Key Responsibilities
* Lead on all aspects of Information Governance
* Assume the role of Data Protection Officer and Privacy Officer for the Trust (DPO/PO)
* Be responsible for the Freedom of Information (FOI) function
* Co‑ordinate the submission of the Data Security and Protection Toolkit (DSPT)
* Lead on developing strategy, policy and guidance to promote and develop best practice as defined by the DSPT and to comply with all relevant legislation
* Lead on service improvements to the Information Governance service (including manager training, documentation development and process improvement)
* Act as a source of expertise on Information Governance issues, legislation and local policies and procedures
* Take responsibility for the management of FOI requests
* Produce and coordinate regular reports for the Information Governance Steering Group, Digital Services meetings and the Executive/Trust Boards
* Act as the Privacy Officer, receiving and investigating SCR notifications
* Act as the Data Protection Officer, providing support, advice and assurance of compliance across the Trust
* Ensure the organisation demonstrates compliance with the DPA 2018, GDPR and FOIA 2000 through annual DSPT submissions
* Advise on Information Governance issues, particularly Information Security, Data Protection and Freedom of Information, arising with transformation or systems development to ensure best practice is adhered to
* Provide advice and support for the investigation and management of Information Governance incidents, including national reporting and incident‑management for serious cases
* Work with and support Trust leads for other aspects of IG to achieve the highest possible attainment level for data security and protection governance standards
* Work proactively with operational managers and other stakeholders to ensure the Trust’s IG processes meet business requirements
* Develop Trust procedures and processes relating to all areas of IG, notably record keeping, records transfer, information security and information sharing
* Collaborate with the Head of Digital Infrastructure and Cyber Security colleagues to examine and advise on computer security policies, including log‑on procedures, password setting and ageing
* Maintain up‑to‑date knowledge of new developments in Data Protection legislation and other provisions
* Provide advice and guidance on data‑subject rights and ensure the Trust’s privacy notice is regularly reviewed and updated
* Manage Data Subject Access Requests for information outside the medical record (e.g. Police, Department of Health & Social Care, Coroners, Surrey County Council, Social Services, Safeguarding, staff/ex‑staff, patient complaints, ICO complaints, solicitors, etc.)
Leadership and Managerial
* Assume the role of the Data Protection Officer (DPO), reporting directly to the Trust Board, ensuring no specific direction from other staff
* Provide support, advice and assurance of compliance across the Trust
* Maintain expert knowledge of data protection law and its application to the Trust’s business
* Serve as the first point of contact within the Trust for all data protection matters
* Support programmes and initiatives that involve new or innovative information processes, including data protection impact assessments (DPIAs), data sharing agreements (DSAs) and data processing agreements (DPAs)
* Consult with the Information Commissioner’s Office (ICO) where proposed processing poses a high risk
* Ensure the IG team operates effectively in supporting these functions
* Take account of processing risks in task performance
* Provide specialist advice on compliance obligations and advise projects on DPIA requirements
* Develop materials to support staff in conducting DPIAs and system implementations
* Act as the first point of contact for the ICO and cooperate in all matters concerning data protection compliance
* Cooperate with the ICO in providing evidence of compliance and handling breach management
* Act as the Privacy Officer (PO), receiving and investigating SCR notifications
* Lead on the Trust’s data protection, working closely with the Trust’s Caldicott Guardian and lead on the Caldicott Assurance Plan
* Ensure IG responsibilities and accountabilities are defined, communicated and acted upon
* Lead on the Information Security Assurance Plan
* Develop and maintain currency of the Trust’s Freedom of Information (FOI) publication scheme
* Manage the FOI administrator, providing regular appraisal and weekly one‑to‑one meetings
* Be responsible for all FOI requests received by the Trust, signing off before responses and advising on legal exemptions
* Manage appeals and internal reviews against decisions to refuse FOI requests
Reporting
* Manage the DSPT within the Trust, controlling user access, reminding contributors of deadlines, providing relevant training, advising on evidence suitability and signing off evidence before submission
* Report risks, issues and incidents to the Information Governance Steering Group and attend its meetings
* Co‑ordinate all statutory and external audits of Information Governance
* Act as Privacy Officer conducting proactive and reactive audits for user access to Evolve, Cerner EPR, BadgerNet, TVS Surrey Care Record (SyCR), National Care Records Service (NCRS), etc.
* Carry out quarterly unannounced spot checks to measure compliance with national and local IG standards
* Investigate, manage and report cyber incidents in partnership with IT colleagues
* Maintain the Trust’s notification registration with the Information Commissioner and inform relevant locations of registration details
* Coordinate with the Information Commissioner’s Office as required
* Produce an annual report and action plan on IG for the Trust’s Audit Committee
Service Improvement and Training
* Deliver the Information Governance Improvement/Action Plan and coordinate the annual audit to confirm and score compliance
* Co‑ordinate and ensure delivery of an improvement plan to ensure compliance with data security and protection standards and relevant legislation
* Lead the development and roll‑out of training programmes to managers and staff, ensuring awareness of IG and acceptance of responsibility
* Lead on development of IG documentation, including templates and document formats (e.g., Word documents versus Webforms)
* Continuously improve IG processes and SOPs to deliver earlier integration of IG within change initiatives and procurements, and faster turnaround of high‑quality documents from clinical and operational colleagues
Communications and Engagement
* Work closely with colleagues in similar posts in partner organisations across the local health economy to ensure delivery of IG across all organisations
* Maintain the Trust Information Governance section of the intranet and internet and manage the IG, Caldicott, and Police Liaison mailboxes
General Responsibilities
* Support the department and organisation by carrying out any other duties that reasonably fit within the broad scope of a job of this grade and type of work
Benefits
* Excellent pension scheme and annual leave entitlement
* On‑site nurseries
* On‑site staff cafés
* On‑site parking
* Support in career development
* Salary sacrifice schemes including wage stream, lease cars, Cycle to Work schemes and home electronics
#J-18808-Ljbffr