Job summary
The Privacy, Transparency & Trust (PTT) Sub-directorate is a sub-directorate of the Delivery Directorate. The mission of the PTT Sub-directorate is to enable NHS England to drive innovation and improve lives through greater use of data and technology and to be a well-run organisation.
The PTT Sub-directorate will enable and promote public trust in NHS England's custodianship of staff, workforce and patient data. This aligns with the new legal duty of NHS England to have regard to the need to respect and promote privacy of patients and the core principles that underpin NHS England as a safe haven of patient data.
The role of Assistant Director, Deputy Data Protection Officer is a key leadership role in PTT which will be responsible for delivering significant IG activities, leading a sub-team and supporting the Data Protection Officer (Band 9 role) who leads the relevant team.
Main duties of the job
The Assistant Director Deputy Data Protection Officer will:o Perform the activities of the DPO (listed in the Assignment Brief) as the Deputy of the DPOo Provide leadership to the DPO team in support of the DPOo Lead specific activities and workstreams using highly developed problem-solving, leadership and communication skills.
About us
The NHS England board have set out the top-level purpose for the new organisation to lead the NHS in England to deliver high-quality services for all, which will inform the detailed design work and we will achieve this purpose by:
- Enabling local systems and providers to improve the health of their people and patients and reduce health inequalities.
- Making the NHS a great place to work, where our people can make a difference and achieve their potential.
- Working collaboratively to ensure our healthcare workforce has the right knowledge, skills, values and behaviours to deliver accessible, compassionate care
- Optimising the use of digital technology, research, and innovation
- Delivering value for money.
If you would like to know more or require further information, please visithttps://www.england.nhs.uk/.
Colleagues with a contractual office base are expected to spend, on average, at least 40% of their time working in-person.
Staff recruited from outside the NHS will usually be appointed at the bottom of the pay band.
Job description
Job responsibilities
You can find further details about the job, organisational structure, recruitment profile, expected outcomes and benefits information in the attached Job Description, Assignment Brief and other supporting documents.
If you like what you have read and think you have the skills and experience, we need then don't delay, apply today! We get lots of applications for our roles and so we sometimes have to close our posts early. Don't miss out!
Job description
Job responsibilities
You can find further details about the job, organisational structure, recruitment profile, expected outcomes and benefits information in the attached Job Description, Assignment Brief and other supporting documents.
If you like what you have read and think you have the skills and experience, we need then don't delay, apply today! We get lots of applications for our roles and so we sometimes have to close our posts early. Don't miss out!
Person Specification
Qualifications
Essential
- Graduate level qualification / equivalent experience: Educated to Graduate degree level (in a relevant subject) or equivalent relevant experience within a professional working environment.
- Post-Graduate level qualification / equivalent experience: Educated to Post-Graduate degree level (in a relevant subject) or equivalent relevant experience within a professional working environment.
- IG accredited qualification: Accredited IG specific qualification e.g. (but not limited to) BCS, ISEB, PDP, IAPP.
Desirable
- Other relevant accredited qualification: Accredited qualifications which would materially benefit the performance of your role such as qualifications in project management (e.g. Agile, Prince II), technology (such as advanced level user of Microsoft Office365), security, communications, or leadership.
- Legal qualifications which are relevant to the role of Deputy Data Protection Officer.
Knowledge
Essential
- The role requires expert and detailed knowledge of: Data Protection law, common law duty of confidentiality, NHS legal framework, the statutory functions of NHS England, ethical issues, and how they impact NHS England's use of personal data. Guidance and policy published by the Information Commissioner's Office (ICO), the National Data Guardian (NDG), NHS Records Management Code of Conduct, and other bodies.
- How to apply legal and policy IG requirements, supporting and advising colleagues on the use of personal data, risks, records management obligations, and data protection impact assessments. Responding to statutory requests for access to personal data and other rights under the UK GDPR and DPA 2018.
