A question we receive all the time in the Privacy team is “What does work in Privacy and Data Protection look like?” Regardless of if you’re looking at Privacy and Data Protection for a future career change, or just want to know a bit more about what the team does, I’m sure you’ll find some valuable insight below.
Privacy is a hugely far-ranging subject, which is made even more complicated by the constantly evolving landscape within the field. Privacy professionals need to keep pace with new technologies, changing regulations, and a steadily increasing public awareness of their data rights – this means that every day on the job can be a unique learning experience. It means you’ve got a constant source of intellectual stimulation that can lead to a whole range of diverse career opportunities; from healthcare, to finance, to technology, to, of course, the travel industry. This diversity allows you to find a career that can suit both your interests and your experience, or even give you an opportunity to try something completely new.
While that is how privacy works in general, how does this look here at CUK? Well let’s get in touch with our Privacy team for a quick overview.
Darren is the Data Protection Officer for Carnival plc, independently advising the wider business on compliance with global data protection law and regulation. Within Carnival UK he leads the Privacy & Data Protection team. His days are never boring, whether he is working with his counterparts across the global corporation to define expectations and monitor data protection compliance, providing advice on exciting initiatives with data protection impacts, or working with external parties such as police forces and government agencies. He is Carnival UK’s main contact for global data protection regulators, and advises on law enforcement enquiries whilst also providing leadership and expertise on complex information rights and incidents, both for the global privacy team and the business as a whole.
Sam is the Senior Manager in charge of operational data protection, and line manager of Adam and Kirsty. On a normal day she supports our compliance outcomes by investigating personal data incidents and escalated complaints from individuals, working with colleagues across the business including the Contact Centre, Medical, and Finance. She provides guidance on determining the root cause of incidents, understand trends, and expertly advises on process and policy improvements to avoid repeats. Sam is a point of escalation for information rights and general data protection advice, helping the business maintain compliance with its privacy and data protection obligations. In conjunction with our global colleagues, she contributes to our corporate data protection policy and processes.
Karen is the Senior Manager for Privacy by Design (PbD) and provides data protection advice across the whole of CUK. She manages our privacy assessment work, supporting teams and individuals with their data protection impact assessments (DPIAs), contract and agreement reviews, legitimate interest assessments (LIAs) and other privacy enquiries. Privacy by Design is an important exercise for any new or changed activity that involves personal data; done properly it helps ensure that our business demonstrates that we meet the data protection principles throughout all we do in handling the personal data of our customers, clients, employees, and business partners. It involves thinking about data protection from the beginning of your project or activity, and building in privacy controls that are appropriate for the lifecycle of the personal data you are handling. A need for PbD can come from any part of the business such as marketing initiatives, digital projects, new IT systems, transformation projects and processes, and so on. Karen is your first privacy team stop for advice on these matters, to help you understand how to do it within the requirements of the law. Karen, along with Sam, is also involved in supporting business change and leading implementation of local policy, making sure we fulfil our obligations and objectives across the wider team.
Adam’s focus is on Training, Awareness, and Third Parties for the Privacy Team. As well as being the author of this article, he is one of the first people new starters meet as a part of the Privacy side of the CUK Inductions, as well as separate contact centre inductions for those of you working full time remote. He creates and runs bespoke training for various business areas by request and is the SME for Privacy and Data Protection on eLearning Content. He can be found speaking to various people from across the entire business, helping them fulfil our legal obligation to record how we share data with our third parties. He supports the team with providing guidance on privacy incidents and other enquiries coming to our inbox (Privacy@carnivalukgroup.com!) and is the Privacy SME for our Third-Party Privacy & Security Risk Management Review process.
Kirsty is our Information Rights Specialist, some of her responsibilities include ensuring that we respond to all information rights requests inside of our legally mandated response times, as well as dealing with various enquiries from law enforcement and other agencies. These can include getting information from all over CUK, from emails, to Teams messages, to medical reports. Ultimately, if it’s something we’ve recorded about someone, it may be something that needs to be released, erased, or dealt with, depending on the nature of the request. She also heads up the redaction and screening process to ensure that which we send out is accurate, and specific to the request. That’s all on top of dealing with incidents from across the business, and being the primary point of contact for any information rights questions or queries.
The whole team always works together to ensure that we hit any of our regulatory mandated timelines, so there are times when we need to pivot from our standard day to make sure we can fulfil those requirements, or if the business has a pressing need that arises that must take priority. Suffice to say, we’re always busy and it is never the same day twice!
As I hope you can see, working in Privacy and Data Protection is about a lot more than just managing data. It’s about safeguarding our fundamental rights, it’s about building trust both with our Guests and our colleagues, and it’s about contributing to a rapidly advancing, safer, and more secure digital world. Thanks for reading, and you can always reach out to the team at Privacy@carnivalukgroup.com if you have any questions or queries!