Data Protection Officer
LHV Bank, a fully licensed UK bank, specialises in Banking Services for global fintechs and SME Lending solutions for UK businesses. The SME Lending division offers commercial real estate investment loans and trading loans from £0.5m to small and medium-sized businesses in the UK.
As a leading Banking Services provider, LHV Bank delivers a wide range of services, including real-time multi-currency payments, accounts, acquiring, indirect scheme access, open banking, and FX solutions. Over 200 renowned fintech companies, such as Airwallex, Currencycloud, Truelayer, and Wise, utilise LHV Bank to serve more than 10 million end customers and access a pool of 500 million potential customers across the UK and Europe.
LHV Bank gained its UK banking licence in May 2023 and launched into the retail savings market through deposit aggregators in August 2023. It is in the process of developing its direct to customer retail banking proposition for launch in 2024. More information: lhv.com
We are looking for a Data Protection Officer to join our team in London. The role will report into the Chief Compliance Officer and work closely with the Head of Information Security, Data Protection Champions and other key stakeholders to meet LHV Bank’s data protection and data processing requirements. The DPO will have direct responsibility to the Bank’s Board of Directors for data protection and must ensure that good governance, oversight and reporting is in place.
Responsibilities:
- Act as DPO to meet LHV Bank Limited’s obligations under the UK Data Protection Act 2018, and support the bank in meeting its European Union (EU) General Data Protection Regulation (GDPR) data processing requirements for AS LHV Pank
- Monitor compliance and data practices internally to ensure the business and its functions comply with the applicable requirements under UK and EU GDPR.
- In relation to data protection, this role is responsible for advice and guidance to business function colleagues, creation and maintenance of policies and procedures, raising awareness of data protection issues, staff training and ensuring monitoring and internal audit activity is in place.
- Advise on and monitor data protection impact assessments, as completed by business functions.
- To be the first point of contact for the Information Commissioner’s Office (ICO) and individuals whose data is processed by the bank.
Policy and Procedures
- Implementing measures and a privacy governance framework to manage personal data in compliance with UK and EU GDPR. Work with relevant functions to develop templates for data collection, assisting with data mapping, and vendor management reviews.
- In conjunction with business functions, maintain Records of Processing Activity (ROPA) and assessment of lawful basis, data breach assessments, and final DPIA records.
- Support business functions with development of relevant procedures, ensuring Consumer Duty obligations are taken into account.
Advisory
- Work with key internal stakeholders in the review of projects and related data to ensure compliance with local data privacy laws, and where necessary provide advice on, and review privacy impact assessments.
- Assist in review and updates to privacy notices, controller-processor contracts, data mapping and privacy by design and default practices.
- Serve as the primary point of contact for queries in the business.
- Collaborate with Legal and Information Security in relation to vendor contracts and consents needed to implement projects and change initiatives.
- Support with data-related complaint management, subject access requests, notifications, claims and ensure retention of appropriate records.
- Monitor changes to local privacy laws and industry standards, leveraging the Bank’s existing horizon scanning framework. Make recommendations for relevant updates to practices.
Training and Awareness
- Develop strategies and initiatives to raise awareness of data protection requirements.
- Develop and deliver privacy training to various business functions.
- Collaborate with the Information Security function to raise employee awareness of data privacy and security issues.
- Support data champions in development of expertise
Reviews and Investigations
- Where necessary, investigate data protection issues and/or breaches, assessing whether external reporting is required, and the actions required to address any issues.
- Work closely with Compliance Monitoring, Risk Management and Internal Audit, to ensure there is coordinated assurance in place to provide effective oversight of data protection.
Governance
- Participate in relevant Bank forum and committees, ensuring data protection matters are considered and reported accurately.
- Provide reporting to Group and AS LHV Pank, as needed, including through the Intra-Group Agreement for the services provided by LHV Bank Limited to AS LHV Pank.
- Ensure relevant Board members are aware of potential issues, escalating directly where necessary.
Skills & Experience:
- Hold at least one Data Protection and/or Privacy certification, such as CIPP, CIPT, C-DPO.
- Experience in UK and EU GDPR, ideally within a retail banking environment
- Ideally operated at DPO level or looking for the next move to DPO.
- Sound knowledge of best practice data protection and privacy frameworks, policies and methodologies
- Good knowledge of information technology and data management systems
- Strong report- and policy/procedure-writing experience
- Highly motivated individual capable of working on own initiative.
- Strong stakeholder and interpersonal skills, including collaboration.
- Excellent attention to detail
- Ability to identify risks and implement solutions to mitigate those risks
- Ability to challenge constructively and enforce appropriate boundaries.
- Accountable for own decisions and actions whilst respectful of the professional responsibilities of others
- Ability to handle confidential and sensitive information with the appropriate discretion
Some of our benefits
• Competitive salary & progression
• Open and inclusive culture
• Hybrid working
• Fantastic offices and great working environment
• Vitality Health Plan (includes private health insurance, travel insurance, gym discounts)
• Medicash health plan (Level 3)
• 5% employer pension contribution
• Life assurance
• Income protection insurance
• 28 days holiday plus 3 additional days, bank holidays & further days for various key life events
• Team socials
Apply for this job
*
indicates a required field