Head of Digital Governance and Data Protection Officer

Blackpool Teaching Hospitals NHS Foundation Trust

Information:

This job is now closed

Job summary

The Head of Digital Governance & Data Protection Officer (DPO) post is the professional lead for Information Governance within Blackpool Teaching Hospitals, its subsidiary company (Atlas Engineering).

As an expert in Information Governance, Data Protection, Freedom of Information and other associated legislation they will work to ensure that all parties meet their legal and regulatory obligations. The post holder will also work with all the various management teams, its companies and key partners to ensure that all parties are processing information in accordance with legislation and guidance.

The post holder will also lead on the Digital divisions wider Assurance & Governance; such as Risk & Incident Management, Root Cause Analysis, Service Level Agreements, Digital Maturity and Certification.

The post holder will also be expected to provide expert Digital & Information Governance advice and guidance to the strategic regional agenda across Blackpool and the Fylde Coast as well as offering leadership to Integrated Care System (ICS) wide projects where required.

Main duties of the job

  • to act as the appointed Statutory Data Protection Officer as defined by the EU General Data Protection Regulation 2016 (Articles 37-39)
  • to be the lead source of information and expertise on information governance and data protection including EU and national legislation.
  • to lead on the translation of the above into strategy, policy and guidance that impact across the organisations to ensure organisational compliance. This will involve decision making where no precedent exists
  • have senior responsibility for the development of a robust Information Risk Assurance function which includes Cyber Security, System Failure, Digital Clinical Risk and GDPR.
  • provide a single point of knowledge to senior management and staff with clear policies and procedures that ensure the organisation meets both its statutory and legal obligations

About us

Welcome to Blackpool Teaching Hospitals NHS FT and thank you for taking an interest in joining our Digital division!

There has never been a better time to join #TeamBTH as we start our five-year journey to improve the lives of people who live, work and volunteer on the Fylde Coast and beyond. Our new five-year strategy commits to making care pathways more streamlined and accessible by investing in Digital.

We are looking for various roles to join #TeamBTH to help us deliver our new Digital Plan that underpins the Trusts strategy and will support the organisation to:

  • improve access to information for all, including patients, to improve their experience and outcomes.
  • procure and implement a new Electronic Patient Record, to enable us to share health care information
  • increase our digital capability and maturity
  • deliver the NHS long term plan ambitions to reduce face to face appointments, where appropriate
  • embrace virtual working and wearable technology
  • offer health advice quickly using digital means
  • use data and digital to widen access to care, support health promotion and reduce health inequalities

Date posted

23 May 2023

Pay scheme

Agenda for change

Band

Band 8c

Salary

£70,417 to £81,138 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

382-FM31-23

Job locations

BTH Blackpool Stadium

Seasiders Way

Blackpool

FY1 6JJ


Job description

Job responsibilities

In the role as Head of Digital Governance, Health and Corporate records the post holder will:

  • provide strategic direction, professional leadership and development for the Information Governance Service including maintaining and developing its structure to ensure that all required roles, responsibilities and reporting lines are in place.
  • be the Freedom of Information Act 2000 (FOI) and The Environmental Information Regulations 2004 (EIR) lead for organisations including the provision of independent advice on potentially highly complex/contentious issues e.g. applicability of exemptions and exceptions to the release of requested information.
  • lead on the development of training, awareness and communications programmes aimed at informing and advising the Trust and its staff (at all levels) to promote understanding of their obligations to comply with information governance requirements.
  • provide high quality, responsive and customer focused advice in response to often complex, contentious and sensitive requests from a wide range of stakeholders including senior management, staff, contractors and the public.
  • proactively disseminate complex and contentious information governance principles to a wide audience through regular communications briefings using e-mail, intranet and bulletins and other communications media, where there may be resistance to compliance.
  • create and maintain a methodology to record Data Protection decisions made by the organisation.
  • ensure the Data Security and Protection Toolkit(DSPT) and other IG related audit submissions are made correctly, within timescales and are signed off by the Board where applicable and that evidence is available to support the attainment levels submitted. This to include overseeing the delivery of action plans and improvement programmes to support compliance with legislation and national Information Governance requirements. This will require liaison with senior managers throughout the organisations.
  • collaborate with the Head of ICT to promote and continuously improve upon information security compliance, this to include:
  • ensuring technical requirements become embedded into robust information security principles.
  • providing specialist expert advice and support on a range of information security and assurance issues.
  • identify and advise on the management of organisational information risk, develop and maintain an information governance risk register and ensure appropriate assurance mechanisms are in place including acting as the focal point for the discussion and resolution of information risk issues.
  • monitor (including audit) and report on compliance with IG requirements providing feedback to the SIRO / Caldicott Guardian / Committee.
  • provide guidance to Asset Owners/System Administrators in relation to the risk assessment of business critical and multi-user systems and support them in the development of action plans to address significant areas of risk including system specific information policies and related procedures.
  • Use/set organisational trigger-points for mandatory input from the DPO providing advice on Data Protection Impact Assessments (DPIA) to offer a balanced independent review of activities such as business improvements, system requests for change, large scale business development and introduction of new systems and services.

