Go back
Shore Medical PCN

Information Governance and Compliance Lead

The closing date is 02 February 2026

Apply for this job

Job summary

The Opportunity

Shore Medical Group is seeking an experienced Information Governance & Compliance Lead to join our Heatherview Medical Centre in Poole, Dorset.

This role plays a vital part in safeguarding data integrity and ensuring our organisation meets National information governance standards. You will support compliance with the Data Protection Act, GDPR and the DSPT.

Some of the key elements of the role include working across and supporting various teams within the Business, co-ordinating and monitoring audit completion, managing data breaches, writing and reviewing policies and delivering IG & compliance training.

Hours: 37.5 per week. Monday to Friday 9.00am-5.00pm

Main duties of the job

  • To support Information Governance (IG) within the organisation
  • Develop and maintain the IG framework to ensure compliance with the NHS Data Security and Protection Toolkit (DSPT)
  • Responsible for the completion and submission of the DSP Toolkit annually
  • Ensure compliance with the UK GDPR, Data Protection Act 2018, Calidicott principles and NHS information governance standards
  • Write, review and update IG policies considering legal regulations and NHS standards
  • Design and deliver training to new and existing staff on data protection, confidentiality and records management to ensure compliance in line with our IG policies
  • Support our medical records team with the completion and compliance around Subject Access Requests (SARs) and Freedom of Information (FOI) requests
  • Conduct Data Protection Impact Assessments (DPIAs) for new systems or data flows
  • Responsible for logging any CQC registration changes and compiling and evidence log in preparation for any CQC inspections
  • In conjunction with the senior management team, lead on the preparation for CQC inspections, internal audits and external reviews
  • Oversee and manage data breach investigations by reporting to the relevant authorities such as on Data Toolkit or to the ICO
  • Maintain the Information Asset Register and ensure Data Sharing Agreements are up to date
  • Act as the primary point of contact with NHS Digital, regulators and partners regarding IG matters

See the attached Job Description and Person Specification for full details

About us

Shore Medical is a GP Super Partnership with 6 practices across Poole and Bournemouth. We aspire to offer exceptional care to our 58,000 patients and are innovative in our approach to developing new teams and pathways to ever improve how general practice is delivered. We have a friendly and supportive team of more than 200 staff, with over 40 GPs, Pharmacists, Paramedics, Nurses, Mental Health specialists and our range of administrative staff. We have a great social side to our team with Summer and Christmas parties, running and paddle boarding groups as well as many other events throughout the year.

The Practices in the Partnership are:

  • Lilliput Surgery
  • Poole Road Medical Centre
  • Wessex Road Surgery
  • Heatherview Medical Centre
  • Fernside Surgery
  • Parkstone Tower Practice

We Offer

  • Friendly and supportive working environment
  • Parking on-site at most of our practices
  • Continuous Professional Development
  • NHS Pension Scheme with Life Insurance
  • Competitive holiday entitlement scheme
  • Cycle to work scheme
  • Access to NHS discounts

