Northampton General Hospital

Data Security and Protection Adviser

The closing date is 25 February 2026

Apply for this job

Job summary

We are seeking a motivated and knowledgeable Data Security & Protection (DSP) Adviser to join our Group DSP Team at University Hospitals of Northamptonshire. This is an exciting opportunity to play a vital role in safeguarding patient and organisational information, supporting Trust-wide compliance with data protection legislation, and helping staff deliver safe, secure and excellent care.

Main duties of the job

As a DSP Adviser, you will act as the first point of contact for routine Data Security & Protection queries and contribute to the delivery of the Group's Data, Security & Protection (DSP) strategy. Your responsibilities will include:

  • Providing clear, specialist advice on UK GDPR, Data Protection Act 2018 and confidentiality requirements.
  • Managing and investigating data security incidents via Datix, escalating concerns where appropriate.
  • Delivering DSP training sessions (classroom, small groups, MS Teams) and helping maintain compliance above required thresholds.
  • Maintaining key organisational records including the Information Asset Register and Information Sharing Gateway.
  • Supporting colleagues with Data Protection Impact Assessments, Privacy Notices and policy development.

About us

**Please submit your application as soon as possible as we reserve the right to close any adverts before the closing date once we have received sufficient applications**

Northampton General Hospital NHS Trust is one of the largest employers in the area and we are on an exciting journey. All our divisions are committed to doing things better, with more efficiency as we update, modernise, and advance. We have also entered a Group Model with neighbouring Kettering General Hospital NHS Foundation Trust and become University Hospitals of Northamptonshire.

Our Excellence Values

  • Compassion
  • Accountability
  • Respect
  • Integrity
  • Courage

We want to recruit the best people to deliver our services across the University Hospitals of Northamptonshire and help to unleash everyone's full potential.

The Hospital Group encourages applications from people who identify from all protected groups. We understand that we need to work with colleagues from diverse backgrounds and make sure the environment they work in is inclusive and collaborative.

We recognise the valuable contribution that the Armed Forces community make to our organisation. We have signed the Armed Forces Covenant and achieved Silver Award under the Armed Forces Employer Recognition Scheme.

We have active Networks that promote and support colleagues from all backgrounds. This ensures everyone feels supported and has a sense of belonging working for Kettering and Northampton General Hospitals.

Details

Date posted

11 February 2026

Pay scheme

Agenda for change

Band

Band 5

Salary

£31,049 to £37,796 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

265-7707808 COR

Job locations

Northampton General Hospital

Billing Road

Northampton

NN1 5BD


Job description

Job responsibilities

Data Security and Protection (DSP)

  • Provide specialist advice andassistanceto staff whererequiredon areas of complex information governance legislation, such as UK GDPR, Data Protection Act 2018 and the NHS Code of Practice on Confidentiality

  • To work closely with department colleagues, support services, clinical services,operational and strategic Data Security and Protection leads and internal and external DSP colleagues to promote excellent Information Governance, Data Security and Data Protection practice, by advising and supporting them in their understanding and delivery of these requirements.

  • To be aware of Data Security and Protection incidents and whereappropriate supportin the investigation process, ensuring relevant actions are taken and lessons learnt to prevent reoccurrence

  • Provide support for a programme of Data Security and Protection related work managed by the Head of DSP and locally directed by the DSP Team Leader

  • Log Serious Information Governance incidents on Data Security and Protection Toolkit incident reporting tool

  • Conduct Data Security and Protection user satisfaction surveys in line with Data Security and Protection Toolkit requirements.

  • Deputise for theDSP Team Leader, attending relevant meetings when necessary.

  • Provide support to other areas of the Data Security and Protection Team as directed by the Head of Data Security and Protection.

  • Be the first line of response for data security and protection queries providing support,adviceand guidance to key areas of the Trust including Research and Innovation, Complaints,Governanceand IT.

  • Develop andmaintainstandard operating procedures for all routine tasks carried out within the role.

  • Support the development,reviewand roll-out ofappropriate DSPrelated policies and procedures.

  • Manage DSP records, both paper and electronic, updating reports,maintainingaction plans,policiesand procedures etc.

  • Take a proactive role in the collation of the evidencerequiredfor the annual Data Security and Protection Toolkit submission andparticipatein improvement plans.

