Group Data Protection Advisor

Arriva is a leading provider of passenger transport across Europe, employing around 34,400 people and delivering around 1.6 billion passenger journeys. With buses, trains, coaches, trams, waterbuses, bike-sharing systems, on-demand transport solutions and a rolling stock leasing company, Arriva proudly connects people and communities safely, reliably and sustainably across 11 countries, delivering these services in a better way, every day.

We have strong roots dating back to 1938, an ambitious growth agenda, and a continuously developing relationship with our new shareholder I Squared Capital who acquired Arriva in May 2024.

We have a fantastic opportunity to join our Corporate Centre as Group Data Protection Advisor reporting to the Head of Data Protection/Group Data Protection Officer.

The Group Data Protection Advisor will be responsible for providing expert advice and guidance on data protection, GDPR and Privacy by Design. The role will also support on the deployment of the privacy compliance strategy and framework across the Group, and its individual businesses within the UK and Europe. In addition, the Group Data Protection Advisor will be responsible for assisting and enabling the business to maintain and further develop data protection compliance initiatives in support of separation activities, working across Europe.

This role can be based from either our Sunderland, London or Leicester offices, a minimum of 2 days per week with the rest focusing on where you can best deliver, whilst still allowing for the required work life balance. The role operates Monday to Friday, 35 hours per week with 1 hour lunch per day.

Key responsibilities of the role:

Acting as a liaison across Arriva business, the Group Data Protection Advisor will be working on the following activities:

• Supporting the Head of Data Protection and Group Data Protection Officer in all matters relating to the protection of Arriva’s customer or employee personal data, as well as that of any relevant third parties.
• Providing subject matter expertise across all of Arriva to guide our business to be compliant to relevant data protection laws at all times.
• Leading our business wide network of data champions to ensure our best practice guidance and Group data protection policies and standards are followed.
• Coordinating a business wide review of Records of Processing Activities (ROPA), educating all legal entities to ensure they are able to keep up to date documentation that accurately reflects the personal data they process, as required by law.
• Communicating any identified data protection risk with stakeholders, clearly articulating potential ways forward, their associated risk, and appropriate remedial activities, all the while providing a subject matter expert view of best practice.
• Supporting procurement and due diligence activities across both supplier and system reviews, providing data protection assurance as required, in line with the Cyber Security and Information Assurance (CSIA Policy Framework). Including the review of relevant data protection schedules within supplier contracts, providing internal stakeholders with subject matter expert advice during contract reviews.
• Supporting group stakeholders in conducting privacy impact assessments (PIA) and other relevant data protection risk assessments, ensuring all processing of personal data with a high impact has been fully assessed and documented.
• Supporting group stakeholders and the Head of Data Protection and Group Data Protection Officer in investigating data breaches including advising on breach resolution, in accordance with established organisational processes.
• Providing operational support across the business for the response to Data Subject Requests, manage responses to Subject Access Requests in some sensitive cases.
• Developing and delivering tailored training sessions and workshops to improve the business understanding and application of data protection requirements.
• Developing and maintaining effective tools to assist business areas with ongoing GDPR compliance activities, including supporting the Head of Data Protection and Group Data Protection Officer in strategic activities such as the definition of data protection key performance indicators and targets, and creation of associated reporting dashboards.
• Supporting the Head of Data Protection and Group Data Protection Officer in carrying out data protection compliance assessments and improvements plans, including the production of compliance reports for senior stakeholders.
• Supporting the Head of Data Protection and Group Data Protection Officer in assessing any opportunity to obtain accreditation under certification schemes due to be issued by the European Data Protection Board.

What we'd like from you!

We’re looking for candidates who can demonstrate experience in a dedicated data protection/privacy role within a complex corporate environment, with a valid CIPP/E certification.

A CIPP/M certification and experience dealing ISO27001 and PCI-DSS are desirable but not essential.

We’re also looking for candidates who:

• Are comfortable and confident in delivering training and awareness programs, including in a face-to-face environment.
• Have robust understanding and demonstrable interest in data protection including relevant data protection laws and regulations, as well as information security and record keeping legislation.
• Have proven experience working with colleagues to deliver, design and implement pragmatic and risk appropriate controls that are designed to support business functions in large, complex multi-supplier/multi-platform environments.
• Are experienced working across a pan-European enterprise in a defederated organisation structure.
• Are experienced in requirements gathering, including through interviews or facilitating workshops.
• Have proven experience of business process documentation and improvements.
• Have excellent interpersonal skills with ability to build strong relationships with business and technical stakeholders and suppliers.
• Can demonstrate good communication skills to develop design and present knowledge support materials to users.
• Are able to work independently, prioritise, demonstrate professionalism, enthusiasm and tenacity to create confidence.
• Are able to handle confidential information with integrity.
• Are able to work flexibly in a multi-skilled team and co-ordinate offshore resources to meet our commitments to the business.

Finally, we’re looking for candidates aligned to Arriva’s values: caring passionately, doing the right thing and making a difference.

• True hybrid working – focusing on where you can best deliver for your customers, whilst still allowing for the required work life balance.
• A generous pension plan.
• Life Assurance plus access to one of the UK’s largest networks of medical professionals.
• Modern offices, with excellent transport links.
• 25 days holidays and statutory bank holidays per year (pro rata for mid-year joiners), and opportunity to purchase additional holiday in eligible windows.
• Access to our Employee Assistance Programme (EAP).
• Access to discounts and cash back through ‘The Village’ – our Online Reward Gateway.
• Eyecare vouchers.
• The opportunity to join our Employee Experience Forum – a community of people leading activity and initiatives to enhance Wellbeing, Career Development and Communications within our community in the Corporate Centre.
• The opportunity to join a Global Arriva Inclusion Network (GAIN) group- a community of people who are passionate about equality, diversity and inclusion.
• Free Arriva bus travel for you and immediate family outside of London – T&C’s apply
• And a truly wonderful team to be joining!

Why work for us?

Arriva is a people focused business. In every part of Arriva, our people deliver high standards of customer service and work together to demonstrate kindness, determination, and resilience.

Our values were created by Arriva people. They guide our actions and the way we work, helping to reflect and shape our culture. They focus on caring, integrity and making the difference.

Our people choose to work for us, and to stay with us, because we are a great place to work. At Arriva, we strive to create a culture where we can all be ourselves, where we belong, feel respected and our differences celebrated.

We actively seek out and value difference. We want our business to reflect the wide range of communities in which we operate, so we can serve them even better.

The closing date for applications is Sunday 15th December 2024. Arriva Group reserve the right to close this vacancy early.