DPO and Head of Information Governance
Remote UK
Salary:£85,000 per annum
plus £1000 per annum work from home allowance (pro-rata)
Reporting to: Chief Finance Officer
Expected Hours: 40 hours per week
Location: Home-based/various meeting locations as required
The Company
Psychiatry UK is the leading provider of online mental health services in the United Kingdom. A career here offers the opportunity to develop your knowledge, skills and life experiences while enjoying the opportunity to work in a full or part-time role from your home office. Working in a leading online mental health service means working amongst innovative, forward-thinking and committed professionals in a multi-disciplinary team.
Job Summary
The Data Protection Officer (DPO) and Head of Information Governance will oversee and lead the Information Governance (IG) and Cyber Security Agenda, ensuring compliance with UK GDPR, the ICO Accountability Tracker, and the NHS Data Security and Protection Toolkit (DSPT). The role is responsible for developing and implementing data protection policies, training, and governance frameworks while advising senior leadership on regulatory obligations and best practices.
Key focus over the next 24 months:
* Implementing/embedding an agile IG framework for an agile, digital, growth business - building a culture and capability for first line confidence and accountability.
* Leading the identification and remediation of high rated data privacy and compliance risks across all areas of PUKs operation - with focus on the evolution of our digital/data platform and including the development of automated controls.
* Support the digital transformation in the business, including the safe/compliant use of data for analytics.
Responsibilities and Duties
1. Lead Information Governance (IG): Oversee the IG agenda, ensuring compliance with legislation, regulatory standards, and data protection laws.
2. Support Digital Transformation: Ensure compliance in projects involving digital systems, automation, and AI.
3. Monitor Legislative Changes: Stay updated on data protection laws and implement necessary changes.
4. Develop and Maintain IG Framework: Establish policies, procedures, and governance structures to support compliance.
5. Mandatory Submissions & Reporting: Lead the Data Security and Protection Toolkit submission and provide board updates.
6. Training & Awareness: Collaborate with Learning & Development to implement IG training for staff.
7. Data Protection Compliance: Support Data Protection Impact Assessments (DPIAs), data-sharing agreements, and privacy notices.
8. Manage Data Access & FOI Requests: Oversee the Health Records Team to ensure compliance with Rights of Access and respond to Freedom of Information (FOI) requests.
9. Regulatory Liaison & Complaints Handling: Act as the registered DPO with the ICO, handle complaints, and review/report data incidents within 72 hours if required.
10. Risk & Records Management: Support information risk management, maintain a central asset register, and oversee records management from creation to disposal.
11. Governance & Oversight: Chair the IG & Data Protection Steering Group, develop Key Performance Indicators (KPIs), and embed data compliance across processes.
12. Line Manage a team of specialist staff working across all areas within the IG Framework.
Person Specification
Essential Qualifications and Skills:
* Educated to Degree Level in a relevant discipline.
* Suitable Data Protection qualifications/certifications.
* Extensive knowledge of Data Protection legislation (Data Protection Act 2018/UK GDPR/PECR/Computer Misuse Act etc).
* Managerial/leadership skills evidenced through training or through relevant experience.
* Advanced knowledge of frameworks such as Cyber Essentials Plus, DSPT, ISO:27001 etc.
* High level of interpersonal skills and ability to work with Executive Level staff.
* Advanced oral and written skills for communicating on complex information governance and data protection matters.
* Report writing skills.
* Problem solving skills and ability to respond to sudden unexpected demands.
* Excellent time management skills with the ability to prioritise based on need.
* Ability to work to tight deadlines.
Desirable Qualifications and Skills:
* Experience of working in a healthcare setting in a Lead Information Governance role.
* Experience operating in a rapidly scaling digital (health) environment with use of sensitive/special category data.
* Experience of managing and communicating with regulators including ICO.
* Strong technical background with experience of Cyber security management.
Other information
This job description is intended as an outline indicator of general areas of activity and will be amended in the light of the changing needs of PUK. You may be required to work at other locations as determined by the duties of your post. You may be required to undertake any other duties at the request of the Line Manager, which are commensurate with the role, including project work, internal job rotation and absence cover.
Behaviour
All employees are expected to:
* Support the values, aims and vision of PUK and its clients.
* Act with honesty and integrity at all times.
* Be positive ambassadors for PUK.
* Demonstrate high standards of personal conduct.
* Value and respect colleagues, other members of staff and patients.
* Work with others to develop and improve PUK services.
* Take personal responsibility for their words and deeds and for the quality of the service they deliver.
Confidentiality
The post holder must ensure that personal information is accurate, up to date, always kept secure and confidential in compliance with relevant legislation and the common law duty of confidentiality.
Valuing Diversity & Human Rights
No person should receive less favourable treatment on the grounds of sex, sexual orientation, marital/partnership status, race, religion, age, creed, colour, ethnic origin, disability, part time working status and real or suspected HIV/AIDS status and must not be placed at a disadvantage by conditions or requirements which cannot be shown to be justifiable.
Data Protection
If you have contact with computerised data systems you are required to obtain, process, and/or use information held on a computer in a fair and lawful way, to hold data only for the specific registered purpose and not to use or disclose it in any way incompatible with such purpose. To disclose data only to authorised persons or organisations as instructed.
J-18808-Ljbffr