  • Maintain a register of Information Governance related incidents and produce regular reports from Datix, liaising with all departments and Risk Management asappropriate, leading on incident investigations where appropriate.

  • Maintain the Trusts Information Asset Register and undertake reviews in coordination with Information Asset Owners and Information Asset Administrators.

  • Supporting internal colleagues with the completion of Data Protection Impact Assessments, including highlighting data protection and security risks.

  • Update andmaintainthe Trusts Privacy Notice to ensure compliance with UK GDPR standards and internal policies.

  • Understand andmonitorcompliance with relevant legislation, particularly the common law duty of confidentiality, the Data Protection Act 2018, the General Data Protection Regulation, the Computer Misuse Act 1990, the Human Rights Act 1998;

  • Manage Information Sharing Agreements and flows via the Information Sharing Gateway, working with internal and external stakeholders to make sure these are appropriately documented.

  • Liaise with relevant internal and external stakeholders to ensure Information Sharing Agreements are completed and reviewed in line with GDPR.

  • Establish good working relationships with key staff in all departments across the Trust.

  • Implement policies and propose changes to Group DSP policies asappropriate, conducting monitoring compliance with those policies and protocols

  • conduct data protection impact assessments (DPIA) where necessary and ensure the Group adheres to the data privacy by design and default as set out in Article 25 GDPR

  • complete DPIAs to relevant team members and ensure cross partnership working with relevant project and transformation leads

  • Assist the DSP Team Leader in the collation of relevant reports and information for compliance reporting,inspectionsand internal assurance

  • Escalate incidents to the Team Leader immediate when they may meet the criteria for a Serious Incident / reportable to the ICO

  • Deputise for the DSP Team Leader whenrequired

  • work with the complaints team and directly with members of the public to communicate appropriatelyregardingany DSP grievances and queries

  • tomaintaintheir specialist knowledge in Data Protection Law and UK GDPR

  • update the Internet and Intranet pages for DSP asappropriate, ensuring it is up to date with pertinent advice and guidance, including applicable FAQs and relevant legislation

Training & Audit

  • Tobe responsible forthe Data Security and Protection training programme, including planning and liaison with the Learning and Development Team for the regular delivery of DSP training sessions

  • TomonitorData Security and Protection training compliance and to take all reasonable action to ensure that compliance levels aremaintainedat above 90% at all timesand take allpossible stepsto ensure 95% compliance is achieved annually for the DSP Toolkit assertion.

  • To ensure that this specialist knowledge is kept up to date and changes in legislation or national and local policy are communicated effectively to staff at all levels within the organisation

  • To input into and to support the Data Security and Protection communication strategy.

  • To undertake Data Security and Protection assurance check audits in clinical and non-clinical areas, to report findings and work with relevant teams to develop and monitoraction plans for improvement.

  • To review the Information Asset Register against the Information Sharing Gateway toidentifyassets and data flows which have not been documented.

  • Ensure that learning from Data Security and Protection incidents is incorporated into DSP training and awareness.

  • Training colleagues on the use of the Information Sharing Gateway and Information Asset Register.

  • Training colleagues on the practice of completing Data Protection ImpactAssessments.

  • Developing training and awareness materials and guidelines.

Job description

Job responsibilities

Data Security and Protection (DSP)

  • Provide specialist advice andassistanceto staff whererequiredon areas of complex information governance legislation, such as UK GDPR, Data Protection Act 2018 and the NHS Code of Practice on Confidentiality

  • To work closely with department colleagues, support services, clinical services,operational and strategic Data Security and Protection leads and internal and external DSP colleagues to promote excellent Information Governance, Data Security and Data Protection practice, by advising and supporting them in their understanding and delivery of these requirements.

  • To be aware of Data Security and Protection incidents and whereappropriate supportin the investigation process, ensuring relevant actions are taken and lessons learnt to prevent reoccurrence

  • Provide support for a programme of Data Security and Protection related work managed by the Head of DSP and locally directed by the DSP Team Leader

  • Log Serious Information Governance incidents on Data Security and Protection Toolkit incident reporting tool

  • Conduct Data Security and Protection user satisfaction surveys in line with Data Security and Protection Toolkit requirements.

  • Deputise for theDSP Team Leader, attending relevant meetings when necessary.

