Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Data Protection Lead - Information Governance Toolkit

advertisement 
Data Protection Lead Job
Specification
IG Toolkit Exemplar Document
External IG Delivery Team
02 December 2013
1
Copyright © 2013, Health and Social Care Information Centre.
Data Protection Lead - Job Specification
Contents
Contents
2
Purpose
3
Data Protection Lead - Person Specification
3
Data Protection Lead - Job Description
4
2
A. Be the nominated officer in the Data Protection register
4
B. Manage Data Protection compliance
4
C. Provide reports to the Board
5
D. Profile-raising and publicity
5
E. Training
5
Copyright © 2013, Health and Social Care Information Centre.
Data Protection Lead - Job Specification
Purpose
To provide organisations with an exemplar document for use when determining the qualities,
experience and knowledge needed for applicants to the post of Data Protection Lead.
Data Protection Lead - Person Specification
Essential Desirable
Personal Skills
Good verbal and written communication skills, and able to
communicate effectively at all levels

Self motivated and organised

Able to work under pressure and to deadlines

Able to plan/complete implementations and contribute to culture
change

Able to manage time and priorities appropriately

Good level of people management skills

Positive attitude towards learning and development, demonstrated
by a record of continuing professional development

Technical Skills and Experience
Minimum of 4 years broad IM&T experience

A good working knowledge of Information Security (eg ISO 27000
series) principles and practices

Broad awareness of hardware/software security products

Good working knowledge of information risk analysis/management

Experience in the development and delivery of training material

Good understanding of the business and role of the NHS
organisation in which employed

Information Security qualification

Prince 2 practitioner

Good working knowledge of quality assurance principles and
practices

General Knowledge
Data Protection and computer-related legislation
3

Copyright © 2013, Health and Social Care Information Centre.
Data Protection Lead - Job Specification
NHS information issues

Health records issues

Data Protection Lead - Job Description
The role of the Data Protection Lead is to ensure that:

The organisation complies with the Data Protection Act 1998;

Employees are fully informed of their own responsibilities for acting within the law; and

The public, including employees, are informed of their rights under the Act.
A. Be the nominated officer in the Data Protection register

Be the nominated officer in the Data Protection register maintained by the Information
Commissioner, notify the fact of processing to the Information Commissioner and
maintain the accuracy and currency of the organisation’s notification.
B. Manage Data Protection compliance

Co-ordinate Data Protection Act activities (including training) with other Information
Governance Leads (e.g. Senior Information Risk Owner, Data Quality and Records
staff, Caldicott Function and Information Security Officer) and attend such information
governance group meetings as necessary.

Ensure organisational compliance, and conformance with the Data Protection
Principles.

Develop, implement and enforce a suitable and relevant Data Protection policy and
ensure it is reviewed on an annual basis.

Work with the Information Risk Lead (e.g. the Senior Information Risk Owner) and
Information Security Officer to establish and maintain a register of Information Asset
Owners for information assets (e.g. paper records, paper reports, databases, computer
hardware, etc) and educate the responsible owners on their responsibilities (what is the
data, how is it used, who has access to it).

Liaise with the Information Risk Lead, Caldicott Function and Information Security
Officer to develop and implement a mechanism for defining and maintaining information
flow maps within the organisation; and between the organisation and its partner
organisations - providing advice where necessary.

To undertake systematic Data Protection Act compliance audits in accordance with
Information Commissioner's audit tool.

Assist with investigations into complaints about breaches of the Act and undertake
reporting/remedial action as required. Maintain a log of any incidents and remedial
recommendations and actions.
4
Copyright © 2013, Health and Social Care Information Centre.
Data Protection Lead - Job Specification
C. Provide reports to the Board

Provide regular comprehensive reports to the Board on the organisation's compliance
with the Data Protection Act and related provisions.

Ensure the Board is appropriately informed about improvements that have been met,
that will be met by years end, that cannot be achieved without further resource,
(personnel or budgetary) and that have already missed the target date.
D. Profile-raising and publicity

Promote Data Protection awareness throughout the organisation by providing training
and written procedures that are widely disseminated and made available to all staff.

Encourage the setting up of a Data Protection group with representatives from across
the organisation.

Ensure written information on Data Protection is available for provision to patients and
employees.

Develop and maintain processes for subject access requests for information by patients
and employees exercising their rights under the Data Protection Act.
E. Training

Liaise with the Senior Information Risk Owner, the Caldicott Function, Information
Security Officer and other IG staff to develop and implement a Data Protection
awareness and training programme.

Ensure that training is made available to staff with on-going responsibility for Data
Protection issues.

Maintain and update own knowledge of developments in Data Protection issues,
information management and records management systems.

Be a resource for other employees by providing expert advice on the Data Protection
Act 1998 and related issues.
This list of responsibilities is not exhaustive; the Data Protection Lead will be
expected to undertake any other relevant duties appropriate to the grading of
the post and requirements of the service
5
Copyright © 2013, Health and Social Care Information Centre.
Related documents
Human resources
Human resources
MM Assignment briefing - Jun-Sep 2013
MM Assignment briefing - Jun-Sep 2013
Corresponding Members Form
Corresponding Members Form
Font Graphics Colour - Classroom Multimedia
Font Graphics Colour - Classroom Multimedia
Unit G620
Unit G620
Preparing a Records Management Plan (RMP)
Preparing a Records Management Plan (RMP)
Administrative Services Outcome 1
Administrative Services Outcome 1
What is your role in the organisation?
What is your role in the organisation?
Career break application form
Career break application form
Marketing Planning (MOD004454)
Marketing Planning (MOD004454)
Project Co-ordinator: Manufacturing, Design and Innovation Policy
Project Co-ordinator: Manufacturing, Design and Innovation Policy
EIPP User Guide - NSW Department of Community Services
EIPP User Guide - NSW Department of Community Services
Download
advertisement