Data Protection Manager

Kingsley Napley is an internationally recognised law firm based in Central London. We support individuals and businesses in resolving conflict, safeguarding their futures and maximising opportunities. Our wide range of expertise means that we can provide support for our clients in all areas of their business and private life. Many of our lawyers are leaders in their field and our practice areas are highly ranked by the legal directories.

Information & Technology

Oversee and manage the firm's data protection and privacy protocols. This role will ensure compliance with all relevant regulations, including the UK GDPR, and will work closely with various departments to develop and implement data protection policies and procedures.

Key Responsibilities:

• Maintain a privacy governance framework in compliance with the UK GDPR, including managing records of data processing activities and
• Manage a risk-based vendor management review process
• Conduct data protection impact assessments (DPIAs) and other risk assessments
• Maintain and provide necessary documentation and evidence for internal and external auditors
• Review and negotiate data protection clauses in contracts with third-party vendors and partners
• Develop and deliver training programs to raise awareness of data protection and privacy issues among employees
• Monitor changes to data protection laws and regulations and update policies and procedures accordingly
• Collaborate with the Information Security team to ensure data protection measures are integrated into the firm's overall security strategy
• Manage data breach response and reporting processes, including conducting investigations and implementing corrective actions.

Secondary Responsibilities:

• Working with the relevant practice areas to assist with drafting and reviewing data protection clauses in client contracts, ensuring that all agreements are compliant with current data protection laws and best practices
• Supporting Fee Earners with their client work, which could include developing and implementing data protection policies and procedures that align with their client’s business operations and regulatory requirements
• Other such duties as and when required.

Every effort has been made to ensure that this is a full description of the tasks and responsibilities of this role. However, it is not an exhaustive list. The job description may be changed or developed at any time to reflect changes as required.  However, material changes will not be made without full consultation with the post-holder.

Kingsley Napley are committed to creating a diverse environment and is proud to be an equal opportunity employer. All qualified applicants will be considered for employment regardless of race, age, disability, gender identity and expression, sexual orientation, gender reassignment, marriage and civil partnership, pregnancy and maternity and religion.