Data Protection and Compliance Manager

Full Time
London, UK
9 months ago

At HelloFresh, we want to change the way people eat forever by offering our customers high-quality food and recipes for different meal occasions. Over the past 10 years, we've seen this mission spread around the world and beyond our wildest dreams. Now, we are a global food solutions group and the world's leading meal kit company, active in 18 countries across 3 continents. So, how did we do it? Our weekly boxes full of exciting recipes and fresh ingredients have blossomed into a community of customers looking for delicious, healthy, and sustainable options. The HelloFresh Group now includes our core brand, HelloFresh, as well as: Green Chef, EveryPlate, Chefs Plate, Factor_, and Youfoodz.

But most importantly, it’s our incredible people who make HelloFresh what it is. We thrive on giving our employees an inclusive working environment, in which they have access to development opportunities and in which their voices are heard and valued every day. This helps us best reflect and serve our customers.

About the roleAs the Data Protection and Compliance Manager you will be part of the UK legal team and responsible for reviewing and implementing data protection policies, procedures and tools, conducting regular audits and assessments, providing training, tooling and guidance to staff, and liaising with internal and external stakeholders such as data subjects and the Information Commissioner’s Office (ICO). Responsibilities will include: 

  • To draft, review, negotiate, and advise on commercial arrangements that impact on data protection.
  • Contribute to the wider legal team, including sharing know-how and developing precedents.
  • Monitoring compliance with the UK GDPR and other applicable data protection laws, as well as HelloFresh’s internal data protection policies and standards.
  • Advising and informing the company and its employees on their data protection obligations and best practices.
  • Conducting data protection impact assessments (DPIAs) for high-risk processing activities and consulting with the ICO when necessary.
  • Providing data protection training and awareness programs to staff at all levels of the organization.
  • Assisting Customer Care in responding to data subject requests and complaints regarding their personal data.
  • Keep up-to-date with changes in data protection and e-privacy law and practice in the UK and EMEA (including regulator guidance and enforcement activities, and key business trends and best practices), with particular focus on the evolving requirements of EU and UK GDPR. 
  • Provide timely, accurate, quality legal advice on all aspects of data protection and e-privacy to businesses based in the UK and the wider EMEA region.
  • Cooperating and communicating with the ICO and other relevant authorities on data protection matters.
  • Maintaining records of the company’s data processing activities and ensure their accuracy and completeness.
  • Maintaining controls to prevent accidental or inappropriate sharing of sensitive data.

About youQualifications and Experience

  • Extensive knowledge of UK Data Protection law including an understanding of marketing legislation (PECR)
  • The ability to translate data protection law into everyday terms and actions
  • An understanding of information security and its interdependency with data protection requirements
  • Bachelor’s degree or equivalent in law, computer science, information security or proven experience as a data protection officer or a similar role in a complex organization.
  • Ideally, a qualified UK lawyer but other common law jurisdictions or EU jurisdictions may be acceptable and/or a data protection/privacy qualification such as CIPP
  • Experience in advising on compliance policies, intra-group and international data transfers, contractual data protection requirements, data breach incidents and DSARs is essential
  • Experience of data governance design and implementation

Personal Attributes

  • Audit experience: Having experience in conducting audits is beneficial for a DPO
  • Organisational and communication skills: Should be able to organize tasks effectively and communicate clearly with different stakeholders
  • Familiarity with data protection tools and technologies, such as encryption, anonymisation, pseudonymisation, etc.
  • Ability to conduct audits, assessments, and investigations in a systematic and objective manner.
  • Ability to provide clear and practical advice and guidance on data protection issues.
  • Ability to design and deliver effective training and awareness programs on data protection

What you will get in return:

● 70% off HelloFresh or Green Chef boxes● Company pension scheme● Gym membership● Bupa private medical insurance (including dental & family cover options)● Electric vehicle scheme● Bippit account - financial support ● Free professional development and coaching memberships● Mental health first aiders and an employee assistance programme● Dog friendly office! (London site only)● If in the office, enjoy a free breakfast every day● Eye care scheme● Cycle to work scheme● Group Life Assurance

Location: The HelloFresh Farm, 60 Worship Street, EC2A 2EZ, London / DC Site(s)

Work Schedule: Hybrid working - 50/50 remote working & flexible start/finish times (role dependent)

Next steps: Your application will be reviewed and if successful, a member of the Talent Acquisition Team will be in touch within 2 weeks.

You are required to cooperate with HelloFresh in all health and safety matters. You are responsible for ensuring you take reasonable care of your own health, and safety as well as others who may be affected by the work activities you undertake. You must report incidents immediately and actively raise health and safety-related concerns to your Line Manager.

If you are currently a HelloFresh employee, please make sure you have discussed your application with your Line Manager.