Reviews and assists own organisation to maintain a privacy notice and record of processing activities (ROPA). Advises and, where necessary, assists on the application of data protection impact assessments (DPIA) and maintain records for compliance within regulatory access requirements.
SFIA Skills: Personal data protection (PEDP)
Regulatory compliance (Level 6)
Identifies the impact of any relevant statutory, internal or external regulations on the organisation’s use of personal information and develops strategies for compliance. Leads and plans activities to communicate and implement information management and privacy strategies. Monitors and advises on application of privacy notice, ROPA and application of DPIAs. Acts as contact point for regulatory authority (Commissioner) on issues relating to processing, prior consultations and other matters as appropriate.
Cooperation and relationships (PEDP) (Level 6)
Instigates and encourages cooperation where opportunities and requirements to work with subject matter experts exist to build effective relationships within the organisation. Demonstrates how collaborative working will increase the organisation’s effectiveness, reduce risk and create trust and resilience with the general public. Areas to work with should include legal, public relations, learning and development, procurement, information security, IT, security, data management and architecture.
Policies, procedures and governance (PEDP) (Level 6)
Consults, collaborates and offers expert advice on developing organisational policies, procedures, best practice, privacy policies, standards and guidelines ensuring recognised data protection definitions and practices are applied throughout the organisation. Has due regard to the risk associated with processing operations, taking into account the nature, context and purpose of processing.
Incident Response (PEDP) 5
Assesses and manages the risk for any potential personal data breaches and cyber incidents. Sets in motion the agreed procedures to identify breach, including with third parties, works within statutory timeline, mitigates risk, and maintains communications with Data Protection Officer (DPO), or equivalent when not required, to comply with statutory notification to the regulatory authority (Commissioner) if breach confirmed.
Information sharing (PEDP)(Level 6)
Advises on information sharing requirements including agreements and ad hoc disclosures for example police requests.
Data protection by design and default (PEDP)(Level 6)
Monitoring compliance with data protection and default through DPIAs and associated documentation.
Training and raising awareness (PEDP)(Level 6)
Influencing culture through training and raising the awareness of staff.
Internal compliance (PEDP)(IG)(Level 6)
Monitors compliance of the organisation (or its processors) in relation to the protection of personal data, including the assignment of responsibilities to manage functions under UK GDPR.
Individual rights requests (PEDP)(IG)(Level 6)
Monitors the organisation’s compliance with individual rights requests.
Individual rights requests (PEDP)(IG)(Level 5)
Processes straight forward subject access requests in accordance with GDPR requirements as applicable. Maintains compliance with appropriate timeframes, any allowed charges or refusals.
Information Governance Audit (PEDP) (Level 5)
Principles, practices, tools and techniques of information governance auditing and the Data Security and Protection Toolkit.
Access requests (Level 4)
Supports the processing of subject access requests in accordance with GDPR requirements.
Regulatory compliance (Level 5)
Reviews and assists own organisation to maintain a privacy notice and record of processing activities (ROPA). Advises and, where necessary, assists on the application of data protection impact assessments (DPIA) and maintain records for compliance within regulatory access requirements.