Share this Job

Data Privacy Office Manager

Date: Dec 7, 2018

Location: Watford, United Kingdom

Company: KPMG UK

AutoReq ID138490BR
Job TitleData Privacy Office Manager
CountryUnited Kingdom
LocationWatford
FunctionKPMG Business Services
Service LineQRM
Service Line InformationQuality and Risk Management are the responsibility of each partner and employee. This responsibility includes the need to understand and adhere to member firm policies and associated procedures in carrying out their day-to-day activities. UK Quality & Risk Management teams help to set, implement and enforce policies and procedures designed to help to enable KPMG UK and its personnel to achieve the following key objectives: (i) oversee and monitor service quality, (ii) protect the brand and reputation of KPMG, (iii) comply with laws, (iv) regulations and professional standards, and (v) minimize the risk of financial claims against KPMG UK.

KPMG OverviewKPMG is part of a global network of firms that offers Audit, Tax & Pensions, Consulting, Deal Advisory and Technology services. Through the talent of over 16,000 colleagues, we bring our creativity and insight to our clients’ most critical challenges.

With offices across the UK, we work with everyone from small start-ups and individuals to major multinationals, in virtually every industry imaginable. Our work is often complex, yet our vision is simple: to be the clear choice for our clients, for our people and for the communities we work in.

Job Description
As part of Phase 2 of the KPMG UK GDPR compliance activities and rolling out a a new Privacy Office operating model, the UK firm is recruiting a Data Privacy Office Manager. The suitable candidate will help drive internal compliance with KPMG’s obligations under the GDPR, UK Data Protection Act 2018 and Privacy of Electronic Communications Regulations (PECR).

The Data Privacy Office Manager will apply his or her data protection and privacy expertise to effectively support the Data Privacy Office Lead and Data Protection Officer (DPO) in developing the internal Data Privacy Office (2nd line) and perform all relevant duties as part of the new operating model.

As well as strong privacy advisory, this is predominantly a hands on role.

Reporting to: Data Privacy Office Lead

Key Responsibilities:


- Function as a key member of the internal Privacy Office and engaging with other privacy professionals including data protection lawyers
- Support the Data Privacy Office Lead, functioning as a hand-on Privacy SME
- Enhance current privacy by design process i.e. development of PIA/DPIAs and determine all firm wide forums and committees that should act as trigger points for PIAs/DPIAs.
- Assist businesses and functions to perform PIAs/DPIAs where required
- Support the ownership and monitoring of a privacy risk register and integration with rollout of a GRC tool as part of a wider risk and compliance management framework
- Support production of privacy office reports e.g. weekly data subject request reports, privacy risk reports, to be reported to various risk management forums and the DPO
- Support rollout of new privacy office target operating model, including engagement with 1st line data and privacy officers
- Develop and manage content on the Data Privacy Office portal e.g. guidance and FAQs
- Support Data Subject Request (DSR) lead in managing and responding to requests
- Support review and maintenance of internal and external facing privacy notices and policies
- Support the development of procedures to support corporate policies impacting personal data
- Assist the firm’s UK learning and training team on data protection and privacy matters for staff and contractors
- Monitor and communicate changes to data protection and privacy laws and regulations that may impact the UK firm’s operational and strategic practices
- Championing data protection and privacy network and leaders
- Work closely with the Information Protection team
- Support all businesses and functions with privacy questions e.g. via Privacy office mailbox
- Drive continuous improvement and change
Skills and experience required:

- Strong experience in a similar hand-on role, ideally in a complex organisation e.g. top tier financial organisation or professional services organisation
- Strong experience in developing and conducting PIA/DPIAs
- Strong experience of managing privacy risks (capturing in risk register) and establishing controls
- Must have worked within a GDPR compliance programme
- Excellent SME knowledge of the GDPR and UK DPA 2018 including knowledge and strong experience of operational implementation
- Good practical knowledge and experience of building Article 30 records of processing activities registers, establishing lawful basis and consent management
- Must hold recognised privacy qualifications e.g. CIPP/E, CIPM, BCS
- Excellent skills developing reports in MS Excel and/or MS PowerPoint
- Excellent communication skills, both written and verbal
- Well organised and able to maintain a high workload efficiently at a consistently high standard
- Strong attention to detail
- Excellent understanding of inter relationships between systems, architecture, platforms and security
- Good knowledge of information security and security measures required by the GDPR
- Experience working with GRC tools to manage privacy risks is advantageous
- Understanding of 3 lines of defence (risk management)
- Experience of other privacy 3rd party tools is advantageous



Our DealIf the chance to work with interesting clients and innovative technology wasn’t rewarding enough, we’ll motivate you in other ways too. At KPMG you can expect real responsibilities and opportunities to grow professionally.


‘Our Deal’ sets out all the different ways you’ll be rewarded at KPMG. Among other things you can benefit from honest conversations about your career as well as a range of other rewards. In all these ways and more, we have created an environment that can bring out the best in you.

Flexible WorkingWhile some of our client-facing professionals can be required to travel regularly, and at times be based at client sites, we are supportive where possible of helping you to achieve a balance between your home and work demands.

We are happy to discuss individual requirements and our range of flexible working arrangements could be of interest. Furthermore, as part of the recruitment process, we can put you in touch with people who work flexibly so you can understand from them what our culture is like.

Applying with a DisabilityKPMG are proud to be an inclusive, equal opportunity employer and we seek to attract and retain the best people from the widest possible talent pool. As a member of the Business Disability Forum we're committed to ensuring that you are treated fairly throughout our Recruitment Process. Should you be successful after the initial application stage, please discuss any reasonable adjustments that you may require, with your recruitment contact.

KPMG's commitment to diversity

We are proud of the value we place on individuality; we want you to bring your full self to work and truly maximise your potential. We believe that your individuality helps us to deliver the best results for our clients. Diversity of background, diversity of experience, diversity of perspective - that's the KPMG difference. But, don't take our word for it, find out more about diversity at KPMG.



Returning to work after a break
At KPMG, we appreciate that returning to work after an extended career break can be daunting. We understand that those with experience who have taken a career break have a wealth of experience and knowledge to offer our organisation, which helps us to achieve our business goals. We will support you to refresh your skills, develop your confidence and provide a supportive network across the firm to help you best integrate into the working environment. This role welcomes applications for individuals who have been out of work for 18 months or more and who have previous relevant experience.

Policy for Agencies

KPMG has a commitment to sourcing candidates directly and as such we do not accept speculative CV’s from agencies. Please check here to see our policy on agencies: Policy


Job Segment: Database, Data Management, Claims, Manager, Consulting, Technology, Data, Insurance, Management