Also to:

  • give consideration of the business needs against GDPR and other information governance / security requirements.
  • provision of advice and guidance on changes required to meet/maintain GDPR/IG compliance.
  • identification of system change requirements to support GDPR/IG compliance.
  • consult with the Information Commissioners Office (ICO) where proposed processing poses a high risk in the absence of proposed mitigations.
  • provide expert input for contracts, invitations to tender, integrated partnership initiatives etc to support organisations bids and initiatives whilst ensuring robust information security and governance is maintained.
  • lead and support specific groups such as Information Asset Owners, System Administrators through effective networking structures sharing of relevant experience and provision of appropriate advice
  • ensure information breaches (eg security, confidentiality) including serious incidents are investigated and where necessary escalated in a professional manner. Provide guidance on operational and procedural improvements arising from lessons learned. Where serious incidents that warrant external reporting (eg ICO, Department of Health) are identified ensure these are brought to the attention of the SIRO in a timely manner so that GDPR reporting requirements and activities can be met[1] (including informing individuals affected).
  • be organisations expert on information sharing, ensuring organisations approaches are compliant with law and best practice.
  • proactively and strategically ensure organisations are able to effectively and appropriately share information where multi agency or partnership working exists.
  • take the lead in developing, managing and reviewing information sharing protocols and third party access agreements with other organisations including local authorities and voluntary organisations.
  • liaise with and influence a wide range of stakeholders including staff, service users, solicitors, the Courts and other organisations to ensure appropriate information sharing.

Job description

Job responsibilities

In the role as Head of Digital Governance, Health and Corporate records the post holder will:

  • provide strategic direction, professional leadership and development for the Information Governance Service including maintaining and developing its structure to ensure that all required roles, responsibilities and reporting lines are in place.
  • be the Freedom of Information Act 2000 (FOI) and The Environmental Information Regulations 2004 (EIR) lead for organisations including the provision of independent advice on potentially highly complex/contentious issues e.g. applicability of exemptions and exceptions to the release of requested information.
  • lead on the development of training, awareness and communications programmes aimed at informing and advising the Trust and its staff (at all levels) to promote understanding of their obligations to comply with information governance requirements.
  • provide high quality, responsive and customer focused advice in response to often complex, contentious and sensitive requests from a wide range of stakeholders including senior management, staff, contractors and the public.
  • proactively disseminate complex and contentious information governance principles to a wide audience through regular communications briefings using e-mail, intranet and bulletins and other communications media, where there may be resistance to compliance.
  • create and maintain a methodology to record Data Protection decisions made by the organisation.
  • ensure the Data Security and Protection Toolkit(DSPT) and other IG related audit submissions are made correctly, within timescales and are signed off by the Board where applicable and that evidence is available to support the attainment levels submitted. This to include overseeing the delivery of action plans and improvement programmes to support compliance with legislation and national Information Governance requirements. This will require liaison with senior managers throughout the organisations.
  • collaborate with the Head of ICT to promote and continuously improve upon information security compliance, this to include:
  • ensuring technical requirements become embedded into robust information security principles.
  • providing specialist expert advice and support on a range of information security and assurance issues.
  • identify and advise on the management of organisational information risk, develop and maintain an information governance risk register and ensure appropriate assurance mechanisms are in place including acting as the focal point for the discussion and resolution of information risk issues.
  • monitor (including audit) and report on compliance with IG requirements providing feedback to the SIRO / Caldicott Guardian / Committee.
  • provide guidance to Asset Owners/System Administrators in relation to the risk assessment of business critical and multi-user systems and support them in the development of action plans to address significant areas of risk including system specific information policies and related procedures.
  • Use/set organisational trigger-points for mandatory input from the DPO providing advice on Data Protection Impact Assessments (DPIA) to offer a balanced independent review of activities such as business improvements, system requests for change, large scale business development and introduction of new systems and services.

