Connecting to LinkedIn...

Data Protection Officer

Job Title: Data Protection Officer
Contract Type: Permanent
Location: Stanmore, Middlesex
Salary: Up to £40000 per annum
REF: 15281/001_1544176637
Contact Name: Kieron Holmshaw
Contact Email:
Job Published: 6 months ago

Job Description

I am looking to find a Data Protection Officer and Information Governance Lead to work in the National Health Service.

Main Duties and Responsibilities

  • Knowledge of national and European data protection laws and practices and an in depth understanding of the GDPR

  • Sufficient understanding of the processing operations carried out in the NHS, as well as the information systems and data security and data protection needs of the Trust

  • To execute the Trust work plan and departmental actions in place for the Trust to maintain compliance with GDPR

  • To collate evidence for demonstrating compliance with the NHS Data Security and Protection Toolkit online self-assessment.

  • The DPO will ensure that appropriate confidentiality is maintained in the performance of his or her tasks and to be the first point of contact within the Trust internally for all data protection matters. In performing his or her tasks as the DPO they must ensure that DPO responsibilities are not influenced in any way, and should a potential conflict of interest arise to report this to the Data Protection Officer and Information Governance Manager.

  • To develop or advise senior management on the development and establishment of policies, procedures and other measures to ensure compliance with GDPR, including but not limited to:

    • Records of processing activities

    • Data protection by design and default

    • Data protection impact assessment

    • Fair processing

  • Managing Freedom of Information requests and responses with the view of implementing Trust publication scheme to streamline requests. Maintain and develop IG department intranet site and Freedom of Information publication scheme

Key Result Areas

At a high level, the key result area is to ensure that the organisation can demonstrate compliance with all the requirements of the GDPR. Key components of this include, but are not limited to;

  • Policies and procedures that comprehensively address the requirements of the GDPR, and that are available and current

  • Information provided to patients or services users are fit for purpose, up to date, and signpost to procedures that address subjects' right under the GDPR

  • A database that holds and can provide on request details of all processing activities with the data required by the GDPR

  • Evidence that privacy by default and design principles are incorporated in all processing

  • Evidence that data protection impact assessments are conducted in appropriate circumstances, and that their conclusions mitigate risk and are assured

  • Evidence of passing the NHS Data Security and Protection Toolkit online self-assessment

  • Routine documented reports to the Quality & Sub-committee and Trusts Executive Directors when required on the Trusts state of compliance

  • Manage all KPI's and ensure that all information is accurately recorded