Rhys Davies
Cardiff
Summary
Extremely hard working and self-motivated Data Protection Officer & Compliance Professional with more than 20 years of experience in the finance, insurance and legal sectors, and 10 in management or senior positions.
Experience of building and developing a compliance framework in an FCA regulated environment, and leading projects to implement new regulations such as GDPR, Consumer Duty, and the SM&CR.
During my time at NewLaw I lead the data destruction project which involved collaboration with internal stakeholders and external partners. This project required a high level of attention to detail, clear communication that required adapting to different audiences, balancing risk appetite with regulatory compliance and commercial expectations.
I was also a vital member of the multi departmental team that was required to guide the business through and recovery from a serious cyber incident which disabled the business for two months. This not only required subject matter expertise but patience, resilience and a calm temperament in a stressful and uncertain situation.
I was a standing member of the NewLaw Compliance and Risk Committee which required quarterly reporting to the board and the Group Compliance Committee which included compliance, data protection and information security leaders from across the Group.
Extensive experience with complex DSARs where GDPR compliance needed to be considered in conjunction with Client Confidentiality and Legal Professional Privilege.
I am also a passionate advocate for neurodivergent individuals in the workplace and wider society.
Overview
28
28
years of professional experience
3989
3989
years of post-secondary education
1
1
Certificate
Work history
Data Protection & Compliance Officer
NewLaw Solicitors-Cardiff
Cardiff
2023.10 - 2026.02
- As the Data Protection & Compliance Manager at NewLaw Solicitors I - Ensure compliance with UK GDPR and other applicable data and information security protection legislation.
- Ensure effective systems and controls are in place to enable the business to comply with their legal obligations.
- Monitor and report on internal compliance.
- Monitor solutions & controls to eliminate vulnerabilities.
- Act as an intermediary between relevant stakeholders (internal and external) including ICO, data subjects and business units.
- Act as a focal point for data and information security activities and foster a good data and information security culture.
- Maintain the company’s Information Security Framework and underlying policies, procedures, standards and guidelines.
- Ensure Data Subjects requests are actioned appropriately and within regulatory timescales including DSARs and data deletion. This included complex DSARs where GDPR compliance needed to be considered in conjunction with Client Confidentiality and Legal Professional Privilege.
- Actively ensure appropriate administrative, physical and technical safeguards are in place to protect the company’s information assets and data from internal and external threats.
- Identify, introduce and implement appropriate procedures, including checks and balances, are in place to test these safeguards on a regular basis.
- Conduct and complete annual reviews and audits as required, engaging both internal business partners across the organisation and external resources.
- Advise upon the requirement for data protection impact assessments (DPIA) across all business areas and monitor the performance of the DPIA.
- Identify and risk assess data processing operations and maintain a record of processing activities.
- Direct action and monitor data breaches.
- Ensure effective staff training programs are in place to increase security and data protection awareness across the business.
- Support the Compliance Team as required ( in addition to data & information activities) with complaints, professional negligence risk and other project and audit work.
Compliance Manager
ActiveQuote Ltd
Cardiff
2014.04 - 2023.10
- My role at ActiveQuote is to monitor, maintain and develop the company’s Risk and Compliance policies and processes in line with the evolving regulatory landscape. My duties range from conducting reviews of the operational business with regards to Financial Crime risks, TCF and Data Protection legislation, preparing and disseminating the Risk Register Report to dealing with Data Subject requests.
- A crucial aspect of the role is championing a strong compliance culture with a focus on treating the customer fairly. This involves keeping abreast of FCA publications and engaging in industry conversations to help instil the correct values, principles and behaviours into the corporate culture. I am responsible for writing and delivering the periodical Compliance training in order to assess the competency of the advisers and other operational departments. I have also designed and presented ad hoc sessions on policy and regulatory changes such as Vulnerable Customers, the SM&CR and GDPR. I was the project lead in the implementation of the GDPR and qualified as an EU GDPR Practitioner through the GASQ certification course. This has enabled me to be appointed as the Data Protection Officer for ActiveQuote. The remit and responsibilities of this role are in line with the EC and ICO requirements. Gaining the CIPM qualification has provided me with a more in-depth view of information privacy and given me the knowledge to create a Privacy Management Program.
- One of my driving motivations in my role is the fair treatment of customers, especially those with vulnerabilities, helping to develop and foster a culture within and throughout ActiveQuote that places customer outcomes at the top of its priorities. In doing this I’ve created our own internal processes for recognising and dealing with vulnerable customers. I’ve also created a process for ESL customers and provided training on them.
- Naturally, mitigating the various risks posed to the business itself is the bulk of my job. Creating processes to protect ActiveQuote from external risks has been a feature of the last few years. The invasion of Ukraine and the huge expansion of the Russian Sanctions list led to my creation of an in-house screening process which has proven effective. I also created an AML identification criteria and escalation process. This helps us identify suspicious activity and avoid being used to launder money, as well as the insurers we partner with.
- I am a member of the Diversity Champions Team which promotes and encourages equality, diversity and inclusion throughout the business.
Customer Accounts Exectutive
Admiral Insurance
Cardiff
2011.10 - 2013.05
- Customer Accounts October 2011 - May 2013
- During my time at Admiral I worked on the ‘Cheques’ team in the Customer Accounts department. The main duty was to process all payments on claims and policies made by cheque to the Admiral Group. This included banking a large volume of cheques on the accounting system and physically delivering all cheques to the bank. Another important part of the job was keeping record of statistics & critical data on all aspects of the job. This entailed creating and the upkeep of several spread sheets, and preparing weekly or monthly updates to various managers.