Also to:

  • give consideration of the business needs against GDPR and other information governance / security requirements.
  • provision of advice and guidance on changes required to meet/maintain GDPR/IG compliance.
  • identification of system change requirements to support GDPR/IG compliance.
  • consult with the Information Commissioners Office (ICO) where proposed processing poses a high risk in the absence of proposed mitigations.
  • provide expert input for contracts, invitations to tender, integrated partnership initiatives etc to support organisations bids and initiatives whilst ensuring robust information security and governance is maintained.
  • lead and support specific groups such as Information Asset Owners, System Administrators through effective networking structures sharing of relevant experience and provision of appropriate advice
  • ensure information breaches (eg security, confidentiality) including serious incidents are investigated and where necessary escalated in a professional manner. Provide guidance on operational and procedural improvements arising from lessons learned. Where serious incidents that warrant external reporting (eg ICO, Department of Health) are identified ensure these are brought to the attention of the SIRO in a timely manner so that GDPR reporting requirements and activities can be met[1] (including informing individuals affected).
  • be organisations expert on information sharing, ensuring organisations approaches are compliant with law and best practice.
  • proactively and strategically ensure organisations are able to effectively and appropriately share information where multi agency or partnership working exists.
  • take the lead in developing, managing and reviewing information sharing protocols and third party access agreements with other organisations including local authorities and voluntary organisations.
  • liaise with and influence a wide range of stakeholders including staff, service users, solicitors, the Courts and other organisations to ensure appropriate information sharing.

Person Specification

Education/Qualifications

Essential

  • Educated to Master's level or significant experience of working at a senior level in the Information Governance Management with a an Information Governance qualification
  • Extensive knowledge of specialist areas, acquired through post-graduate diploma or equivalent experience or training plus further specialist knowledge demonstrated through a recognised qualification in data protection and/or information security
  • Member of a professional body e.g. BCS British Computer Society, National Association of Data Protection Officers

Desirable

  • PRINCE2 Practitioner (or equivalent project management methodology)

Experience

Essential

  • Previous management experience and demonstrable knowledge of working within the Data Governance arena within the public sector or a similarly complex organisation
  • An understanding of the background and aims of current of healthcare policies and the implications for data security
  • Experience of the relationship between the Department of Health, NHS England and NHS Improvement and individual provider and commissioning organisations
  • Experience of successful multi agency working.
  • Experience of rapid identification of Information Risk and risk escalation processes.
  • Experience of co-ordinating activities and report findings.
  • Experienced in the development of strategy, policy, procedure and guidance and its implementation
  • Experience of developing and implementing an information governance framework policy and procedures within a large organisation.
  • Experience of managing projects.
  • Evidence of project performance monitoring

Desirable

  • Statistical analysis knowledge /experience.

Other

Essential

  • Able to travel between sites
  • Full Driving license with access to transport
  • Flexible approach to the working environment
  • Evidence of continued professional development.

Personal Qualities

Essential

  • Effective Leadership and negotiation skills at a board and senior level on matters which are very complex and detailed.
  • Able to foster and manage relationships with a range of different stakeholders
  • Manages the teams within the constraints of NHS strategic plan.

Skills and Knowledge

Essential

  • Highly developed problem solving with the ability to respond to sudden unexpected demands Ability to understand, analyse and present complex data and legislation to technical and non-technical person/s and situation and develop a range of options
  • Highly developed negotiation skills with senior stakeholders on difficult and controversial issues
  • Takes decisions on difficult and contentious issues where there maybe a number of courses of action
  • Strategic thinking - ability to anticipate and resolve problems before they arise
  • Ability to work under pressure and to tight and often changing deadlines
  • Ability to make decisions autonomously when required on difficult issues
  • Ability to maintain confidentiality and trust
  • Adaptable and flexible to changing demands
  • Evidence of influencing, motivating and negotiating with others to achieve change
  • Demonstrates knowledge and understanding of equality of opportunity and diversity taking into account and being aware of how individual actions contribute to and make a difference to the equality agenda
  • Ability to analyse and assimilate information in order to make decisions
  • Experience of dealing with and responding to complaints.

