Job summary
This is an important and varied role based at Great Western Hospitals NHS Foundation Trust. The Trust works closely with two other acute hospital Trusts within the region with a view to becoming a Group from 2026. The postholder will be required to work collaboratively with the wider teams based at Salisbury NHS Foundation Trust and Royal United Hospitals Bath NHS Foundation Trust, including their subsidiary private hospital.
The post holder will be responsible for monitoring and reporting on compliance with UK data protection legislation such as the UK GDPR and Data Protection Act 2018. They will provide expert advice and guidance in areas such as Records of Processing Activity (ROPA), Data Protection Impact Assessments (DPIAs), data breach management, and data sharing across the complex areas of corporate and clinical services. The Deputy IG Manager will have a sound understanding of current legislative requirements and will monitor continually changing technology advances and national requirements.
The post holder will be responsible for providing evidence to meet the Data Security & Protection Toolkit.
The post holder will be responsible for the line management of the IG Officer to ensure legislative and organisational requirements are met, including compliance with the Freedom of Information Act and Environmental Information Regulation.
The post holderwill report to and support the Head of IG and DPO, and will be required to deputise as and when required.
Main duties of the job
- Support the Head of IG and DPO in delivering the Information Governance workstreams to a high standard. This includes providing advice and assistance to colleagues in areas such as Information Security, Records Management, Freedom of Information, Data Protection, Subject Access, Confidentiality, Information Governance Assurance and Management.
- Develop and deliver plans to maintain and enhance the Trust's Information Governance Framework and regulatory compliance levels.
- Be a subject matter expert on all IG matters within the Trusts and as such provide a collaborative advisory and guidance service, on highly complex information legislation matters where there can be differing opinions
- Communicate technical and non-technical issues to multiple audiences with varying levels of knowledge and expertise. This includes patients, relatives, varying staff groups, including the Board, and third parties such as the police.
About us
Our STAR values - Service, Teamwork, Ambition and Respect - are a golden thread running through everything we do. These values serve as a guiding principle, driving us towards our vision of delivering great joined up services to our local community. Whether at home, in the community, or within the hospital, our goal is to empower individuals to lead independent and healthier lives.
Job description
Job responsibilities
- Ensure appropriate evidence is captured for audit and submission for IG related assertions within the Data Security Protection Toolkit (DSPT) external assessment.
- Develop recommendations to resolve issues of non-compliance in the Trusts offering a range of options which are suitable both for service provision and for legislative compliance.
- Monitor and audit compliance with policies and procedures across the Trusts through site visits, including inpatient, outpatient and corporate areas, initiating actions to address areas of non- compliance and reporting on progress and risks to the Head of IG and DPO and governance groups.
- Write, implement, review and update Trust-wide Information Governance policies, guidelines, protocols, procedures and processes to ensure safe and effective management of information and to promote consistency across the Trusts.
- Provide advice and monitoring on Data Protection Impact Assessments (DPIAs) and Digital Technology Assessment Criteria (DTACs), ensuring that DPIAs and DTACs are carried out on all relevant projects. Represent IG at project groups across the Trusts, providing subject matter expertise, giving advice and guidance on all aspects of IG.
Please see the attached job description for full information
Job description
Job responsibilities
- Ensure appropriate evidence is captured for audit and submission for IG related assertions within the Data Security Protection Toolkit (DSPT) external assessment.
- Develop recommendations to resolve issues of non-compliance in the Trusts offering a range of options which are suitable both for service provision and for legislative compliance.
- Monitor and audit compliance with policies and procedures across the Trusts through site visits, including inpatient, outpatient and corporate areas, initiating actions to address areas of non- compliance and reporting on progress and risks to the Head of IG and DPO and governance groups.
- Write, implement, review and update Trust-wide Information Governance policies, guidelines, protocols, procedures and processes to ensure safe and effective management of information and to promote consistency across the Trusts.
- Provide advice and monitoring on Data Protection Impact Assessments (DPIAs) and Digital Technology Assessment Criteria (DTACs), ensuring that DPIAs and DTACs are carried out on all relevant projects. Represent IG at project groups across the Trusts, providing subject matter expertise, giving advice and guidance on all aspects of IG.
Please see the attached job description for full information
Person Specification
Education
Essential
- Qualified to Degree level or equivalent training and experience
- Evidence of relevant continuing professional development
- Formal project management qualification or equivalent work experience.
Desirable
- IG qualification such as ISEB Certificate in Data
- Protection/Freedom of Information/Information Risk Management
- IS0 27001 qualification/training.
- Project Management qualification
Experience
Essential
- Knowledge and expertise across the Information Governance spectrum
- Proven and credible knowledge of hardware, software and systems
- Excellent analytical and technical skills including experience of Microsoft products, e.g. Word, Excel, Sharepoint, Teams and PowerPoint.
- Experience of managing projects
- Experience in the development and delivery of training courses and associated materials and ability to motivate staff groups through Information Governance workshops and training programmes
- Experience in developing management control mechanisms.
Desirable
- Awareness of the NHS environment and specifically of the NHS Information Governance framework.
- Experience of Electronic Document and Records Management Systems (EDRMS)
- Project management of big national rule change affecting multiple departments or relevant experience
Person Specification
Education
Essential
- Qualified to Degree level or equivalent training and experience
- Evidence of relevant continuing professional development
- Formal project management qualification or equivalent work experience.
Desirable
- IG qualification such as ISEB Certificate in Data
- Protection/Freedom of Information/Information Risk Management
- IS0 27001 qualification/training.
- Project Management qualification
Experience
Essential
- Knowledge and expertise across the Information Governance spectrum
- Proven and credible knowledge of hardware, software and systems
- Excellent analytical and technical skills including experience of Microsoft products, e.g. Word, Excel, Sharepoint, Teams and PowerPoint.
- Experience of managing projects
- Experience in the development and delivery of training courses and associated materials and ability to motivate staff groups through Information Governance workshops and training programmes
- Experience in developing management control mechanisms.
Desirable
- Awareness of the NHS environment and specifically of the NHS Information Governance framework.
- Experience of Electronic Document and Records Management Systems (EDRMS)
- Project management of big national rule change affecting multiple departments or relevant experience
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
Additional information
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).
From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).
