Data Protection Solicitor

Location: United Kingdom
Office: Norwich Cambridge Birmingham
Discipline: Risk & compliance
Contact name: Ben Porter

Contact email: [email protected]
Contact phone: 01214568041
Vacancy reference: 023049
Closing date: 16 February 2024
Startdate: 10 January 2024 - 10 January 2024

A permanent role based ideally in Birmingham, Cambridge, or Norwich, but other locations would be considered.

The role

Reporting on a day-to-day basis (that includes both pastoral care and performance reviews) to the firm’s Compliance Officer for Legal Practice (COLP) and Chief Information Security Officer (CISO), this role is part of the Risk & Compliance team (R&C), given R&C’s responsibilities in relation to the management of operational risk generally within the firm. With support from the COLP/CISO and R&C, the role will lead on promoting a culture of data privacy, protection and compliance and embedding best practices across the organisation.

This role will also take overall responsibility for:

  • providing advice and risk management expertise across a wide spectrum of data protection and privacy matters including our privacy notices, data collection and sharing processes, PECR compliance and the firm’s supplier, client and third-party agreements (including IDTAs for data transfers where required).
  • maintaining data protection and privacy policies, procedures, processes and controls; and
  • ensuring that the organisation complies with the relevant law and regulations and deals with data subject rights’ requests and personal data breaches.

The person

This is a busy and challenging role and, to be successful, the position requires someone who is/has:

  • experience in a similar role in data protection and privacy legislation, coupled with demonstrable experience of managing compliance in these areas internally or in private practice;
  • committed to continued professional development, and has a willingness to keep up to date;
  • strong written and verbal communication skills;
  • IT literacy and accuracy with record keeping;
  • experience of working and engaging with a variety of senior staff;
  • a professional qualification in data protection, information legislation or other relevant field would be advantageous

The post holder must be able to demonstrate excellent communication and interpersonal skills at all times, and be able to build and maintain good working relationships with all stakeholders including the following:

  • Director of Risk Management and the Risk & Compliance team;
  • Director of Marketing and the Marketing and Communications team;
  • Board; and
  • Information Security Forum.

Additional personal attributes will include:

  • strong attention to detail;
  • a logical and systematic approach;
  • energy and enthusiasm;
  • a pleasant and outgoing approach;
  • being a team player;
  • flexibility in approach;

In addition, you will need to:

  • travel to the firm’s other offices;
  • be flexible and able to work longer hours as the role demands.

Key Duties and responsibilities and accountabilities

  • Inform and advise the firm, its employees and Partners about their obligations to comply with data protection and privacy legislation including the UKGDPR.
  • Manage compliance with applicable laws, including managing internal data protection and privacy activities, such as review and update of privacy notices, maintenance of the record of processing activities, and managing responses to data subject rights requests.
  • Advising on data protection impact and transfer risk assessments, supplier or client contracts and due diligence information, marketing activities involving PECR compliance and data sharing, and the firm’s broader data and digital strategies.
  • Lead or commission appropriate data protection and privacy awareness, training and educational activities.
  • Be the first point of contact for supervisory authorities and for individuals whose data is processed (employees, clients etc).
  • Input into the firm’s responses to client supplier assurance questionnaires, audits and bid/tender responses as they relate data protection and privacy.
  • Supported by the Risk & Compliance Solicitors, take a proactive approach to managing information security incidents and/or personal data breaches, including leading investigations, identifying and monitoring corrective actions and lessons to be learnt.
  • Working closely with the ISO 9001 Internal Audit Manager, construct and maintain the firm’s internal audit programme including reporting outcomes and ensuring identified corrective actions relating to data protection and privacy are appropriately completed.
  • Advising the firm, its staff and partners on general risk management related issues – training will be given.
  • Undertake any other duties which may reasonably be required, commensurate with the role, bearing in mind the developing needs and demands of the firm.

Pre-employment screening

Please note that, in the event that we make an offer for a role, we will conduct pre-employment screening that includes, but is not limited to, a basic DBS check, right to work check, any disciplinary history recorded with the Solicitors Regulation Authority (SRA) and a self-declaration to assess your character and suitability for the role. A full policy of the screening the firm undertakes is available on request.

The Mills & Reeve Business Services career structure

We have a firm wide Business Services career structure and a published career progression framework.  Within the firm wide career structure there are five career levels.  For the purposes of the framework, this role is at Manager level and the role profile that details the outcomes and activities expected of across the firm is included with this job description. Further information on the firm’s Business Services career structure is available from the HR team.

The package

As you would expect, the firm offers a generous salary and benefits. The firm’s standard benefits are detailed in the following link:

The firm

What really sets Mills & Reeve apart from other law firms is the way we work with our clients. We understand that clients, in the 21st century, no longer want a traditional law firm – they want one that embraces forward thinking approaches to service, billing, commercial know-how, innovation, people management and community engagement.

And finally

Mills & Reeve is committed to providing an inclusive and supportive working environment. We are happy to consider flexible working arrangements and endeavour to achieve the right balance for both our people and the business. This attitude to flexible working ensures we continue to provide outstanding service to our clients, whilst allowing our people to develop their careers in the knowledge that personal priorities will remain just that.

Mills & Reeve is committed to promoting equality, diversity and to providing an inclusive and supportive environment. Please click the link below to find further information regarding our diversity policy.

If you would like any more information about Mills & Reeve, you can visit our website by clicking on the following link: