Using the ICO Accountability Framework to monitor, promote and improve the organisation’s compliance with data protection legislation.
GKIM Job Family: Information Rights
IR01 | Identifying and managing information risk: Data Protection
Advising on and applying privacy by design principles. Identifying data protection risks and advising on mitigations.
IR02 | Identifying and managing information risk: the FOIA, FOISA, EIR and EIR(S)s
Developing and applying an awareness of sensitivities underlying information requests and taking the appropriate measures to protect sensitivities while upholding rules on transparency.
IR03 | Managing incidents relating to DPA compliance (e.g. data breaches)
Reporting, responding to and managing incidents involving personal data.
PL01 | Working with the Data Protection Act 2018 (DPA)
Understanding, interpreting and communicating the legislation as it applies to the task in hand.
PL02 | Working with the Digital Economy Act 2017 (DEA)
Understanding, interpreting and communicating the legislation as it applies to the task in hand.
PL03 | Working with the Environmental Information Regulations 2004 (EIRs) and Environmental Information (Scotland) Regulations 2004 (EIRs)
Understanding, interpreting and communicating the legislation as it applies to the task in hand.
PL04 | Working with the Freedom of Information Act 2000 (FOIA) and Freedom of Information (Scotland) Act 2002 (FOISA)
Understanding, interpreting and communicating the legislation as it applies to the task in hand.
PL05 | Working with the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR)
Understanding, interpreting and communicating the legislation as it applies to the task in hand.
PL06 | Working with the Re-use of Public Sector Information Regulations (RPSI)
Understanding, interpreting and communicating the legislation as it applies to the task in hand.
PL07 | Working with the UK General Data Protection Regulation 2018 (UK GDPR)
Understanding, interpreting and communicating the legislation as it applies to the task in hand.
PL08 | Working with the UNECE Aarhus Convention 1998 (access to environmental information, public participation in decision-making, access to justice in environmental matters)
Understanding, interpreting and communicating the legislation as it applies to the task in hand.
P01 | Carrying out casework on Data Protection (including SARs and complaints)
Managing responses to individual rights requests in compliance with the legislative deadline, ensuring responses are timely and accurate.
P02 | Carrying out casework on the FOIA. FOISA, EIR or EIR(S)
Developing and applying knowledge on recording and processing casework to balance access rights and transparency with the relevant protection for sensitive information.
P03 | Checking compliance of contracts
Developing detailed knowledge of contracts and the relevent GDPR or security clauses.
P04 | Understanding data sharing agreements or Memorandum of Understanding (MoUs)
Developing detailed knowledge of data sharing agreements or Memorandum of Understanding (MoUs).
AG01 | Drafting policy and guidance
Drafting clear and accurate guidance that communicates complex issues and options to a non-specialist.
AG02 | Obtaining legal advice
Developing an understanding of cases where specific legal advice is needed and knowing how to instruct a legal adviser and assess the legal advice provided.
AG03 | Providing advice and guidance: DPA
Developing detailed knowledge of the law and local practice to be able to advise, guide and train others.
AG04 | Providing advice and guidance on: FOI, FOISA, EIR and EIR(S)
Developing detailed knowledge of the law and local practice to be able to advise, guide and train others.
GC01 | Complying with FOI retention rules in relation to archiving records
Demonstrating awareness and application of disposal schedules for information created, received and retained.
GC02 | Complying with the DPA in relation to archiving records
Demonstrating awareness of DPA complaince in relation to archiving of records.
GC03 | Complying with the EIR and EIR(S) Codes of Practice
Understanding how the code applies to the task in hand and supporting local compliance with the code.
GC04 | Complying with the FoI and FoISA Codes of Practice
Understanding how the code applies to the task in hand and supporting local compliance with the code.
GC05 | Complying with the FOIA, FOISA, EIR and EIR(S)s in relation to proactive disclosure
Demonstrating awareness and application of local operation of disclosure logs and publication scheme content.
GC06 | Following the ICO and Scottish Information Commissioner Codes
Using the ICO and Scottish Information Commissioner codes to monitor, promote and improve the organisation’s compliance with relevent legislation.