ll also be tasked with assessing the effectiveness of existing privacy and data protection controls and advising the business on all privacy related matters.

The role will involve closely liaising with stakeholders across the group to assess, maintain and improve training, systems, processes, procedures and policies.

Building a strong working relationship with the regulatory bodies and communicating directly as needed.

You will be the designated ‘Data Protection Officer’ pursuant to article 37 of the GDPR for BV Group.

Key Responsibilities

Compliance Oversight:

  • Ensure compliance with GDPR and other relevant data protection regulations.
  • Monitor changes in laws and regulations and update data protection practices accordingly.
  • Conduct regular assessments and audits to ensure data protection policies are being followed.
  • Review Data Protection requirements for new market entry.
  • Ensure Data Protection risks are captured and maintained on the company risk registers and ensure suitable Data Protection Impact Assessments are created and controls are implemented.
  • Prepare senior management team and Executive updates on data protection relevant data protection matters and regulatory changes.
  • Manage the Data Protection Team’s preparation of group wide personal data mapping.
  • Review and advise on Data Processing Agreements, Data Sharing Agreements, in coordination with Legal and Information Security teams.

Policy Development and Implementation:

  • Develop, implement, and maintain comprehensive data protection policies and procedures.
  • Provide guidance on data protection impact assessments and monitor their performance.
  • Collaborate with IT department to ensure alignment of data security measures with data protection regulations.

Training and Awareness:

  • Develop and deliver training sessions to staff on data protection laws, regulations, and company policies.
  • Raise awareness and provide updates on data protection matters within the organization.

Data Subject Rights:

  • Serve as the first point of contact for individuals whose data the company processes (data subjects).
  • Manage and respond to requests from data subjects (e.g., access requests, deletion requests).
  • Periodically review and where update (as needed) all customer facing privacy notices and internal policy documents to meet the highest standards.
  • Conduct Data Protection Impact Assessments, in collaboration with the relevant internal stakeholders.

Incident Management and Reporting:

  • Lead the response to any data protection incidents, including data breaches.
  • Notify and liaise with regulatory authorities and data subjects as required.
  • Manage privacy team capacity to ensure regulatory deadlines are always adhered to.

Stakeholder Engagement:

  • Work closely with various internal stakeholders, including legal, compliance, and IT teams.
  • Liaise with external parties, such as regulatory bodies and data protection authorities.
  • Liaise directly with regulator as required from time to time.
  • Prepare the business for any regulatory changes or updates in advance of them becoming a legal requirement.

Person Specification, Skills, Experience and Qualifications

Qualifications

  • Ideally hold a bachelor’s degree in law, Information Technology, Cybersecurity, or related field.
  • Professional certification in data protection or privacy (e.g., CIPP/E, CIPM, CIPT) is highly desirable.
  • Previous experience in data protection, legal compliance, or a related field.
  • Experience in the online gambling industry is a significant advantage.
  • Familiarity with distributed information systems, IT processes and data security.
  • Excellent organisational and project management skills.
  • Effective communication skills, both written and verbal.
  • Ability to handle confidential information with discretion.
  • Expertise in managing workload and tasks using tools like Notion, Asana, or the Atlassian suite.