Desirable

  • In depth specialist technical knowledge e.g. networks, desktops and technical management procedures
  • Experience of applying quality assurance techniques to check work outputs.
Person Specification

Education/Qualifications

Essential

  • Educated to Master's level or significant experience of working at a senior level in the Information Governance Management with a an Information Governance qualification
  • Extensive knowledge of specialist areas, acquired through post-graduate diploma or equivalent experience or training plus further specialist knowledge demonstrated through a recognised qualification in data protection and/or information security
  • Member of a professional body e.g. BCS British Computer Society, National Association of Data Protection Officers

Desirable

  • PRINCE2 Practitioner (or equivalent project management methodology)

Experience

Essential

  • Previous management experience and demonstrable knowledge of working within the Data Governance arena within the public sector or a similarly complex organisation
  • An understanding of the background and aims of current of healthcare policies and the implications for data security
  • Experience of the relationship between the Department of Health, NHS England and NHS Improvement and individual provider and commissioning organisations
  • Experience of successful multi agency working.
  • Experience of rapid identification of Information Risk and risk escalation processes.
  • Experience of co-ordinating activities and report findings.
  • Experienced in the development of strategy, policy, procedure and guidance and its implementation
  • Experience of developing and implementing an information governance framework policy and procedures within a large organisation.
  • Experience of managing projects.
  • Evidence of project performance monitoring

Desirable

  • Statistical analysis knowledge /experience.

Other

Essential

  • Able to travel between sites
  • Full Driving license with access to transport
  • Flexible approach to the working environment
  • Evidence of continued professional development.

Personal Qualities

Essential

  • Effective Leadership and negotiation skills at a board and senior level on matters which are very complex and detailed.
  • Able to foster and manage relationships with a range of different stakeholders
  • Manages the teams within the constraints of NHS strategic plan.

Skills and Knowledge

Essential

  • Highly developed problem solving with the ability to respond to sudden unexpected demands Ability to understand, analyse and present complex data and legislation to technical and non-technical person/s and situation and develop a range of options
  • Highly developed negotiation skills with senior stakeholders on difficult and controversial issues
  • Takes decisions on difficult and contentious issues where there maybe a number of courses of action
  • Strategic thinking - ability to anticipate and resolve problems before they arise
  • Ability to work under pressure and to tight and often changing deadlines
  • Ability to make decisions autonomously when required on difficult issues
  • Ability to maintain confidentiality and trust
  • Adaptable and flexible to changing demands
  • Evidence of influencing, motivating and negotiating with others to achieve change
  • Demonstrates knowledge and understanding of equality of opportunity and diversity taking into account and being aware of how individual actions contribute to and make a difference to the equality agenda
  • Ability to analyse and assimilate information in order to make decisions
  • Experience of dealing with and responding to complaints.

Desirable

  • In depth specialist technical knowledge e.g. networks, desktops and technical management procedures
  • Experience of applying quality assurance techniques to check work outputs.

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Additional information

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).

Employer details

Employer name

Blackpool Teaching Hospitals NHS Foundation Trust

Address

BTH Blackpool Stadium

Seasiders Way

Blackpool

FY1 6JJ


Employer's website

https://www.bfwh.nhs.uk/ (Opens in a new tab)

Employer details

Employer name

Blackpool Teaching Hospitals NHS Foundation Trust

Address

BTH Blackpool Stadium

Seasiders Way

Blackpool

FY1 6JJ


Employer's website

https://www.bfwh.nhs.uk/ (Opens in a new tab)

For questions about the job, contact:

Chief Information Officer

Mark Singleton

marksingleton@nhs.net

01253954124

Date posted

23 May 2023

Pay scheme

Agenda for change

Band

Band 8c

Salary

£70,417 to £81,138 a year per annum

Contract

Permanent

Working pattern

Full-time

Reference number

382-FM31-23

Job locations

BTH Blackpool Stadium

Seasiders Way

Blackpool

FY1 6JJ


Supporting documents

Privacy notice

Blackpool Teaching Hospitals NHS Foundation Trust's privacy notice (opens in a new tab)