Description
:
Data Privacy Advisor
Reports to:Senior Legal Counsel
Contract term:This is a full time, permanent position on Crick terms and conditions of employment
About the role
The Francis Crick Institute is one of the world’s leading biomedical research institutes. You will help the Crick deliver its scientific mission in compliance with legal, charitable and regulatory requirements.
You will be part of the Crick’s Legal and Governance team. We are a full-service function responsible for legal, contractual, regulatory, data protection and company secretarial matters. We provide commercial legal advice and transactional support for all parts of the Crick. We oversee data privacy compliance jointly with the Information Technology team. We also provide a full secretariat service to the boards and committees of the Crick and its subsidiaries.
This is a busy role in a friendly team where collegiality, professionalism and attention to detail are key. Working closely with senior colleagues, you will manage and maintain a programme for compliance with regulation and help to embed a culture of learning and improved ways of working. You will also help deliver the Legal and Governance team’s strategy, working closely with team members and stakeholders to establish best practice and new ways of working. The work will be varied, reflecting the different types of relationships with commercial and academic organisations and our ambition for our legal operations to be best in class.
While the primary focus of this role is to lead on data privacy matters, it would also be highly suited to an enthusiastic individual who is interested in developing their career by expanding into ethics and compliance. This could include responsibility for conflict of interests, internal policies, and the Crick’s Code of conduct.
Key Responsibilities
These are the key areas. You may be asked to undertake other relevant tasks in line with organisational requirements:
Lead on the delivery of the Crick’s data protection compliance roadmap, maintain the Crick’s privacy framework, update processes, monitor compliance.
With the Deputy Chief Information Security Officer, co-chair the Data Privacy, Architecture and Cybersecurity meetings, and work with key stakeholders to ensure continued embedding of data privacy considerations and increased expertise.
Maintain data privacy policies, processes and procedures in line with applicable legislation and the Crick’s needs.
Develop and promote ongoing learning and awareness of data privacy and other compliance topics.
Produce management information for relevant boards and committees.
Be the key contact for data protection enquiries from across the Crick.
Provide advice and expertise on data privacy (eg DPA 2018, UK GDPR, PECR, FOI requests, privacy by design and by default, DPIAs, data incident investigation, DSAR management).
Handle complex cases and review/draft/advise on privacy provisions across a wide range of operational and research contracts (eg supplier, collaboration and data sharing agreements).
Undertake and/or review DPIAs for key projects, DSARs, erasure and other rights requests and lead investigations into potential data breaches.
Ensure the Crick’s Register of Processing Activities is up to date by providing support and guidance to Crick teams to help them maintain their listings in the Crick’s ROPA.
Keep abreast of legal developments in data privacy and other compliance topics and related guidance issued by UK authorities.
Help to create and share contract templates, resources and other internal guidance and training to promote awareness and regulatory compliance. Instruct external counsel.
Maintain internal register of laws and regulations applying to Crick and help to provide/procure advice on those, as required.
As a member of Legal and Governance team, provide advice and support on projects and transactions, as required.
Key experience and competencies
You will be a data privacy expert with around 2-5 years’ experience in this area. You may also be a qualified lawyer with a similar level of knowledge and expertise.
The post holder should embody and demonstrate our core Crick values: bold, open and collegial, in addition to the following knowledge, skills and experience:
Essential
A sound understanding of the legal and regulatory context in which the Crick operates, gained through experience.
A sound knowledge of legal and regulatory frameworks around data (e.g., DPA 2018, PECR (E-Privacy) and GDPR regulations), as well as related governance, best processes and practice.
Experience of supporting data protection compliance in practice (e.g., DSAR, DPIA, data security and breach management).
Ability to think strategically, plan and deliver projects. Ability to assess complex scenarios so as to give high-quality advice and identify pragmatic solutions.
Confident to challenge ways of doing things.
A strong commitment to organisational effectiveness. Ability to handle a varied workload, competing demands and tights deadlines in a fast-moving environment. Methodical in approach and with an excellent attention to detail.
Good interpersonal skills (e.g., tact, integrity, confidentiality, patience). Ability to build personal credibility quickly and develop and maintain effective relationships, including working with people with differing perspectives and needs.
Communicates effectively in writing and in speech with a concise, compelling writing style and strong written accuracy. Ability to present complex information in clear and simple communications to all levels of the organisation. Good legal drafting skills.
Confident use of technology (e.g., Microsoft, document management platforms, Slack, ServiceNow & Trello etc) to promote awareness, share knowledge and support compliance.
Works effectively in a collegiate environment, consulting with colleagues to share expertise and ideas to deliver new outcomes. Flexible, motivated and resilient. Acts authentically and consistently, develops self-awareness by seeking feedback from others.
Desirable
Completed the LLB or GDL.
Practitioner Certificate in Data Protection or relevant alternative
Experience of a legal/company secretarial department, ideally in a charity or academic environment.
Familiarity with company and charity governance; anti-bribery, and competition law.
Find out what benefits the Crick has to offer:
For more information on our great pay and benefits package please click here:
Equality, Diversity & Inclusion:
We welcome applications from all backgrounds. We are committed to providing equal employment opportunities, regardless of ethnicity, nationality, gender, sexual orientation, gender identity, religion, pregnancy, age, disability, or civil partnership, marital or family status. We particularly welcome applications from people who are Minority Ethnic as they are currently underrepresented in the Crick at this level.
Diversity is essential to excellence in scientific endeavour. It increases breadth and perspective, leading to more innovation and creativity. We want the Crick to be a place where everyone feels valued and where diversity is celebrated and seen as part of the foundation for our Institute’s success.
The Crick is committed to creating equality of opportunity and promoting diversity and inclusivity. We all share in the responsibility to actively promote dignity, respect, inclusivity and equal treatment and it is our aim to ensure that these principles are reflected and implemented in all strategies, policies and practices.
Read more on our website: