Job summary
Are you an experienced Data Protection professional? Do you want to use your expertise to make a positive, meaningful difference?
St Margaret's Hospice Care has a fantastic opportunity for a Data Protection Officer to join our Governance team.
- Salary:£22,500 to £24,909 per annum (equivalent to a full time salary of £37,000 - £40,963)
- Location: Taunton
- Contract: Permanent
- Working pattern: 22.5 hours a week, Monday and Tuesday, with a choice of Wednesday to Friday
- Hybrid working: Option to work from home 1 day a week.
This role has become available due to upcoming retirement in March, allowing for a transition period when you first join.
Why Join St Margaret's Hospice?
- We take great pride in our strong culture of data protection compliance, which is deeply ingrained in everything we do at the Hospice.
- Have a meaningful impact by influencing and shaping the services we offer.
- Make a difference by joining a respected local charity with an outstanding reputation.
Main duties of the job
By building relationships and tailoring your approach, you will empower teams to integrate data protection into their everyday practices.
As our statutory Data Protection Officer, you will be the subject matter expert on all things relating to personal data and information governance.
As such, you will work with a wide range of diverse teams from retail to fundraising to Clinical each with their own unique needs.
Role-modelling best practice, you will engage proactively with colleagues to promote a culture of accountability, transparency and compliance with data protection regulation.
About us
You won't just be joining a fantastic team. You'll be part of a welcoming, community minded charity.
Our mission is to provide excellent specialist palliative care for patients and support to their families.If you speak to any of our staff or volunteers, they will tell you how the patient is at the heart of everything they do.
If you're looking for a role where you can really make a difference, working as part of a supportive team, we could be a perfect match.
Holiday entitlement
- 33 days holiday including bank holidays rising to 35 days after 1 year, and increasing with length of service (pro-rata if part-time)
- Ability to buy and sell annual leave
Pension scheme
- NHS employees eligible to continue with their NHS pension scheme*
- Non-NHS employees will receive 5.5% employer and 5% employee contribution.
Award-winning Employee Assistance Programme for you and your family offering:
- Vitality & wellbeing health portal for non-emergency care
- Unlimited access to 24/7 online GP Consultationsas well as Expert Case Management
- Confidential and free 24-hour Employee Assistance
- Counselling and support
- Legal, financial, and medical information and advice
And more
- Life assurance cover 2x salary
- Health Cash Plans
- Blue Light Discount Card
- Enhanced maternity leave*
- Excellent learning and development opportunities
- Free on-site parking in Yeovil and Taunton
- Volunteering and fundraising opportunities
*Eligibility Criteria Applies
Job description
Job responsibilities
- Remain up to date with relevant legislation and maintain expert
knowledge of UK GDPR, Data Protection Act and associated guidance, advising
the Executive Team, Board, data controllers, data processors, staff and
volunteers of their obligations
- Act as the main point of contact for internal and external
stakeholders (including staff, volunteers, data subjects, regulators and
third parties) on data protection issues
- Design, implement and evaluate internal control and assurance
systems to monitor compliance with data protection legislation; plan and
deliver compliance audits, assess risks and assign responsibilities to
address areas of non or partial compliance
- Conduct or oversee investigations into data breaches and
near-misses, ensure appropriate notification and reporting to the ICO, ensure
actions and learning are implemented
- Embed a culture of data protection and information governance
compliance; develop and deliver training, induction and education
- Draft, develop and review data protection policies, procedures,
protocols and guidance to reflect current legislation and organisational need
in consultation with key stakeholders
- Co-ordinate and process subject requests and requests under the
Access to Health Records Act, ensure timely and lawful responses
- Ensure an effective system for completion and review of Data
Protection Impact Assessments (DPIAs), provide expert advice where required
and advise on high-risk processing
- Maintain accurate and comprehensive records of processing
activities, prepare formal quarterly reports and annual returns
- Provide
expert review of contracts, service level agreements and data sharing
agreements to ensure data protection safeguards are included and implemented
- Chair the
Data Protection Group, contribute to relevant governance and risk meetings
and provide briefings to the Executive Team and Board
- Work
collaboratively with teams to ensure an integrated approach to information
governance and organisational assurance
- Contribute
to the development and delivery of quality and risk management, provide team
cover for governance related tasks, such as, incident reporting and general
advice
- Horizon-scan
for emerging risks, regulatory changes and new technologies which may impact
data protection, assess implications and make recommendations
Job description
Job responsibilities
- Remain up to date with relevant legislation and maintain expert
knowledge of UK GDPR, Data Protection Act and associated guidance, advising
the Executive Team, Board, data controllers, data processors, staff and
