Data Protection Programme Analyst - Flexible Working Available
he Data Protection Programme Analyst will be a member of Discovery’s global Privacy Office and will focus on supporting the continuing development and implementation of Discovery’s global Data Protection Programme, including compliance with the General Data Protection Regulation (GDPR) and other data protection laws and regulations around the world (“Data Protection Laws”). The role will manage critical operations of the global Data Protection Programme, working closely with both our Vice President and our Director of Data Protection and Privacy, as well as business stakeholders around the globe.
The Data Protection Programme Analyst will be a member of Discovery’s global Privacy Office and will:
- Manage Data Subject Rights Requests received by Discovery’s Privacy Office in accordance with established internal processes, ensuring compliance with regulatory timelines;
- Support the Privacy Office’s global data protection compliance programme by actively helping to establish, analyse and maintain required compliance programmes and processes around the world;
- Audit and routinely monitor Discovery’s large portfolio of D2C and B2B global and European websites and apps to ensure data protection compliance;
- Monitor developments in data protection laws and regulations around the world, including the EU General Data Protection Regulation (GDPR);
- Support creation and maintenance of records of processing, personal data inventories and data mapping across the global business;
- Maintain ICO and other supervisory authority data protection registrations as appropriate;
- Assist the business in carrying out DPIAs and PIAs relating to new business projects which involve processing of personal data;
- Assist with the creation of privacy documentation, notices, templates, playbooks and checklists;
- Assist in data protection-related due diligence of vendors processing personal data on Discovery’s behalf;
- Assist with gathering information to respond to requests from regulators;
- Assist with the implementation of the Privacy Office’s Work Plan to ensure successful delivery of identified data protection compliance milestones;
- Assist the Vice President and Director of Data Protection and Privacy with reporting and providing metrics on Discovery’s global data protection Work Plan to Internal Audit, Senior Vice President, Global Commercial, Digital and Business Operations, and the General Counsel;
- Support the Privacy Office’s training programme, including assisting with the development and delivery of content for privacy training;
- Assist the Vice President and Director of Data Protection and Privacy with providing data protection guidance to business teams across the organization;
- Administer Discovery’s privacy programme management software tool and other tools used by the Privacy Office to manage DPIAs, Records of Processing, Data Subject Rights Requests and other privacy programme compliance processes;
- Act as one of the Privacy Office’s key points of contact for the business;
- Carry out ad hoc administrative tasks for the Privacy Office.
- Excellent project management skills.
- Excellent written and oral communication skills.
- Ability to manage internal and external stakeholder relationships.
- Ability to exercise considerable judgment and discretion in carrying out activities.
- Strong people skills, including the ability to communicate effectively through all levels of the organization.
- Attention to detail, accuracy, and strong organizational skills.
- Capacity to juggle multiple tasks in a fast-paced environment.
- Ability to work collaboratively with team members.
- Ability to work independently as well as in cross-functional groups.
Education and Qualifications:
- Bachelor’s degree in law, business administration, finance, accounting, computer science, information systems or a related area from an accredited college/university with strong academic credentials required.
- Professional qualifications in compliance programme management and/or data protection laws, such as the CIPP/E or CIPP/M certification preferred but not required.
- Working knowledge of GDPR and other global data protection laws and regulations around the world preferred.
- Prior experience with compliance frameworks and methodologies and compliance programme management strongly preferred.
- Good understanding of computer systems, databases and how personal data is stored and transferred preferred.
- Excellent ICT skills with good working knowledge of G-Suite, MS Word, Excel, PowerPoint, Outlook, Box and Smartsheet.
- Ability to speak additional European languages is desirable though not essential.