An exciting opportunity has arisen for a highly organised and motivated individual to join the information governance team an the Royal National Orthopaedic NHS Trust.
The post-holder is directly accountable to and responsible to the Information Governance as line manager, and will champion the General Data Protection Regulation (GDPR) across Trust activities. The post will act as a central and reporting point to the Data Protection Officer and Information Governance Manager and the Information Quality & Governance sub-committee.
The post holder will also be deputised as Data Protection Officer (DPO) as defined under the EU General Data Protection Regulation (GDPR) 2016. The DPO responsibilities include completion of the NHS Toolkit, advising on the Trusts compliance with GDPR and local data protection laws, monitoring adherence to GDPR standards and acting as a point of contact with supervisory authorities and data subjects. DPO will also create polices and inforce compliance with legislation and deliver NHS / GDPR training to staff to increase awareness of data protection measures. Details of the role are as follows:
Job Title: Data Protection Officer and Information Governance Support Lead
Location: Royal National Orthopaedic Hospital NHS Foundation Trust
Department: Information Governance Department
Pay: £38k-£40k (12 Month Fixed Term Contract - Perm)
Hours: Monday - Friday 9am-5pm
Start Date: ASAP
Main Duties and Responsibilities
•Knowledge of national and European data protection laws and practices and an in depth understanding of the GDPR
•To maintain good knowledge of data protection law and practices and how they apply to the Trust. To assist and monitor compliance with the GDPR and Trust policies including but not limited training for new and Data Security and Protection awareness training
•Sufficient understanding of the processing operations carried out in the NHS, as well as the information systems and data security and data protection needs of the Trust
•To execute the Trust work plan and departmental actions in place for the Trust to maintain compliance with GDPR
•To collate evidence for demonstrating compliance with the NHS Data Security and Protection Toolkit online self-assessment.
•To provide support, advice and assurance of compliance to the Information Quality & Governance sub-committee and Trust's Executive Directors when required.
•To ensure that the teams within departments are appropriately trained and maintain their expertise and draft documentation / templates and processes in line with legislation
•The DPO will ensure that appropriate confidentiality is maintained in the performance of his or her tasks and to be the first point of contact within the Trust internally for all data protection matters.
•To develop or advise senior management on the development and establishment of policies, procedures and other measures to ensure compliance with GDPR,
•To ensure that the information governance team operates effectively in supporting there function
•Provision of specialist advise to the Trust on compliance obligations
•Provision of advice and maintain risk logs for projects and business change initiatives on when data protection impact assessment is required
•To take account of the risks associated with processing in the performance of his or her tasks
•To cooperate with the ICO in any matters relating to data protection compliance including provision of evidence of compliance, and in relation to breach management
•Maintaining and monitoring the Trusts information and data flow mapping
Key Result Areas
At a high level, the key result area is to ensure that the organisation can demonstrate compliance with all the requirements of the GDPR. Key components of this include, but are not limited to;
•Policies and procedures that comprehensively address the requirements of the GDPR, and that are available and current
•Information provided to patients or services users are fit for purpose, up to date, and signpost to procedures that address subjects' right under the GDPR
•A database that holds and can provide on request details of all processing activities with the data required by the GDPR
•Evidence that privacy by default and design principles are incorporated in all processing
•Evidence that data protection impact assessments are conducted in appropriate circumstances, and that their conclusions mitigate risk and are assured
•Evidence of passing the NHS Data Security and Protection Toolkit online self-assessment
•Routine documented reports to the Quality & Sub-committee and Trusts Executive Directors when required on the Trusts state of compliance
•Manage all KPI's and ensure that all information is accurately recorded
•Educated to degree level in a relevant subject, or equivalent demonstrable experience.
•Specialist Data Protection qualification
•Evidence of on-going personal development and post qualification experience
•Experience of interpreting information legislation and guidance into organisational best practice
•Experience and evidence of delivering high standards of performance to achieve national and local targets
•Experience of working effectively in collaboration with other agencies
•Understanding of security and confidentiality rules, ideally within the public sector
If you think you have what it takes, and are interested in applying for this role or you want to discuss the role further, then please contact Tom at Service Care Solutions Ltd on [Click here to apply]
, or alternatively send an updated CV to [Click here to apply]