Overview
The post holder will be the Data Security & Protection Team Leader. In particular, the post holder will: act as the expert source of advice and expertise in DSP for the Group; support the development for clinical administration functions within the organisation identifying information governance risks and issues and providing recommendations for change; increase the profile of Data Security and Protection within the organisation and actively support a culture change so that staff are aware of their responsibilities and duties towards confidentiality, integrity and availability of information; ensure processes are in place for monitoring the secure disposal of IT and hardware assets; initiate and plan a programme of work that ensures the Group complies with the requirements of the Data Security & Protection Toolkit; complete the annual Data Security & Protection Toolkit submission and the collation of supporting evidence which is analysed and updated to ensure compliance; lead a range of audits which will check compliance with the DSP toolkit, research and development and incident management activities, developing improved systems and processes for data quality, data security and protection, data integrity and availability.
Responsibilities
* Work in partnership with the Group's Cyber Security Lead to ensure that all cyber related toolkit assertions are met within the NHSD deadline and identify any gaps in assurance with a plan for compliance.
* Implement and maintain compliance with relevant legislation, particularly the common law duty of confidentiality, the Data Protection Act 2018, the General Data Protection Regulation, the Computer Misuse Act 1990, the Human Rights Act 1998.
* Investigate and resolve information security issues and processes for systems which are processing personal and/or trust sensitive data.
* Implement the DSP training strategy for the delivery of the Trust's IG training needs, ensuring that the Group meets the NHSD target for mandatory training, in partnership with the Trusts Learning & Development service.
* Deliver information governance training if and when necessary; implement policies and propose changes to Group DSP policies as appropriate, monitoring compliance with those policies and protocols and ensuring they are compliant with Data Protection Act and GDPR legislation.
* Conduct data protection impact assessments (DPIA) where necessary and ensure the Group adheres to data privacy by design and default as outlined in Article 25 GDPR; act as the UHN information security expert to communicate risks to the Head of Technology and Head of Clinical Systems to enable safe implementation of new systems.
* Assign DPIAs to relevant team members and ensure cross-partnership working with relevant project and transformation leads; ensure all Group DPIAs, Assets, Flows and third parties are recorded on the Information Sharing Gateway and signed off by the relevant DPO and SIROs.
* Be an escalation point for DSP analysts to ensure DPIAs align with GDPR legislation, redesigning systems, processes and procedures to meet Data Security by Design and Default criteria.
* Communicate complex information to a range of audiences and influence staff on DSP standards.
* Lead the collation of relevant reports and information for compliance and performance reporting, inspections and internal assurance, ensuring presentations articulate statistical, analytical and complex reporting to Group and Board mandated meetings.
* Coordinate the Data Governance Group and Information Governance Group meetings, ensuring reports, minutes, actions and decisions are recorded, delegating tasks to the DSP administrator as appropriate.
* Attend group, Trust and project meetings to provide expert Data Security and Protection advice and guidance to enable effective adoption of expectations and policy.
* Coordinate reported incidents on Datix to ensure they are managed and actions are taken; escalate incidents to the relevant DPO when they meet the criteria for a Serious Incident or are reportable to the ICO.
* Manage the DSP Toolkit Incident reporting mechanism, ensuring all Serious Incidents are reported within 72 hours.
* Provide IG input, advice and guidance for Research & Development programmes.
* Deputise for the DSP Manager when required.
* Ensure that the Information Sharing Gateway is administered as appropriate in respect of maintaining significant assurance status across the group, being the lead and expert for use of the ISG, and proposing improvements to the national system for process, analytics and reporting.
* Coordinate the effective investigation of IG related incidents with the relevant manager where necessary.
* To speak to staff, patients and family members on the telephone as an escalation point for the DSP analyst, demonstrating understanding, compassion and knowledge in difficult, challenging and emotional circumstances.
* Attend serious investigation panels and draft reports to the CCG to give assurance that due diligence has been carried out regarding all serious incidents; ensure root cause analysis is performed and actions recorded and acted upon so incidents do not re-occur.
* Work with the complaints team and the public to communicate appropriately regarding DSP grievances and queries; maintain the Group Information Asset register and data flow maps and provide training to Information Asset Owners and Administrators where appropriate.
* Be a first point of contact for Data Subjects regarding processing of their personal data and exercise of their rights under UK GDPR; update the Internet and Intranet pages for DSP to ensure they are up to date with pertinent advice and guidance, including applicable FAQs and relevant legislation.
Workforce
* The Data Security & Protection Team Leader will have line management responsibility for the DSP Team, ensuring annual performance reviews, objectives and appraisals in line with Group objectives, ensuring staff have the equipment necessary to fulfil their roles and HR management tools are managed effectively.
* Be active in recruitment, induction and local training; ensure adequate skill mix and that the office is appropriately managed.
* Provide specialised training, advice and guidance to DSP Team members as required.
* Manage the team to adhere to Trust Values and lead by example; lead DSP Team recruitment; ensure the e-rostering system is signed off weekly; carry out appraisals, performance management and disciplinary processes; be the lead contact for HR queries relating to the team.
#J-18808-Ljbffr