Data Protection Support Officer

The Data Protection Support Officer will assist the Knowledge & Data Protection Manager and the companies in complying with all relevant data protection obligations as well as providing significant support to the business activities and operations of the Knowledge Information team and the Legal team.

This role will provide an accessible single point of contact for internal GDPR/DPA queries, providing accurate, appropriate, timely and pragmatic information and advice on data protection within the organisation to promote the proper management of personal data. They will maintain relevant documentation to support GDPR/DPA compliance, including keeping suitable registers and updating the company’s legal basis for processing data.

The Data Protection Support Officer will assist the Knowledge & Data Protection Manager in ensuring that the correct systems, support, training and resources are in place to encourage employees to share knowledge across the organisation.

The Data Protection Support Officer will also assist the General Counsel and Data Protection Officer, into whom the Knowledge & Data Protection Manager has a dual reporting line, in relation to matters within the Legal team as and when required including in relation to managing documentation. The individual will be responsible for working in a collegiate way with other functional colleagues and will be expected to have an understanding of the wider company strategic goals and participate as a valued staff member in helping the company achieve those goals in relation to data protection.

The successful person will:

  • Promote a culture of privacy and data compliance and raise awareness within LCCC on all aspects of data management best practices.
  • Act as an accessible single point of contact for internal GDPR/DPA queries.
  • Maintain appropriate documentation to support GDPR/DPA compliance monitoring, including appropriate registers (e.g., risks, incidents), policies, processes, etc.
  • Document, monitor and maintain the legal basis for processing data including maintaining a map of the personal data movement (or Record of Processing Activities) within the organisation and the external processors.
  • Assist in the management of due diligence on potential providers, in particular the supervision of the LCCC ‘DP-Procurement Contract Check List’.
  • Assist in the facilitation of data subject inquiries, including the processing of Subject Access Requests (SARs).
  • Assist in the preparation and delivery of GDPR/DPA training to all members of staff.
  • Assist in the investigation and response to personal data incidents, maintain a schedule of recommendations and actions for those incidents, and follow up on the close out of those recommendations and actions by the company.
  • Work closely with IT and others to secure the most effective ways of managing the company’s personal data responsibilities.
  • Attendance at internal and external advisory groups and/or conferences, including the collaboration with BEIS on data protection issues / projects.
  • Maintain and renew LCCC’s and ESC’s data protection registrations with the ICO.
  • Support in the development and implementation of the LCCC Knowledge Management Strategy and assist the Knowledge & Data Protection Manager in providing a strategic view on the further development of knowledge management systems and practices in order to support the work and development of the organisation into the future.
  • Assist on external knowledge and information management collaboration with stakeholders with the aim of supporting implementation of the Energy Data Taskforce Open Data Initiative including Ofgem, BEIS, the Energy Systems Catapult et al.
  • Support the work to identify all the uncodified data - knowledge - within LCCC and devise ways to store this so that is easily accessible to all staff.
  • Assist in identifying the different types of knowledge available to the business e.g., CM, CfD and Cross-Scheme knowledge.
  • Assist in the upload of knowledge content onto such solutions – working with the relevant teams in the business such as Scheme Operations.
  • Support the business in taking responsibility for the relevance of and accuracy of content and also takes responsibility for communicating content updates to relevant employees.
  • Support the establishment of networks and forums relevant for the sharing of knowledge, such as Communities of Practice and online forums and these.
  • Support on training for knowledge management to all employees and answer queries regarding knowledge management. Support the Knowledge & Data Protection Manager to ensure that the business is aware of the knowledge management resources available and is appropriately trained and are using the systems efficiently and productively.
  • Assist the General Counsel and Data Protection Officer in matters arising in the Legal team such as: keeping a record of templates, policies and when they are due for review (by others); managing the legal filing system – including managing permissions on folders; managing storage and retrieval of hard copies of legal documents, and electronic copies of legal documents e.g. DocuSign.; supporting on CfD Allocation Round projects (when they are run by the business) and ensuring correct details are contained within documents eg names and addresses.
  • Support the overall business activities and operations of the Knowledge & Data Protection team and be the data department representative as required on knowledge management and data protection working groups and/or on specific company projects in relation to knowledge and data protection matters.
  • Work with functional colleagues as required on the delivery of company projects and responsibilities.
  • Be the legal department representative as required on data management working groups and/or on specific company projects in relation to data protection matters.

Skills/Experience Required for the Role:

  • Knowledge and proven experience working in a Data Protection role.
  • Knowledge and proven experience of data privacy legislation, including the Data Protection Act (DPA) 2018, the UK GDPR and the EU GDPR.
  • Data Protection and/or Privacy certifications are desirable (but not essential).
  • Experience of working with legal departments is desirable (but not essential).
  • Experience of knowledge management, project management implementation skills, delivery and outcome focused, and ability to deliver quality work to tight deadlines
  • Proven records management expertise with the ability to accurately maintain and properly update registers.
  • Experience in handling subject access requests, providing data protection training and investigating and facilitating the response to personal data incidents.
  • Sufficient knowledge and experience of information technology to ensure effective ways to protect knowledge and data privacy and facilitate efficient knowledge and personal data management. Experience of conducting data protection audits, drafting/updating documentation related to the GDPR/DPA, and implementing privacy / data protection compliance programmes is desirable (but not essential).
  • Highly organised, with great attention to detail and the ability to assimilate and analyse complex information while retaining an ability to see the big picture.
  • Ability to work across business functions often with conflicting timescales.
  • Ability to work independently whilst keeping the line manager informed of key issues and developments.
  • Excellent influencing, oral and written communication skills.
  • Effective interpersonal skills with the ability to work closely and collaboratively with colleagues and stakeholders to deliver high quality and timely business outcomes.
  • Ability to build relationships and be recognised as a pragmatic value-added operator.
  • Team player with credibility