Individual rights requests Processes straight forward subject access requests in accordance with GDPR requirements as applicable. Maintains compliance with appropriate timeframes, any allowed charges or refusals. Caldicott Guardian/SIRO and DPO advice and support Provides straightforward advice and support to the Caldicott Guardian and Senior Information Risk Owners. Provides support to the DPO as required. Data security and protection toolkit (DSPT)/Cyber Assurance Framework (CAF) Uses the Data Security & Protection Toolkit (DSPT) to provide assurance that information assets are secure and handling personal information correctly. Advice and guidance Provides straight forward information governance advice and guidance to colleagues and suppliers to ensure they effectively manage information. Policies Follows standard approaches for the timely review & assessment of Trust IG polices and data flows against latest national regulatory updates and Trust business objectives. Learning delivery Assists in teaching, instruction and /or training of students/learners in order to develop knowledge, techniques and skills using appropriate methods, tools, online environments, equipment and materials. Risk assessment Supports risk assessment following standard procedures. Maintains and monitors risk assessment documentation. Regulatory compliance Reviews and assists own organisation to maintain a privacy notice and record of processing activities (ROPA). Advises and, where necessary, assists on the application of data protection impact assessments (DPIA) and maintain records for compliance within regulatory access requirements. Develops and builds effective relationships Facilitates open communication and discussion between stakeholders, acting as a single point of contact by developing, maintaining and working to stakeholder engagement strategies and plans. Review findings Collates evidence and examines for compliance with standards, statutory controls, or management directives. Identifies, escalates and documents issues of non-compliance. Communications Communicates effectively by competent use of email, telephone, written and face-to-face communication according to guidelines and customer care standards. Acts as a touchpoint for internal and external contacts. Threats and breaches Responds to data security breaches in line with security and information governance policies. Supports any investigation that takes place as a result of a breach. Supports action to categorise and limit damage, according to the organisation's security policy, which may include escalation and reporting the incident to the Information Commissioner's Office, and records the incident and action taken.