Details

Date posted

05 January 2026

Pay scheme

Other

Salary

£17 an hour

Contract

Permanent

Working pattern

Full-time

Reference number

W0037-25-0012

Job locations

Heatherview Medical Centre

Alder Road

Poole

Dorset

BH12 4AY


Job description

Job responsibilities

  • To support Information Governance (IG) within the organisation
  • Develop and maintain the IG framework to ensure compliance with the NHS Data Security and Protection Toolkit (DSPT)
  • Responsible for the completion and submission of the DSP Toolkit annually
  • Ensure compliance with the UK GDPR, Data Protection Act 2018, Calidicott principles and NHS information governance standards
  • Write, review and update IG policies considering legal regulations and NHS standards
  • Design and deliver training to new and existing staff on data protection, confidentiality and records management to ensure compliance in line with our IG policies
  • Support our medical records team with the completion and compliance around Subject Access Requests (SARs) and Freedom of Information (FOI) requests
  • Conduct Data Protection Impact Assessments (DPIAs) for new systems or data flows
  • Responsible for logging any CQC registration changes and compiling and evidence log in preparation for any CQC inspections
  • In conjunction with the senior management team, lead on the preparation for CQC inspections, internal audits and external reviews
  • Oversee and manage data breach investigations by reporting to the relevant authorities such as on Data Toolkit or to the ICO
  • Maintain the Information Asset Register and ensure Data Sharing Agreements are up to date
  • Act as the primary point of contact with NHS Digital, regulators and partners regarding IG matters
  • Work closely with the Clinical Governance Lead/Calidicott guardian to discuss any internal matters which may need review
  • Attend and participate in Clinical Governance Meetings for any matters which may need Data Protection/GDPR considerations
  • Responsible for creating, conducting and coordinating audits on our Practice Index platform
  • Be the Freedom to Speak Up Guardian on behalf of the organisation
  • Supporting the Patient Liaison Officer/Manager with the logging of feedback and complaints onto our in-house complaints log
  • Liaise with our cleaning contractor to ensure compliance with cleaning across our facilities. Ensuring that we are in receipt of monthly audits reports and coordinating the display of the cleaning standards across our surgeries with our site supervisors

Incident & Reporting Management

  • Oversee the logging, tracking and resolution of incidents and near misses
  • Ensure root cause analysis and corrective actions are properly documented and communicated
  • Ensure there is a robust audit trail of actions taken and responsible parties
  • Provide quarterly reports to CG Board with summary/analysis
  • Minute taking and reporting:
  • Responsible for compiling board meetings and clinical governance agendas and action trackers/logs in preparation for monthly meetings
  • The post-holder will be required to complete minutes for senior management meetings such as our board meeting which is carried out monthly
  • Responsible for carrying out various monthly reports for the business to monitor compliance such as practice index mandatory training completion, incident reporting, complaints monthly reports, star rating cleaning reporting (from our contractor)

This list is not exhaustive.

Job description

Job responsibilities

  • To support Information Governance (IG) within the organisation
  • Develop and maintain the IG framework to ensure compliance with the NHS Data Security and Protection Toolkit (DSPT)
  • Responsible for the completion and submission of the DSP Toolkit annually
  • Ensure compliance with the UK GDPR, Data Protection Act 2018, Calidicott principles and NHS information governance standards
  • Write, review and update IG policies considering legal regulations and NHS standards
  • Design and deliver training to new and existing staff on data protection, confidentiality and records management to ensure compliance in line with our IG policies
  • Support our medical records team with the completion and compliance around Subject Access Requests (SARs) and Freedom of Information (FOI) requests
  • Conduct Data Protection Impact Assessments (DPIAs) for new systems or data flows
  • Responsible for logging any CQC registration changes and compiling and evidence log in preparation for any CQC inspections
  • In conjunction with the senior management team, lead on the preparation for CQC inspections, internal audits and external reviews
  • Oversee and manage data breach investigations by reporting to the relevant authorities such as on Data Toolkit or to the ICO
  • Maintain the Information Asset Register and ensure Data Sharing Agreements are up to date
  • Act as the primary point of contact with NHS Digital, regulators and partners regarding IG matters
  • Work closely with the Clinical Governance Lead/Calidicott guardian to discuss any internal matters which may need review
  • Attend and participate in Clinical Governance Meetings for any matters which may need Data Protection/GDPR considerations
  • Responsible for creating, conducting and coordinating audits on our Practice Index platform
  • Be the Freedom to Speak Up Guardian on behalf of the organisation
  • Supporting the Patient Liaison Officer/Manager with the logging of feedback and complaints onto our in-house complaints log
  • Liaise with our cleaning contractor to ensure compliance with cleaning across our facilities. Ensuring that we are in receipt of monthly audits reports and coordinating the display of the cleaning standards across our surgeries with our site supervisors

