PostNord Strålfors AB

Data Protection Manager

PostNord Strålfors develops and offers communication solutions that give companies opportunities for personal and strong customer relationships. PostNord Strålfors is an important part of society's communication infrastructure and annually handles over one billion communication messages and invoices for its customers in the Nordic region. PostNord Strålfors is part of the PostNord Group, the leading communications and logistics group in the Nordics. PostNord Strålfors has operations in four countries and has around 700 employees and a turnover of just over 2,2 billion (2023).

Do you want to be part of and create an impression in a digital transformation in a Nordic technical communication company by working with data protection?

Purpose with the position

The position assists the PNSF group in ensuring data protection compliance by implementing a structured way of working with personal data and security of personal data. When prioritizing task’s a risk-based approach shall apply, and the work shall be planned in close collaboration with the Data Protection Officer (DPO). The service thus ensures support for organizations’ work with data protection and drives the work forward and towards an increased degree of compliance. You serves as a change agent, systematically driving continuous improvement and change throughout the business.

Areas of responsibilities

  • Ensure that processes for data protection are documented, quality assured, described, communicated, and aligned within the PNSF group.
  • Ensure that processes for data protection are documented, quality assured, described, communicated, and aligned within the PNSF group.
  • Act as a support and an advisor on developing business processes, IT systems and when procuring new services and IT systems.
  • Act as a support and an advisor during suspected personal data breaches, in collaboration with the DPO
  • Support and inform the DPO according to GDPR and EDPB guidelines.
  • Ensure that improvement gains are sustained by developing effective control plans and working with process owners and system owners.
  • Train, support, and structure the work of the Data Protection Coordinators (DPC).
  • Ensure that best practices are shared across the organization.
  • Build a good data protection culture in the company, collaborate with the DPCs and the DPO.

Main working activities

  • Develop, implement, and support processes for ensuring data protection and compliance of the GDPR.
  • When needed, be the super user/administrator of IT-systems to support a structured way of working with data protection in the organization.
  • Update all relevant privacy notices and maintain records of previous versions.
  • Answer questions from customers and the organization.
  • Carry out training and risk workshops.
  • Keep records of completed educations and awareness trainings.
  • Assess and advise on new or updated processing activities.
  • Keep relevant information on how to work with data protection accessible and updated to the organization, i.e., the site.
  • Update guidelines, procedures, instructions on data protection
  • Create, collect, and keep documentation to demonstrate compliance with the GDPR and other relevant data protection legislations in Sweden, Norway, Finland, and Denmark.
  • Ensure answers are collected in relevant audits including the yearly GDPR-audit.

Competence requirements

  • University degree in law, information security, political science, technology, or other suitable education for the role.
  • 3-5 years documented working fulltime with data protection
  • Experience working with organization in the processor role
  • Proven success in driving large and complex projects
  • Proven success in structuring and implementing processes
  • Continuous improvement
  • Fluent in English and Swedish/Danish/Norwegian/Finnish, with a strong communication skill in writing, speaking, and presenting
  • Personal skills are important, like being both brave and humble, and with a keen sense for integrity

Meritorious experience

  • Experience from working with data protection in the financial sector
  • Knowledge on Change Management 
  • CIPM (Certified Information Privacy Officer), CIPP (Certified Information Privacy Professional) or other equal certification in privacy and data protection.

About you

If you can say yes to being structural, ambitious, commercial and positive – then you could be the person we are looking for. We are looking for a person who wants to make a difference and who believes that compliance and the protection of personal data is an absolute business imperative. We believe that you are a self-motivated person with a structured way of working. You are used to taking responsibility with the ability to work both in a team and independently. At Strålfors, we encourage ABC self-leadership by being responsible (Accountable), brave (Brave) and committed (Committed) and these are qualities that we live by and value.

The team

You will belong to the Responsible Business team together with four talented colleagues who have the same passion as you, to make things better. The team is responsible for developing, maintaining and complying with sustainability, quality and security including information security and privacy in PostNord Strålfors, which covers Norway, Sweden, Finland and Denmark. We have individual responsibilities but work closely together as each of our areas have dependencies.

The position’s most important internal and external contact points:

  • Organization on Group and Country level
  • Data Protection Officer
  • Data Protection Coordinators
  • Responsible Business including Information security

We offer you a full-time job, working to create a better company and working with great colleagues. The role is located in our office in Stockholm or any of our other offices. Possibility to work partly remotely.