Loading...
 

Helps. Cares. Protects.

Compliance and Data Protection Officer

UK

Duties & Responsibilities

 

  • To be the GDPR expert and resource for the UK&I business, proactively implementing a positive data protection culture across the business
  • To lead on Compliance aligned to the Medtech code and company policies, supporting the salesforce in ensuring full compliance to GDPR and relevant industry compliance codes
  • To act as the lead contact for the ICO for all data protection queries and investigations. This involves ensuring that all data breaches are investigated and monitored aligned to ICO and GDPR frameworks
  • To identify and update the business on changes (new industry guidelines), opportunities and expectations in the marketplace
  • To conduct training with customers when required and prepare appropriate training and follow-up materials for these training sessions, identifying areas of improvement for future developments
  • To provide an ongoing level of expertise to assist with credible dialogue with NHS professionals, both technical and non-technical, to identify different solution implementation possibilities, ensuring alignment to DSP toolkit
  • Identifying and evaluating the Company’s data processing activities, and maintain records of processing operations
  • Providing advice and instructions on how to conduct Data Protection Impact Assessments (DPIAs) and complete as per global requirements
  • Ensure we address all data queries from data subjects within the legal timeframe expected (e.g. delete their data from our databases)
  • Liaise with other organisations who process data on our behalf, facilitating and implementing GDPR compliance
  • Liaise with global Data Protection and Compliance teams ensuring UK apply any and all data protection policies and procedures
  • Deliver GDPR and compliance training for employees, within each ITC and as required for existing employees
  • Maintain and update relevant KPI documents to show the management team project, training and compliance status
  • To develop your professional competence through engaging in on-going training and development, as well as keeping up-to-date knowledge on relevant compliance and GDPR updates and share with the marketing team
  • To communicate with the Head of Marketing on all aspects of your role in line with agreed administration protocols
  • Undertake any other marketing tasks required that support achievement of personal, departmental and company objectives

 

 

Other Duties

 

  • Ensure compliance and adherence with all company policy and procedures
  • Carry out any other duties commensurate to the post as required by your Line Manager or Senior Manager
  • Variations to the role profile may be required from time to time and when this arises there will be a discussion with the post holder

 

Person Specification

Experience: 

 

  • Recent and extensive experience of working in the healthcare sector (Medtech industry preferred)
  • Experience in implementing GDPR policies and embedding in organisations
  • Experience in applying compliance principles into a company
  • Evidence of personal and career development and progression

 

Technical Skills:

 

  • GDPR qualification (Official IAPP (CIPPE CIPM) Certification Course)
  • Ability to complete a DPIA, and know which data processing requires a DPIA
  • Maintain and input DPIA database
  • Translate GDPR to maintain compliance while enabling business activities
  • Ability to train and support colleagues in GDPR and understand where DPIAs are applicable
  • Ability to train and embed compliance policies

 

Skills & Attributes:

 

  • Ability to develop and work as part of a team
  • Hybrid working, with occasional head office working
  • Courage to drive through change in a professional manner
  • Excellent analytical and decision-making skills
  • Excellent communication and networking
  • Exceptional problem solver, with a hands-on approach
  • High degree of integrity
  • High level of commercial awareness
  • High personal accountability
  • Passion to “make a difference” to health
  • Highest level of confidentiality and discretion
  • Desire to promote GDPR compliance in positive manner
  • Willing to be responsible and accountable for GDPR compliance across the UK business
  • Demonstrate a ‘can do’ and positive attitude
  • Ability to work well under pressure, multi-task and meet deadlines without compromising on quality or accuracy
  • Able to follow instruction but also to work unsupervised
  • Effective time management and organisational skills
  • Strong communication and presentation skills
  • Ability to be credible through no conflict of interest, which may compromise the right decisions regarding GDPR or compliance and HARTMANN UKI
  • Ability to communicate at all levels internally and externally, as well as locally and internationally
  • Demonstrable IT skills in Word, Excel and PowerPoint
  • Able to work five days per working week (minimum 37 hours)
  • Holds a full driving licence

.