Incident & Reporting Management

  • Oversee the logging, tracking and resolution of incidents and near misses
  • Ensure root cause analysis and corrective actions are properly documented and communicated
  • Ensure there is a robust audit trail of actions taken and responsible parties
  • Provide quarterly reports to CG Board with summary/analysis
  • Minute taking and reporting:
  • Responsible for compiling board meetings and clinical governance agendas and action trackers/logs in preparation for monthly meetings
  • The post-holder will be required to complete minutes for senior management meetings such as our board meeting which is carried out monthly
  • Responsible for carrying out various monthly reports for the business to monitor compliance such as practice index mandatory training completion, incident reporting, complaints monthly reports, star rating cleaning reporting (from our contractor)

This list is not exhaustive.

Person Specification

Qualifications

Essential

  • Educated to Degree level or equivalent experience in information governance and compliance.
  • Evidence of relevant training in data protection and information governance, including UK GDPR and The Data Protection Act 2018

Desirable

  • Recognised IG qualification or equivalent (such as BCS/ISEB)
  • Data Protection Officer (DPO) training or certification
  • NHS Specific training such as Data Security and Protection (DSP) Toolkit training

Experience

Essential

  • Demonstrable experience of working in information governance, data protection, compliance or risk management
  • Experience of applying legislation, national guidance and organisational policies within an operational setting
  • Experience in managing data protection incidents/breaches or near misses and implementing learning outcomes
  • Experience in handling highly sensitive and confidential personal and clinical information
  • Experience supporting with CQC inspections, responding to CQC enquiries or providing assurance evidence relating to information governance and compliance

Desirable

  • Experience working in NHS General Practice, PCNs or wider health organisations
  • Experience in liaising or supporting a Data Protection Officer
  • Experience in creating/coordinating and actively managing audits, compliance reviews across multiple sites or teams
  • Experience delivering IG and Compliance training to new and existing staff
Person Specification

Qualifications

Essential

  • Educated to Degree level or equivalent experience in information governance and compliance.
  • Evidence of relevant training in data protection and information governance, including UK GDPR and The Data Protection Act 2018

Desirable

  • Recognised IG qualification or equivalent (such as BCS/ISEB)
  • Data Protection Officer (DPO) training or certification
  • NHS Specific training such as Data Security and Protection (DSP) Toolkit training

Experience

Essential

  • Demonstrable experience of working in information governance, data protection, compliance or risk management
  • Experience of applying legislation, national guidance and organisational policies within an operational setting
  • Experience in managing data protection incidents/breaches or near misses and implementing learning outcomes
  • Experience in handling highly sensitive and confidential personal and clinical information
  • Experience supporting with CQC inspections, responding to CQC enquiries or providing assurance evidence relating to information governance and compliance

Desirable

  • Experience working in NHS General Practice, PCNs or wider health organisations
  • Experience in liaising or supporting a Data Protection Officer
  • Experience in creating/coordinating and actively managing audits, compliance reviews across multiple sites or teams
  • Experience delivering IG and Compliance training to new and existing staff

Disclosure and Barring Service Check

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Employer details

Employer name

Shore Medical PCN

Address

Heatherview Medical Centre

Alder Road

Poole

Dorset

BH12 4AY


Employer's website

https://shoremedical.co.uk/ (Opens in a new tab)

Employer details

Employer name

Shore Medical PCN

Address

Heatherview Medical Centre

Alder Road

Poole

Dorset

BH12 4AY


Employer's website

https://shoremedical.co.uk/ (Opens in a new tab)

Employer contact details

For questions about the job, contact:

Details

Date posted

05 January 2026

Pay scheme

Other

Salary

£17 an hour

Contract

Permanent

Working pattern

Full-time

Reference number

W0037-25-0012

Job locations

Heatherview Medical Centre

Alder Road

Poole

Dorset

BH12 4AY


Supporting documents

Privacy notice

Shore Medical PCN's privacy notice (opens in a new tab)