Salary Range: £54,090
Grade: Assembly Grade 5
Directorate: Legal,ernance and Research Services
Job PurposeThere is a mandatory requirement for all public authorities or bodies to designate a Data Protection Officer (‘DPO’) who has a key role in ensuringpliance with the Data Protection Act 2018 and the UK General Data Protection Regulation (‘UK GDPR’).In addition, the post holder will fulfil a management role in relation to Information Standards, Freedom of Information (‘FOI’) andernance in the Assemblymission.Job Description
Data Protection
1. Inform and advise staff about the requirements of the UK GDPR and the Data Protection Act 2018 and help them to understand the practical implications for their business areas and the risks associated with data processing operations, taking into account the nature, scope, context and purposes of the processing.
2. Monitor and ensure ongoingpliance with the requirements of the UK GDPR and the Data Protection Act 2018, through for example, conducting data protection audits and requiring records of all data processing activities to be maintained.
3. Assist and advise business areas and Information Asset Owners (‘IAOs’) in relation to the management of internal data protection activities.
4. Raise awareness of data protection issues and promote a positive data protection culture.
5. Assist business areas in deciding if a Data Protection Impact Assessment (DPIA) should be undertaken and assist with conducting DPIAs.
6. Review and update the data protection,ernance and information assurance policies and provide training to staff as required.
7. Develop and maintain relationships with other DPOs across the wider public sector to share knowledge and best practices.
8. Advise upon investigations and notifications once a data breach or other data incident has occurred.
Information Standards and FOI
9. Take forward an information management systems review and the implementation of a new system.
10. Manage and quality assure the administration of responses to and disclosure of all FOI/DP requests in accordance with statutory deadlines and advise on moreplex requests.
11. Oversee the administration of FOI/DP appeals and provide advice to panels.
12. Manage the Retention and Disposal Schedule and liaise with the Public Record Office of Northern Ireland (‘PRONI’).
13. Attend the Information Security Group and advise on appropriate information security measures.
14. Provide/manage administrative support to the Assemblymission Audit and Riskmittee (‘ACARC’).
15. Draft the ACARC Annual Report and assist with the self-assessment of ACARC.
16. Facilitate the quarterly review and update of the Corporate Risk Register, in conjunction with the Secretariat Management Team (‘SMT’).
17. Assist Directorate Management Teams with the quarterly review and update of Directorate Risk Registers.
18. Facilitate the 6-monthly review of Directorate Risk Registers by SMT and identify emerging “risk clusters”.
19. Update and develop the Corporateernance Framework in conjunction with SMT.
20. Update and develop the Assemblymission’s Risk Management Strategy in conjunction with SMT.
21. Monitor new or updated relevant corporateernance guidance and identify potential changes or updates to the corporateernance policies or procedures.
General Duties
22. Fulfil the role in an independent manner.
23. Lead, manage and develop a small team of staff.
24. Develop and provide training for staff on data protection, UK GDPR, information management,ernance and risk management.
25. Implement a continuous improvement programme for the office.
26. Carry out other duties that the Assemblymission reasonably requires of you.
Essential CriteriaApplicants for the post must possess, by the closing date for applications:
27. A thorough knowledge and understanding of the relevant law, regulations and guidance relating to data protection and freedom of information.
AND
28. An understanding of organisationalernance and risk management policies and procedures.
AND
29. A primary degree, minimum 2:2 classification, in any subject and a relevant qualification in data protection, for example, Certified Information Privacy Professional (‘CIPP’), BCS in Data Protection to Practitioner level, EU GDPR Practitioner or equivalent.
AND
30. At least two years’ experience of the following:
a) Successfully leading a data protection and information management service and the effective and efficient delivery of specific oues;
b) Advising at a senior level* on either:information standards and data protection policies and procedures or c) Using the standards that underpin good information management, ensuring that organisational standards and legislative requirements are met and that a robust information system and supporting policies are maintained.
*Senior level is defined as a Project Board, Director, Head of Business, NICS Grade 7 orpany board member or equivalent.
OR
31. A thorough knowledge and understanding of the relevant law, regulations and guidance relating to data protection and freedom of information.
AND
32. Aprehensive understanding of organisationalernance and risk management policies and procedures.
AND
33. A relevant qualification in data protection for example Certified Information Privacy Professional (‘CIPP’), BCS in Data Protection to Practitioner level, EU GDPR Practitioner or equivalent.
AND
34. At least four years’ experience as listed at points a) – c) above.
#4761404 - Gemma Roberts