volunteers of their obligations
- Act as the main point of contact for internal and external
stakeholders (including staff, volunteers, data subjects, regulators and
third parties) on data protection issues
- Design, implement and evaluate internal control and assurance
systems to monitor compliance with data protection legislation; plan and
deliver compliance audits, assess risks and assign responsibilities to
address areas of non or partial compliance
- Conduct or oversee investigations into data breaches and
near-misses, ensure appropriate notification and reporting to the ICO, ensure
actions and learning are implemented
- Embed a culture of data protection and information governance
compliance; develop and deliver training, induction and education
- Draft, develop and review data protection policies, procedures,
protocols and guidance to reflect current legislation and organisational need
in consultation with key stakeholders
- Co-ordinate and process subject requests and requests under the
Access to Health Records Act, ensure timely and lawful responses
- Ensure an effective system for completion and review of Data
Protection Impact Assessments (DPIAs), provide expert advice where required
and advise on high-risk processing
- Maintain accurate and comprehensive records of processing
activities, prepare formal quarterly reports and annual returns
- Provide
expert review of contracts, service level agreements and data sharing
agreements to ensure data protection safeguards are included and implemented
- Chair the
Data Protection Group, contribute to relevant governance and risk meetings
and provide briefings to the Executive Team and Board
- Work
collaboratively with teams to ensure an integrated approach to information
governance and organisational assurance
- Contribute
to the development and delivery of quality and risk management, provide team
cover for governance related tasks, such as, incident reporting and general
advice
- Horizon-scan
for emerging risks, regulatory changes and new technologies which may impact
data protection, assess implications and make recommendations
Person Specification
Education and Qualifications
Essential
- Maintain expert knowledge of data protection and related legislation
- Proficient in Microsoft Office Suite or related writing and presentation software
Desirable
- Recognised data Protection qualification or desire to work towards a qualification
- Pursues continuous professional development.
Self Awareness
Essential
- Handle confidential information with discretion and sound ethical judgement
- Balance legal duties with organisational needs in a practical and proportionate approach
Desirable
- Manage pressure and sensitive situations with resilience and composure.
Working with others
Essential
- Communicate complex legal and technical concepts clearly and persuasively in an understandable manor
- Influence and negotiate effectively with tact and sensitivity.
- Work independently and part of a team to embed a culture of governance and data protection compliance.
Desirable
- Build trusting relationships internally and externally, demonstrate active listening skills and challenge appropriately
Outcome and Results
Essential
- Chair effective meetings to ensure engagement with attendees
- Excellent verbal and written communication skills, demonstrating consistent accuracy and attention to detail
- Strong organisational and time management skills
Leading in your area
Essential
- Minimum of three years' experience working in data protection compliance or a related field, embedding data protection culture
- Expertise in data protection laws and practices
- Champions integration of data protection
Desirable
- Work with team members and wider team to progress the business and governance strategy
- Experience within a legal, audit and/or risk function
Person Specification
Education and Qualifications
Essential
- Maintain expert knowledge of data protection and related legislation
- Proficient in Microsoft Office Suite or related writing and presentation software
Desirable
- Recognised data Protection qualification or desire to work towards a qualification
- Pursues continuous professional development.
Self Awareness
Essential
- Handle confidential information with discretion and sound ethical judgement
- Balance legal duties with organisational needs in a practical and proportionate approach
Desirable
- Manage pressure and sensitive situations with resilience and composure.
Working with others
Essential
- Communicate complex legal and technical concepts clearly and persuasively in an understandable manor
- Influence and negotiate effectively with tact and sensitivity.
- Work independently and part of a team to embed a culture of governance and data protection compliance.
Desirable
- Build trusting relationships internally and externally, demonstrate active listening skills and challenge appropriately
Outcome and Results
Essential
- Chair effective meetings to ensure engagement with attendees
- Excellent verbal and written communication skills, demonstrating consistent accuracy and attention to detail
- Strong organisational and time management skills
Leading in your area
Essential
- Minimum of three years' experience working in data protection compliance or a related field, embedding data protection culture
- Expertise in data protection laws and practices
- Champions integration of data protection
Desirable
- Work with team members and wider team to progress the business and governance strategy
- Experience within a legal, audit and/or risk function
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
