Sussex Partnership NHS Foundation Trust

Associate Director of Information Governance & DPO

Information:

This job is now closed

Job summary

The role will be the strategic lead in developing and leading the Trust's long term Information Governance strategy and associated programmes of work. They will govern the legal and ethical use of information within the organisation, ensuring data is safe, secure, available, up to date and accurate

The role is required to provide complex independent advice and assurance to the Board on all matters relating to data protection, IG and underpinning legislation, working to the highest level of subject matter expertise.

The role will be accountable for ensuring the Trust meets its statutory and regulatory obligations under data protection laws and they will fulfil the independent responsibilities of the Data Protection Officer as required under the terms of the UK GDPR / Data Protection Act 2018.

The role must ensure effective leadership, overseeing design of strategic departmental work programmes and allocations, performance and departmental development to maintain an effective and sustainable service to the Trust

The role will be responsible for advising the Caldicott Guardian and Senior Information Risk Owner in their roles and should be consulted on all information governance matters affecting the Trust, providing leadership, specialist expert advice, support and assurance on information governance laws and practice.

The role will ensure that data protection principles and data protection by default and design is embedded and adopted throughout the Trust.

Main duties of the job

The DPO ensures compliance with data protection laws, leveraging expert knowledge to manage risks in processing activities. Key strategic duties include developing and delivering the Trust's Information Governance strategy and business plan, managing resources, and raising staff and subject awareness of data protection rights and obligations. The DPO advises on data protection rules, ensures legal compliance in processing records, and supports organisational accountability. They act as the primary liaison with the ICO, addressing complaints, investigations, and inspections while highlighting compliance failures. Responsibilities extend to handling staff programs, performance monitoring, and grievance management. The DPO also conducts research into data privacy, security, and AI to inform Trust decision-making, mitigate risks, and enhance accountability.

About us

We provide mental health and learning disability care for children, young people and adults across Sussex

Working in Sussex:

Travel easily between coast and countryside, with a blend of picturesque villages and seaside towns there's always new experiences to be enjoyed

Embrace the city life with great access to visit Brighton and London

With easy access to Gatwick and Heathrow and excellent railway links across the UK there is plenty of opportunity for adventure

We'd love you to join our organisation that is rated 'good' overall and 'outstanding' for caring by the Care Quality Commission. Our staff agree, with 82% of people in our recent staff survey telling us that they recognise that care for patients is our top priority.

Other key staff survey results include:

70% highlighting flexible working opportunities as a key point for satisfaction at work

79% reporting feeling able to make suggestions to improve the work within their team

77% identifying the opportunities to show initiative in their roles

See the attached 'Partnership Perks' document for details about our benefits package.

Details

Date posted

03 January 2025

Pay scheme

Agenda for change

Band

Band 8c

Salary

£74,290 to £85,601 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

354-CO-21562

Job locations

Portland House

Worthing

BN11 1HS


Job description

Job responsibilities

Summary of Roles and Responsibilities

Privacy by Default & Design Framework

  • Develop and implement a strategic Privacy by Default and Design framework aligning with ICO guidance.
  • Represent the Trust at project boards and steering groups
  • Information Management & Security Assurance
  • Strategically lead Information Governance within the Trust.
  • Represent Information Governance on the Security Assurance Sub-Committee.
  • Oversee compliance with legislation, including managing programs for information systems and records management audits.
  • Ensure operation of systems governing Freedom of Information (FOI), Data Subject Access Requests (DSARs), and Data Protection Impact Assessments (DPIAs).

Incident Management

  • Lead the investigation of Information Management, Data Protection, and Security incidents, acting as the final escalation point.
  • Maintain the Trust's risk and incident systems and manage strategic relationships with the Information Commissioner.

Information Governance & Data Protection

  • Strategically oversee privacy notices, alerts, and Information Sharing Agreements.
  • Investigate data protection requests, balancing competing legal bases, often involving sensitive or distressing content.
  • Provide expert advice on complex data management and multi-party breach investigations.

Information Requests

  • Ensure legal compliance with FOI, EIR, and DSAR statutory timescales.
  • Report compliance to the Board and committees.

Information Governance Training

  • Oversee training needs assessments and compliance reporting to the Board.
  • Advise and train the Executive Team on data processing and legal obligations.

Data Security & Protection Toolkit (DSPT)

  • Lead compliance efforts and audits for the DSPT as Senior Responsible Owner.

Contract Management

  • Accountable for departmental contracts, ensuring quality, cost-efficiency, and support for new technologies.
  • Manage teams overseeing FOI, records management, and clinical coding.

Team Support

  • Provide leadership, professional development, and complaints resolution for the Information Governance team.
  • Deputise for the SIRO in data protection matters.

Management & Leadership

  • Offer strategic guidance for Trust-wide Information Governance services and risk management.
  • Align the teams objectives with the Trusts strategy, ensuring compliance and a supportive culture.
  • Oversee staff management, supervision, and performance.

Financial Responsibilities

  • Manage budgets, including £1.2M for records archiving and £100K for clinical coding.
  • Develop and monitor business plans and budgets, driving cost-saving initiatives.
  • Ensure adherence to financial regulations and reporting requirements.

