Head of Information Governance & Data Protection Officer

Job responsibilities

Strategy and Service Improvement

1. Providing strategic and operational leadership and advice for ELHT in Information Governance which includes Data Protection, Information Security, Subject Rights including Access Requests and Freedom of Information.
2. Evaluating and interpreting complex national policy and legislation relating to Information Governance, Data Protection and Freedom of Information, and putting this into operational practice.
3. Develop and implement the Trusts Information Governance Strategy, framework, and policies in accordance with legislation, national guidance, regulatory requirements, and standards.
4. Raise awareness, the profile and understanding of the strategic and practical importance of
5. Information Governance and data protection within the Trust and with partner organisations.
6. Advise and play leading part in the development, approval and implementation of other policies and procedures e.g., Information security, Registration authority, social media, Records Life Cycle Management, Health Records
7. Work with Health Records, E-Health Programme Board, CIO and CCIO on the update of processes for effective management of Health Records (both paper and electronic) and the ePR System when implemented.
8. Work with informatics & performance directorate to ensure there is an effective and robust information and cyber security framework fully supported by policies and procedures.
9. Facilitate and provide guidance on the specification, development, implementation, commissioning, use and decommissioning of systems to all departments across the Trust.
10. Be an active member of Trust groups and programme boards for all key systems, projects, and new developments. Ensure all aspects of good information governance are built into the work and output from these groups.
11. Represent the Trust at regional and national meetings as required.

Performance, Staff and Budget Management

1. Monitoring the Trusts compliance with subject requests to ensure that legal timeframes are adhered to, and appropriate support and information provided data subjects in the exercising of their rights as data subjects.
2. Establish appropriate IG performance measurement criteria, to monitor achievement of improvement plans
3. Facilitate the role of the IG Steering Group
4. Co-ordinate the timely completion of Data Security Protection Toolkit (DSPT)
5. Provide updates to Board Committees and for Quality Accounts as required
6. Working with the senior leaders of the Performance and Informatics service provide the line management of all staff with the IG Team to include appraisals; sickness absence; disciplinary and grievance matters; recruitment and selection decisions; personal and career development; departmental workload and allocation for Information Governance team staff.
7. Work with the DCIO and CIO to ensure the IG budget is effectively managed as per Trust SOPs

Risk management

1. Identify risks and maintain an up-to-date departmental risk register.
2. Identify and produce plans to mitigate risks to the Trust arising from changes to data protection and other data protection legislation.
3. Identification of Information Governance risks and mitigations across the Trust working with Information Asset Owners.
4. Assess and manage the risk associated with data processing operations.

General Data protection Regulation (GDPR) / Data Protection

1. The post holder will also be the nominated statutory Trust Data Protection Officer as required by the General Protection Regulations (Article 37 and 38) and will fulfil the role required within the regulations as per Article 39 of the GDPR as well the Data Protection Act 2018.
2. Fulfil the tasks allocated under the GDPR in an independent and autonomous manner.
3. Ensure ELHT correctly manages all requests from data subjects relating to processing of their personal data and to the exercise of their rights under the General Data Protection Regulation.
4. Keep up to date with developments in information security, relevant legal fields, relevant law, legal issues, cases, and interpretations.
5. Responsible for Data Protection, GDPR and related training across ELHT.
6. Ensure that people handling data are provided with appropriate training and awareness-raising activities.
7. Provide advice regarding Data Protection Impact Assessments (DPIA) and monitoring performance.
8. Foster a culture of privacy by design and default.
9. Monitor and provide guidance as necessary in relation to data security breaches including the notification of breaches to the supervisory authority and data subjects.
10. Ensure the Trust maintains appropriate records and register of processing activities as required by the GDPR and enable the organisation to be able to demonstrate compliance with the law.
11. Maintain Trust fair processing/privacy notices for all categories of data processing.
12. Inform, advise, and issue recommendations re data protection to the controller (ELHT) and/or any processor (contractor or supplier to ELHT).
13. Inform and advise the organisation and its employees of their obligations pursuant to the General Data Protection Regulation, national data protection legislation and other legislation that impacts data protection, data flows, data sharing, information rights for staff/patients, freedom of information and access rights.
14. Ensure that information Governance incidents are investigated and managed appropriately depending on the seriousness of the incident, remedial action and follow up is undertaken and lessons are learnt and disseminated.
15. Provide advice and support to the Caldicott Guardian and SIRO
16. Responsibility for planning and implementing data protection audits.

