Summary
As Data Protection Officer (DPO) you will assist the organisation to monitor internal compliance, inform and advise on data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs), SARs/other rights requests, incidents, ROPAs (IAFRs), data sharing agreemnets and act as a contact point for data subjects and the Information Commissioner.
You will be independent, an expert in data protection, adequately resourced and report to the highest management level.
You will help the organisation demonstrate compliance and are part of the enhanced focus on accountability.
Background
Description | Background |
---|---|
Has detailed knowledge and implementation experience of UK GDPR regime and relevant national data protection laws. Has an understanding of international privacy laws. Has working knowledge of information governance and common law duty of confidentiality. Can make sound and far-reaching decisions on major issues, takes responsibility for them and advises on relevant risk assessments. Has comprehensive communication skills to interact at all levels of the organisation, regulators (ICO), stakeholders and data subjects. Is self-motivating and maintains independence. Understands the restrictions on using data – including legislation, regulation and contract restrictions, and the importance of recognised data definition standards and their applicability within the organisation. | Prior Knowledge and Skills |
Work Activity Components
Title | Details |
---|---|
Control and owners (PEDP) (Level 6) | Maintains an overview of the organisation's information assets, identifies the information asset owners and implements internal audits including controls on storing, security, maintaining records of processing activities, data protection impact assessments, transfers, contracts and handling access to personal data. |
Regulatory compliance (Level 6) | Identifies the impact of any relevant statutory, internal or external regulations on the organisation's use of personal information and develops strategies for compliance. Leads and plans activities to communicate and implement information management and privacy strategies. Monitors and advises on application of privacy notice, ROPA and application of DPIAs. Acts as contact point for regulatory authority (Commissioner) on issues relating to processing, prior consultations and other matters as appropriate. |
Cooperation and relationships (PEDP) (Level 6) | Instigates and encourages cooperation where opportunities and requirements to work with subject matter experts exist to build effective relationships within the organisation. Demonstrates how collaborative working will increase the organisation's effectiveness, reduce risk and create trust and resilience with the general public. Areas to work with should include legal, public relations, learning and development, procurement, information security, IT, security, data management and architecture. |
Incident Response (Level 6)(IG) | Cooperates with the supervisory authority. Acts as the contact point for the supervisory authority on issues relating to processing, including the prior consultation referred to in Article 36. Consults, where appropriate, with regard to any other matter. Advises the organisation on risk mitigations and required actions. |
Restricted Transfers (IG)(Level 6) | Advises on restricted transfers including any additional safeguards and ensures copies of safeguards are available to persons whose data is to be or has been transferred overseas. |
Individual rights requests (PEDP)(IG)(Level 6) | Monitors the organisation's compliance with individual rights requests. |
Internal compliance (PEDP)(IG)(Level 6) | Monitors compliance of the organisation (or its processors) in relation to the protection of personal data, including the assignment of responsibilities to manage functions under UK GDPR. |
Training and raising awareness (PEDP)(Level 6) | Influencing culture through training and raising the awareness of staff. |
Data protection by design and default (PEDP)(Level 6) | Monitoring compliance with data protection and default through DPIAs and associated documentation. |
Information sharing (PEDP)(Level 6) | Advises on information sharing requirements including agreements and ad hoc disclosures for example police requests. |
Behavioural Skills
Title | Details |
---|---|
Decision Making | Making decisions at the appropriate time, taking into account the needs of the situation, priorities, constraints, known risks, and the availability of necessary information and resources. |
Organisational Awareness | Understanding the hierarchy and culture of own, customer, supplier and partner organisations and being able to identify the decision makers and influencers. |
Interacting with People | Establishing relationships, contributing to an open culture and maintaining contacts with people from a variety of backgrounds and disciplines. Effective, approachable and sensitive communicator in different communities and cultures. Ability to adapt style and approach to meet the needs of different audiences. |
Influence, Persuasion and Personal Impact | Conveying a level of confidence and professionalism when engaging with stakeholders, influencing positively and persuading others to take a specific course of action when not in a position of authority. |
Leadership | Clearly articulating goals and objectives, and motivating and leading others towards their achievement. |
Technical Skills
Title | Details | Depth |
---|---|---|
Information Architecture | Methods, techniques and technologies for ingesting, securing, processing and using data and information within and beyond an organisation. | Familiar with |
Information Governance Audit | Principles, practices, tools and techniques of information governance auditing and the Data Security and Protection Toolkit. | Expert in |
Corporate, Industry and Professional Standards | Applying relevant standards, practices, codes, and assessment and certification programmes to the specific organisation or business domain. | Expert in |
Other Skills
Title | Details | Depth |
---|---|---|
Legislation | Relevant national and international legislation. | Expert in |
Risk Management | Methods and techniques for the assessment and management of business risk. | Expert in |
Presentation Techniques | Methods and techniques for delivering effective and accessible presentations, either face-to-face or online within various contexts and to a variety of audiences. | Proficient in |
Techniques for Effective Meetings | Methods and techniques for running effective meetings and for understanding and influencing the roles played by participants. | Proficient in |
Standards Writing Techniques | Principles, methods and techniques for establishing, documenting, and maintaining standards. | Proficient in |
Training
Title | Details |
---|---|
Data Management | Data management concepts, methods, tools and techniques relating to the planning, development, implementation, administration and curation of data. |
Latest Cyber Security Threats for Senior Execs | Short, high-level, up-to-date and to-the-point briefing on the latest threats and vulnerabilities in cyber security. |
Privacy Management | Techniques to investigate, analyse, plan and document structures, people, processes, information and technology for managing privacy within the organisation. |
Professional Development Activity (PDA)
Title | Details | PDA Group |
---|---|---|
Mentoring | Acting as a mentor, advising those for whom there is no direct responsibility, on matters to do with their job role, career and professional development. | Broadening Activities |
Participation in Professional Body Affairs | Taking an active part in professional body affairs at branch, specialist group, committee or board level. | Participation in Professional Activities |
General Management | Continuing learning and development in general management skills, such as effective communication, leadership styles and skills, team building and team roles, motivation and delegation, planning and resource scheduling, influencing, persuasion and negotiation, so as to be in a position to accept greater responsibility at senior management or director (including non-exec) level. | Developing Professional Skills |
Gaining Strategic Knowledge of Employing Organisation | Developing a comprehensive understanding of the business environment in which the employing organisation operates and its position, policies and direction in relation to health and care, country and global issues. | Increasing Knowledge |
Qualification Components
Title | Awarding Bodies |
---|---|
GDPR Practitioner Certificate | Act Now Training |
Advanced Certificate in GDPR Practice | Act Now Training |
Practitioner Certificate in Data Protection (PC.dp.) | PDP Training |
Certified Data Protection Officer Training (CDPO) | The Training Centre |
BCS Practitioner Certificate in Data Protection | BCS The Chartered Institute for IT |
The Professional Body Responsible for this job family is IHRIM. This job role profile was created in collaboration with BCS, using Role Model Plus.