Commissioning Officer
Welsh Assembly Government - Welsh Language Development Unit
Cardiff
2010.08 - 2011.05
- For this 10 month period I was working on the commissioning department of the Welsh Language Development Unit. This was a grade B position. This role entailed various tasks throughout the school year. One primary role was to take ownership of arranging Needs Identification meetings.
- These meetings are designed to give teachers throughout Wales the opportunity to voice their opinions and recommendations on the provision of Welsh language teaching and learning materials. A meeting is held for each subject on the national curriculum. My role was to invite teachers, collate their responses, make arrangements with the venues holding the meetings, deal with any queries regarding the meetings and process payments relating to the meeting.
- This required a great deal of organisational and communication skills to ensure the events ran smoothly. A comprehensive and up to date list of attendees and their details was needed for each meeting so that various statistical analyses could be carried out. It was also important as the details could be used to improve communication for future meetings.
- Another of the main tasks was the processing of payments made to various individuals, companies and organisations relating to the commissioning department. From travel expenses, venue bookings, catering costs, costs for supply teachers to overnight accommodation.
- Other secondary tasks included updating spreadsheets with details of recently published materials and carrying out statistical analyses of meetings to ascertain various percentages and trends regarding responses and attendance.
Translation Service
Welsh Assembly Government
Cardiff
2009.03 - 2010.05
- Team Support March 2009 - May 2010
- Having been made redundant and spending several months retraining, I accepted a job as team support on the translation department of the Welsh Assembly Government. This entailed processing applications for translations from WAG, liaising with internal translators and external contractors. Other duties included raising purchase orders, receiving invoices, and keeping a detailed record of transactions. It was also essential that I was able to develop relationships with customers, manage expectations and maintain clear lines of communication. Welsh was the primary language spoken on the department amongst staff.
Underwriting Executive
Picture Financial
Newport
2005.02 - 2008.06
- The job entailed making decisions based on risk assessment, having been presented with applications for finance. This required good analytical skills, attention to detail and confident decision making. To do this I needed a broad but not detailed knowledge of FSA regulations, and an in-depth knowledge of company risk & compliance policy and underwriting criteria. I often needed to carry out background investigations on applicants who aroused suspicion or were withholding information and present any findings to my line manager or head of Risk & Compliance. Doing this I was able to uncover potential fraud and money laundering risks, and prevent non-creditworthy applicants taking on further debt and the company taking on further risk.
- Another aspect of my job was mentoring sales people. This involved gathering error reports and providing feedback on a monthly basis in order to improve the quality of their work. I also acted as a ‘buddy’ for new underwriters, training them until they were ready to work independently and act as a mentor to them. I was made employee of the month after taking sole control of the underwriting decisions for the largest broker, and providing them with a specialised and dedicated service. I was also appointed to head up the underwriting of Picture’s new near prime product, after my previous success.
Underwriter
FirstPlus Finance
Cardiff
1999.09 - 2005.02
- The responsibilities of this job were much the same as with Picture. I was a much less experienced underwriter, and as such didn’t enjoy as much responsibility. But I won employee of the month on two occasions due to my work ethic, attitude and value to the company.
Vetting Clerk
Forthright Finance
Cardiff
1997.09 - 1999.09
- My role was vetting applications for motor finance. This entailed telephoning customers, their employers and their banks to verify the details provided. This required me to be assertive but tactful at all times while extracting sensitive information, all whilst operating within the Data Protection Act.
Education
Compliance (Advanced Certificate in Compliance) - FCA Regulatory Compliance
International Compliance Training
BirminghamEnglish Literature (A Level) -
Ysgol Gyfyn Gymraeg Glantaf
CardiffFrench Literature (A Level) -
Ysgol Gyfyn Gymraeg Glantaf
CardiffCatering & Institutional Management (HND) -
Salford University
Salford 1993.01 - 1995.01
Fundamental Inspection & Testing (Certificate) - Electrician
City & Guilds
CardiffSkills
- Research & Investigation
- Root Cause Problem Solving
- UK GDPR
- Data Protection Act 2018
- FCA Regulations
- Data Privacy
Certification
- Certified Information Privacy Manager (CIPM) May 2019 to May 2021 - Issued by IAPP.
- EU General Data Protection Regulation Foundation (GDPR F) March 2018 to Present
- EU General Data Protection Practitioners (GDPR P) March 2018 to Present
- Different Types of Minds - City and Guilds April 2023 to Present
- Neurodiversity Champion June 2022 to October 2023 - Issued by AP Cymru
Languages
Welsh
Native
Timeline
Data Protection & Compliance Officer
NewLaw Solicitors-Cardiff
2023.10 - 2026.02
Compliance Manager
ActiveQuote Ltd
2014.04 - 2023.10
Customer Accounts Exectutive
Admiral Insurance
2011.10 - 2013.05
Commissioning Officer
Welsh Assembly Government - Welsh Language Development Unit
2010.08 - 2011.05
Translation Service
Welsh Assembly Government
2009.03 - 2010.05
Underwriting Executive
Picture Financial
2005.02 - 2008.06
Underwriter
FirstPlus Finance
1999.09 - 2005.02
Vetting Clerk
Forthright Finance
1997.09 - 1999.09
Catering & Institutional Management (HND) -
Salford University
1993.01 - 1995.01
Compliance (Advanced Certificate in Compliance) - FCA Regulatory Compliance
International Compliance Training
English Literature (A Level) -
Ysgol Gyfyn Gymraeg Glantaf
French Literature (A Level) -
Ysgol Gyfyn Gymraeg Glantaf
Fundamental Inspection & Testing (Certificate) - Electrician
City & Guilds
Links
https://uk.linkedin.com/in/rhysdavies3