I am looking to find a Data Protection Officer and Information Governance Lead to work in the National Health Service.
Main Duties and Responsibilities
Knowledge of national and European data protection laws and practices and an in depth understanding of the GDPR
Sufficient understanding of the processing operations carried out in the NHS, as well as the information systems and data security and data protection needs of the Trust
To execute the Trust work plan and departmental actions in place for the Trust to maintain compliance with GDPR
To collate evidence for demonstrating compliance with the NHS Data Security and Protection Toolkit online self-assessment.
The DPO will ensure that appropriate confidentiality is maintained in the performance of his or her tasks and to be the first point of contact within the Trust internally for all data protection matters. In performing his or her tasks as the DPO they must ensure that DPO responsibilities are not influenced in any way, and should a potential conflict of interest arise to report this to the Data Protection Officer and Information Governance Manager.
To develop or advise senior management on the development and establishment of policies, procedures and other measures to ensure compliance with GDPR, including but not limited to:
Records of processing activities
Data protection by design and default
Data protection impact assessment
Managing Freedom of Information requests and responses with the view of implementing Trust publication scheme to streamline requests. Maintain and develop IG department intranet site and Freedom of Information publication scheme
Key Result Areas
At a high level, the key result area is to ensure that the organisation can demonstrate compliance with all the requirements of the GDPR. Key components of this include, but are not limited to;
Policies and procedures that comprehensively address the requirements of the GDPR, and that are available and current
Information provided to patients or services users are fit for purpose, up to date, and signpost to procedures that address subjects' right under the GDPR
A database that holds and can provide on request details of all processing activities with the data required by the GDPR
Evidence that privacy by default and design principles are incorporated in all processing
Evidence that data protection impact assessments are conducted in appropriate circumstances, and that their conclusions mitigate risk and are assured
Evidence of passing the NHS Data Security and Protection Toolkit online self-assessment
Routine documented reports to the Quality & Sub-committee and Trusts Executive Directors when required on the Trusts state of compliance
Manage all KPI's and ensure that all information is accurately recorded