  • Provide support to other areas of the Data Security and Protection Team as directed by the Head of Data Security and Protection.

  • Be the first line of response for data security and protection queries providing support,adviceand guidance to key areas of the Trust including Research and Innovation, Complaints,Governanceand IT.

  • Develop andmaintainstandard operating procedures for all routine tasks carried out within the role.

  • Support the development,reviewand roll-out ofappropriate DSPrelated policies and procedures.

  • Manage DSP records, both paper and electronic, updating reports,maintainingaction plans,policiesand procedures etc.

  • Take a proactive role in the collation of the evidencerequiredfor the annual Data Security and Protection Toolkit submission andparticipatein improvement plans.

  • Maintain a register of Information Governance related incidents and produce regular reports from Datix, liaising with all departments and Risk Management asappropriate, leading on incident investigations where appropriate.

  • Maintain the Trusts Information Asset Register and undertake reviews in coordination with Information Asset Owners and Information Asset Administrators.

  • Supporting internal colleagues with the completion of Data Protection Impact Assessments, including highlighting data protection and security risks.

  • Update andmaintainthe Trusts Privacy Notice to ensure compliance with UK GDPR standards and internal policies.

  • Understand andmonitorcompliance with relevant legislation, particularly the common law duty of confidentiality, the Data Protection Act 2018, the General Data Protection Regulation, the Computer Misuse Act 1990, the Human Rights Act 1998;

  • Manage Information Sharing Agreements and flows via the Information Sharing Gateway, working with internal and external stakeholders to make sure these are appropriately documented.

  • Liaise with relevant internal and external stakeholders to ensure Information Sharing Agreements are completed and reviewed in line with GDPR.

  • Establish good working relationships with key staff in all departments across the Trust.

  • Implement policies and propose changes to Group DSP policies asappropriate, conducting monitoring compliance with those policies and protocols

  • conduct data protection impact assessments (DPIA) where necessary and ensure the Group adheres to the data privacy by design and default as set out in Article 25 GDPR

  • complete DPIAs to relevant team members and ensure cross partnership working with relevant project and transformation leads

  • Assist the DSP Team Leader in the collation of relevant reports and information for compliance reporting,inspectionsand internal assurance

  • Escalate incidents to the Team Leader immediate when they may meet the criteria for a Serious Incident / reportable to the ICO

  • Deputise for the DSP Team Leader whenrequired

  • work with the complaints team and directly with members of the public to communicate appropriatelyregardingany DSP grievances and queries

  • tomaintaintheir specialist knowledge in Data Protection Law and UK GDPR

  • update the Internet and Intranet pages for DSP asappropriate, ensuring it is up to date with pertinent advice and guidance, including applicable FAQs and relevant legislation

Training & Audit

  • Tobe responsible forthe Data Security and Protection training programme, including planning and liaison with the Learning and Development Team for the regular delivery of DSP training sessions

  • TomonitorData Security and Protection training compliance and to take all reasonable action to ensure that compliance levels aremaintainedat above 90% at all timesand take allpossible stepsto ensure 95% compliance is achieved annually for the DSP Toolkit assertion.

  • To ensure that this specialist knowledge is kept up to date and changes in legislation or national and local policy are communicated effectively to staff at all levels within the organisation

  • To input into and to support the Data Security and Protection communication strategy.

  • To undertake Data Security and Protection assurance check audits in clinical and non-clinical areas, to report findings and work with relevant teams to develop and monitoraction plans for improvement.

  • To review the Information Asset Register against the Information Sharing Gateway toidentifyassets and data flows which have not been documented.

  • Ensure that learning from Data Security and Protection incidents is incorporated into DSP training and awareness.

  • Training colleagues on the use of the Information Sharing Gateway and Information Asset Register.

  • Training colleagues on the practice of completing Data Protection ImpactAssessments.

  • Developing training and awareness materials and guidelines.

Person Specification

Educations, Training and Qualifications

Essential

  • Educated to degree level or equivalent level of education, training or experience
  • Professional relevant qualification, for example GPDR Foundation
  • Evidence of continuous professional development

Desirable

  • Additional professional relevant qualification, for example, GDPR Practitioner
  • Relevant professional qualification in training development/ training delivery
  • Formal Data Protection Act Training

Knowledge and Experience

Essential

  • Demonstrable understanding of data security and protection
  • Working knowledge of Data Protection Act 2018, UK GDPR
  • Experience in developing and delivering training sessions
  • Experience in identifying and investigating data security and protection issues and incidents
  • Experience of supporting the completion of Data Protection Impact Assessments and identifying information risks
  • Evidence of up to date knowledge of data security and protection guidelines and legislation relevant to the NHS.
  • Experience in reviewing and updating Policies and Procedures.