Communication

1. Ensuring patients and staff are provided with information on their rights under Data Protection legislation e.g., how, and what information is collected, held and what it can be used for.
2. Ensure that lessons are learnt and disseminated from local, national, and international Information Governance incidents.
3. Lead the work to improve awareness and communication of lessons learnt via, IG newsletters, bulletins, face to face meetings, etc
4. Manage the Trusts relationship with the Information Commissioners Office.
5. Lead the production of the IG Annual Report to the SIRO.
6. Reporting IG progress and issues to the IG steering Group and the Trust Audit Committee when required.

Knowledge

Essential

• Demonstrate capability and capacity for information governance management at a senior level in a large, complex Trust setting, including staff management, financial management and change management.
• Evidence of on-going professional development
• Thorough and advanced understanding (as an expert) of the EU General Data protection Regulations, Data Protection Act 2018, the Freedom of Information Act 2000 and the Access to Health Records Act 1990
• Thorough understanding of the NHS Code of Practice on Confidentiality, Records Management and Information Security

Qualifications

Essential

• University Degree or equivalent professional qualification
• Relevant post graduate qualification or equivalent experience in Informatics or data protection.

Desirable

• ISEB/BCS or GDPR practitioner qualification in information law

Experience

Essential

• Experience of developing services, strategies in partnership with other agencies
• Highly developed leadership and influencing skills with the ability to enthuse, motivate and involve individuals and teams, and have them understand the Trust's and your performance expectations.

Desirable

• Extensive experience in senior management within the NHS

Skills and Aptitudes

Essential

• Able to provide and receive highly complex, highly sensitive or highly contentious data protection information despite significant barriers to acceptance which needs to be overcome using the highest level of interpersonal and communication skills sometimes in an antagonistic or politicised environment.
• Ability to analyse highly complex facts or situations and to develop practical and workable options/ solutions to address them.
• Ability to think and formulate log-term strategic and tactical plans and work creatively and to prioritise work programmes in face of competing demands
• Demonstrable success in delivering change and performance.
• Excellent inter-personal and communication skills with a track record in writing complex business cases and policies
• Delegating effectively ensuring a capability to deliver, monitoring performance, and giving feedback.
• Ability to manage and deliver to deadlines and within resources
• Ability to collaborate constructively with internal and external partners to create the conditions for successful partnership working;
• Ability to understand complex contracts and service requirements.
• Ability to manage budgets
• Ability to manage conflict and diversity
• Ability to manage risk within Trust policy guidelines
• Ability to demonstrate leadership and vision in a changing NHS environment and changing legal landscape.
• Ability to analyse and problem solve creatively.
• Ability to be intellectually flexible and to look beyond existing structures, ways of working, boundaries, and organisations to produce more effective and innovative service delivery
• Sound political judgement and astuteness in understanding and working with highly complex policy, and diverse interest groups.
• A commitment to improving patient services through an ability to sustain a continuing improvement in information governance standards.
• Strong sense of commitment to openness, honest, and professional integrity in undertaking the role.

Personal Circumstances

Essential

• The post holder is required to sit, stand, and walk with little requirement for physical effort. There may be a requirement to exert light physical effort for short periods.
• There is frequent requirement for intense concentration for long periods where the work pattern is unpredictable.
• The post holder needs to deal with distressing or emotional circumstances (i.e., as manager being investigator in disciplinary / SUI investigations, dealing with staffing issues, expertise to deal with the public and staff, i.e., subject access request queries and complaints etc).

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Certificate of Sponsorship

Applications from job seekers who require current Skilled worker sponsorship to work in the UK are welcome and will be considered alongside all other applications. For further information visit the UK Visas and Immigration website (Opens in a new tab).

From 6 April 2017, skilled worker applicants, applying for entry clearance into the UK, have had to present a criminal record certificate from each country they have resided continuously or cumulatively for 12 months or more in the past 10 years. Adult dependants (over 18 years old) are also subject to this requirement. Guidance can be found here Criminal records checks for overseas applicants (Opens in a new tab).