Helps. Cares. Protects.

Compliance and Data Protection Officer

UK

Duties & Responsibilities

 

  • To be the GDPR expert and resource for the UK&I business, proactively implementing a positive data protection culture across the business
  • To lead on Compliance aligned to the Medtech code and company policies, supporting the salesforce in ensuring full compliance to GDPR and relevant industry compliance codes
  • To act as the lead contact for the ICO for all data protection queries and investigations. This involves ensuring that all data breaches are investigated and monitored aligned to ICO and GDPR frameworks
  • To identify and update the business on changes (new industry guidelines), opportunities and expectations in the marketplace
  • To conduct training with customers when required and prepare appropriate training and follow-up materials for these training sessions, identifying areas of improvement for future developments
  • To provide an ongoing level of expertise to assist with credible dialogue with NHS professionals, both technical and non-technical, to identify different solution implementation possibilities, ensuring alignment to DSP toolkit
  • Identifying and evaluating the Company’s data processing activities, and maintain records of processing operations
  • Providing advice and instructions on how to conduct Data Protection Impact Assessments (DPIAs) and complete as per global requirements
  • Ensure we address all data queries from data subjects within the legal timeframe expected (e.g. delete their data from our databases)
  • Liaise with other organisations who process data on our behalf, facilitating and implementing GDPR compliance
  • Liaise with global Data Protection and Compliance teams ensuring UK apply any and all data protection policies and procedures
  • Deliver GDPR and compliance training for employees, within each ITC and as required for existing employees
  • Maintain and update relevant KPI documents to show the management team project, training and compliance status
  • To develop your professional competence through engaging in on-going training and development, as well as keeping up-to-date knowledge on relevant compliance and GDPR updates and share with the marketing team
  • To communicate with the Head of Marketing on all aspects of your role in line with agreed administration protocols
  • Undertake any other marketing tasks required that support achievement of personal, departmental and company objectives

 

 

Other Duties

 

  • Ensure compliance and adherence with all company policy and procedures
  • Carry out any other duties commensurate to the post as required by your Line Manager or Senior Manager
  • Variations to the role profile may be required from time to time and when this arises there will be a discussion with the post holder

 

Person Specification

Experience: 

 

  • Recent and extensive experience of working in the healthcare sector (Medtech industry preferred)
  • Experience in implementing GDPR policies and embedding in organisations
  • Experience in applying compliance principles into a company
  • Evidence of personal and career development and progression

 

Technical Skills:

 

  • GDPR qualification (Official IAPP (CIPPE CIPM) Certification Course)
  • Ability to complete a DPIA, and know which data processing requires a DPIA
  • Maintain and input DPIA database
  • Translate GDPR to maintain compliance while enabling business activities
  • Ability to train and support colleagues in GDPR and understand where DPIAs are applicable
  • Ability to train and embed compliance policies

 

Skills & Attributes:

 

  • Ability to develop and work as part of a team
  • Hybrid working, with occasional head office working
  • Courage to drive through change in a professional manner
  • Excellent analytical and decision-making skills
  • Excellent communication and networking
  • Exceptional problem solver, with a hands-on approach
  • High degree of integrity
  • High level of commercial awareness
  • High personal accountability
  • Passion to “make a difference” to health
  • Highest level of confidentiality and discretion
  • Desire to promote GDPR compliance in positive manner
  • Willing to be responsible and accountable for GDPR compliance across the UK business
  • Demonstrate a ‘can do’ and positive attitude
  • Ability to work well under pressure, multi-task and meet deadlines without compromising on quality or accuracy
  • Able to follow instruction but also to work unsupervised
  • Effective time management and organisational skills
  • Strong communication and presentation skills
  • Ability to be credible through no conflict of interest, which may compromise the right decisions regarding GDPR or compliance and HARTMANN UKI
  • Ability to communicate at all levels internally and externally, as well as locally and internationally
  • Demonstrable IT skills in Word, Excel and PowerPoint
  • Able to work five days per working week (minimum 37 hours)
  • Holds a full driving licence

.