Download IAG Group Data Protection Officer JD

Job Description
“To attract and develop the best people in the industry”
Role Title: Group Data Protection Officer
Purpose of the role
The Group Data Protection Officer will be responsibility for overseeing the Group’s data
privacy compliance programmes. The role is appointed to fulfil the statutory obligation under
the *General Data Protection Regulation to appoint a Data Protection Officer (DPO) for the
Group companies meeting the statutory criteria.
Scope of the role
Job Grade
3B
Department /
Location
London
Number of direct reports
-
Employment Status
Permanent
-
Reporting to
IAG General Counsel
Budget responsibility
Accountabilities
Data Protection Officer for the Group (includes IAG, British Airways, Iberia, Vueling, Aer Lingus,
Avios and any other subsidiaries which fulfil the mandatory *GDPR or local requirements for
appointing a DPO) including the following responsibilities:
-
-
manage the assignment of responsibilities to deliver compliance with data protection
laws and policies of the Group including through the privacy managers, teams and
champions in the Group businesses
inform and advise on data protection laws and Group policies
maintain data protection policies and procedures
monitor compliance with data protection laws and Group policies
oversee the maintenance of records required to demonstrate data protection
compliance
supervise and advise on data protection impact assessments
manage a program of awareness-raising and training to deliver compliance and to foster
a data privacy culture within the Group
manage an assurance program and related audits
support the data incident response and data breach notification procedures
IAG Group Data Protection Officer JDv3
Page 1 of 2


be the contact point with and co-operate with the relevant Data Protection Authorities
and to data subjects when exercising their individual data rights as well as supervise and
advise on the response to such requests
Provides updates on the data protection compliance programme to the IAG Board and
Management Committee and those of other subsidiaries (notably those for which they
are a DPO) as appropriate
Participate in IAG Cyber Security Governance Board and other relevant working groups
Key Relationships / Interfaces







Data Protection Authorities
Senior leadership and management teams in IAG and its subsidiaries
Legal Departments
Group IT (including IT Security)
Group Digital
Customer and Marketing teams
People/HR teams
Required Skills, Qualifications & Experience















A legal, compliance, IT security/ InfoSec or audit background
Expert knowledge of data privacy legislation including GDPR including in at least one of
UK, Ireland or Spain and be able to draw on the privacy teams and expertise within the
Group including local data protection laws
Experience in a similar type of role in a multinational business and dealing with DPAs,
governments and industry bodies
Experience in managing data incidents and breaches
Knowledge of cybersecurity risks, PCI DSS and other information security standards
Experience in aviation industry useful
Ability to make good judgements regarding data privacy risks and to prioritise resources
and activity around managing those risks
Able to conduct the role independently and with integrity
Ability to plan, organise and prioritise tasks and projects
Good personal communication skills capable of dealing with wide range of stakeholders,
including senior management
Proven ability to establish and maintain a high degree of confidentiality, respect, trust
and credibility at all levels
Strong team player and proven ability to lead and manage a team
Enthusiastic and positive
The ability to remain calm, controlled and resilient
Fluent in English (mandatory) and Spanish (desirable)
IAG Group Data Protection Officer JDv3
Page 2 of 2