Desirable

  • Experience of working in the NHS
  • Analytical and judgement skills for problem solving
  • Previous experience of the Information Sharing Gateway
  • Working knowledge of Freedom of Information Act 2000 and Records Management.
  • Experience of working with the DSP Toolkit in an acute NHS setting.
  • Previous experience of the Information Sharing Gateway

Skills

Essential

  • Excellent written and verbal communication skills.
  • Developed attention to detail and accuracy.
  • Excellent IT skills, including experience of Microsoft Word, Excel, PowerPoint, Outlook and Visio.
  • Ability to deliver clear and effective training to staff at all levels and of all abilities.
  • Ability to communicate appropriately and effectively with all levels of staff.
  • Ability to cope under pressure and meet strict deadlines e.g. FOI responses, Incident response times
  • Ability to take accurate meeting notes including action and decision logs.

Desirable

  • Advanced Excel skills, including data presentation.
  • Able to learn and utilise new systems quickly and effectively.
  • Data analysis skills
  • Ability to interpret and judge conflicting views
  • Negotiation skills
Person Specification

Educations, Training and Qualifications

Essential

  • Educated to degree level or equivalent level of education, training or experience
  • Professional relevant qualification, for example GPDR Foundation
  • Evidence of continuous professional development

Desirable

  • Additional professional relevant qualification, for example, GDPR Practitioner
  • Relevant professional qualification in training development/ training delivery
  • Formal Data Protection Act Training

Knowledge and Experience

Essential

  • Demonstrable understanding of data security and protection
  • Working knowledge of Data Protection Act 2018, UK GDPR
  • Experience in developing and delivering training sessions
  • Experience in identifying and investigating data security and protection issues and incidents
  • Experience of supporting the completion of Data Protection Impact Assessments and identifying information risks
  • Evidence of up to date knowledge of data security and protection guidelines and legislation relevant to the NHS.
  • Experience in reviewing and updating Policies and Procedures.

Desirable

  • Experience of working in the NHS
  • Analytical and judgement skills for problem solving
  • Previous experience of the Information Sharing Gateway
  • Working knowledge of Freedom of Information Act 2000 and Records Management.
  • Experience of working with the DSP Toolkit in an acute NHS setting.
  • Previous experience of the Information Sharing Gateway

Skills

Essential

  • Excellent written and verbal communication skills.
  • Developed attention to detail and accuracy.
  • Excellent IT skills, including experience of Microsoft Word, Excel, PowerPoint, Outlook and Visio.
  • Ability to deliver clear and effective training to staff at all levels and of all abilities.
  • Ability to communicate appropriately and effectively with all levels of staff.
  • Ability to cope under pressure and meet strict deadlines e.g. FOI responses, Incident response times
  • Ability to take accurate meeting notes including action and decision logs.

Desirable

  • Advanced Excel skills, including data presentation.
  • Able to learn and utilise new systems quickly and effectively.
  • Data analysis skills
  • Ability to interpret and judge conflicting views
  • Negotiation skills

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

Northampton General Hospital

Address

Northampton General Hospital

Billing Road

Northampton

NN1 5BD


Employer's website

https://www.northamptongeneral.nhs.uk/Home.aspx (Opens in a new tab)

Employer details

Employer name

Northampton General Hospital

Address

Northampton General Hospital

Billing Road

Northampton

NN1 5BD


Employer's website

https://www.northamptongeneral.nhs.uk/Home.aspx (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Head of Data Security and Protection

Sally Berrill

sally.berrill@nhs.net

Details

Date posted

11 February 2026

Pay scheme

Agenda for change

Band

Band 5

Salary

£31,049 to £37,796 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

265-7707808 COR

Job locations

Northampton General Hospital

Billing Road

Northampton

NN1 5BD


Supporting documents

Privacy notice

Northampton General Hospital's privacy notice (opens in a new tab)