Job description

Job responsibilities

Summary of Roles and Responsibilities

Privacy by Default & Design Framework

  • Develop and implement a strategic Privacy by Default and Design framework aligning with ICO guidance.
  • Represent the Trust at project boards and steering groups
  • Information Management & Security Assurance
  • Strategically lead Information Governance within the Trust.
  • Represent Information Governance on the Security Assurance Sub-Committee.
  • Oversee compliance with legislation, including managing programs for information systems and records management audits.
  • Ensure operation of systems governing Freedom of Information (FOI), Data Subject Access Requests (DSARs), and Data Protection Impact Assessments (DPIAs).

Incident Management

  • Lead the investigation of Information Management, Data Protection, and Security incidents, acting as the final escalation point.
  • Maintain the Trust's risk and incident systems and manage strategic relationships with the Information Commissioner.

Information Governance & Data Protection

  • Strategically oversee privacy notices, alerts, and Information Sharing Agreements.
  • Investigate data protection requests, balancing competing legal bases, often involving sensitive or distressing content.
  • Provide expert advice on complex data management and multi-party breach investigations.

Information Requests

  • Ensure legal compliance with FOI, EIR, and DSAR statutory timescales.
  • Report compliance to the Board and committees.

Information Governance Training

  • Oversee training needs assessments and compliance reporting to the Board.
  • Advise and train the Executive Team on data processing and legal obligations.

Data Security & Protection Toolkit (DSPT)

  • Lead compliance efforts and audits for the DSPT as Senior Responsible Owner.

Contract Management

  • Accountable for departmental contracts, ensuring quality, cost-efficiency, and support for new technologies.
  • Manage teams overseeing FOI, records management, and clinical coding.

Team Support

  • Provide leadership, professional development, and complaints resolution for the Information Governance team.
  • Deputise for the SIRO in data protection matters.

Management & Leadership

  • Offer strategic guidance for Trust-wide Information Governance services and risk management.
  • Align the teams objectives with the Trusts strategy, ensuring compliance and a supportive culture.
  • Oversee staff management, supervision, and performance.

Financial Responsibilities

  • Manage budgets, including £1.2M for records archiving and £100K for clinical coding.
  • Develop and monitor business plans and budgets, driving cost-saving initiatives.
  • Ensure adherence to financial regulations and reporting requirements.

Person Specification

Qualifications

Essential

  • Educated to master's Level or equivalent demonstrable experience in Information Governance
  • Demonstrable significant and extensive experience in Information Governance management at a senior level in a large, complex organisation
  • Evidence of ongoing professional development
  • Thorough understanding and significant professional use of the Data Protection Act 2018, UK GDPR, the Freedom of Information Act 2000, the Access to Health Records Act 1990, and the Environmental Information Regulations 2004
  • Thorough understanding of the NHS Codes of Practice on Confidentiality, Records Management and Information Security.
  • Thorough understanding of sectoral data protection standards and guidance as applied to the NHS
  • Recognised qualification or experience in project management or equivalent

Experience

Essential

  • Significant experience in senior management
  • Significant experience of working in NHS or local authority and representing services at senior level
  • Significant experience of developing, designing and implementing information systems that ensures compliance with our statutory responsibilities for Information Governance
  • Significant experience of formulating long-term strategic plans which are implemented across an entire organisation
  • Significant budget management experience of contracts that maintain organisational compliance with the Records Management Code of Practice 2021
  • Significant experience of designing and developing major information systems that meet the requirements of data protection law
  • Experience of undertaking audits in records management and retention schedules at departmental level
  • Significant experience of developing services/strategies in partnership with other agencies
  • Significant experience of managing complex and multi - agency projects.
Person Specification

Qualifications

Essential

  • Educated to master's Level or equivalent demonstrable experience in Information Governance
  • Demonstrable significant and extensive experience in Information Governance management at a senior level in a large, complex organisation
  • Evidence of ongoing professional development
  • Thorough understanding and significant professional use of the Data Protection Act 2018, UK GDPR, the Freedom of Information Act 2000, the Access to Health Records Act 1990, and the Environmental Information Regulations 2004
  • Thorough understanding of the NHS Codes of Practice on Confidentiality, Records Management and Information Security.
  • Thorough understanding of sectoral data protection standards and guidance as applied to the NHS
  • Recognised qualification or experience in project management or equivalent

Experience

Essential

  • Significant experience in senior management
  • Significant experience of working in NHS or local authority and representing services at senior level
  • Significant experience of developing, designing and implementing information systems that ensures compliance with our statutory responsibilities for Information Governance
  • Significant experience of formulating long-term strategic plans which are implemented across an entire organisation
  • Significant budget management experience of contracts that maintain organisational compliance with the Records Management Code of Practice 2021
  • Significant experience of designing and developing major information systems that meet the requirements of data protection law
  • Experience of undertaking audits in records management and retention schedules at departmental level
  • Significant experience of developing services/strategies in partnership with other agencies
  • Significant experience of managing complex and multi - agency projects.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

Sussex Partnership NHS Foundation Trust

Address

Portland House

Worthing

BN11 1HS


Employer's website

https://www.sussexpartnership.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

Sussex Partnership NHS Foundation Trust

Address

Portland House

Worthing

BN11 1HS


Employer's website

https://www.sussexpartnership.nhs.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Associate Director of Corporate Governance

Adam Churcher

adam.churcher1@nhs.net

Details

Date posted

03 January 2025

Pay scheme

Agenda for change

Band

Band 8c

Salary

£74,290 to £85,601 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

354-CO-21562

Job locations

Portland House

Worthing

BN11 1HS


Supporting documents

Privacy notice

Sussex Partnership NHS Foundation Trust's privacy notice (opens in a new tab)