- The accountabilities and responsibilities for overseeing and managing IG issues, including the roles of the Caldicott Guardian, Senior Information Risk Officer, Data Protection Officer, Chief Information Security Officer, Information Asset Owners, the ICO and the NDG.
- Information security, collection, analysis, publication and dissemination of data, risk management, and how IG assurance is achieved within an organisation including carrying out monitoring and assurance activities.
- How to promote public trust and benefit in the use of personal data, including approaches to consultation and engagement with the public and representative groups.
- The health and adult social care system in England, the use of NHS patient data and its impact on stakeholders such as patients and researchers.
Skills and Experience
Essential
- Extensive experience of a leadership role within an information governance function including: Commitment to delivering high performance within the team and maintaining the highest levels of professionalism, integrity, with responsibility for continuous improvement, excellent service delivery, and developing a "one team" respectful and inclusive culture. Working collaboratively across team, function, and organisational boundaries, to achieve the best outcomes.
- Advising on sharing personal data with other organisations, data processing agreements, identifying appropriate controller / processor relationships for highly complex data flows, and the required documentation to facilitate such sharing, Writing and tailoring key information governance documents, including policies, data protection impact assessments, privacy notices. Producing executive level reports and briefings to evaluate the organisation's compliance.
- Leading on and co-ordinating responses to urgent activities such a personal data breach responses and other issues. Providing timely, clear and practical IG advice in a range of formats on highly complex and high-profile matters, services, and projects, including detailed privacy by design advice and delivering advice at Executive and Board level. Representing organisations before external stakeholders such as the Information Commissioner's Office.
- Creating and delivering an effective IG strategy which performs highly complex data processing. Conducting IG related research, communicating key IG issues and raising awareness of IG issues across the organisation.
Person Specification
Qualifications
Essential
- Graduate level qualification / equivalent experience: Educated to Graduate degree level (in a relevant subject) or equivalent relevant experience within a professional working environment.
- Post-Graduate level qualification / equivalent experience: Educated to Post-Graduate degree level (in a relevant subject) or equivalent relevant experience within a professional working environment.
- IG accredited qualification: Accredited IG specific qualification e.g. (but not limited to) BCS, ISEB, PDP, IAPP.
Desirable
- Other relevant accredited qualification: Accredited qualifications which would materially benefit the performance of your role such as qualifications in project management (e.g. Agile, Prince II), technology (such as advanced level user of Microsoft Office365), security, communications, or leadership.
- Legal qualifications which are relevant to the role of Deputy Data Protection Officer.
Knowledge
Essential
- The role requires expert and detailed knowledge of: Data Protection law, common law duty of confidentiality, NHS legal framework, the statutory functions of NHS England, ethical issues, and how they impact NHS England's use of personal data. Guidance and policy published by the Information Commissioner's Office (ICO), the National Data Guardian (NDG), NHS Records Management Code of Conduct, and other bodies.
- How to apply legal and policy IG requirements, supporting and advising colleagues on the use of personal data, risks, records management obligations, and data protection impact assessments. Responding to statutory requests for access to personal data and other rights under the UK GDPR and DPA 2018.
- The accountabilities and responsibilities for overseeing and managing IG issues, including the roles of the Caldicott Guardian, Senior Information Risk Officer, Data Protection Officer, Chief Information Security Officer, Information Asset Owners, the ICO and the NDG.
- Information security, collection, analysis, publication and dissemination of data, risk management, and how IG assurance is achieved within an organisation including carrying out monitoring and assurance activities.
- How to promote public trust and benefit in the use of personal data, including approaches to consultation and engagement with the public and representative groups.
- The health and adult social care system in England, the use of NHS patient data and its impact on stakeholders such as patients and researchers.
Skills and Experience
Essential
- Extensive experience of a leadership role within an information governance function including: Commitment to delivering high performance within the team and maintaining the highest levels of professionalism, integrity, with responsibility for continuous improvement, excellent service delivery, and developing a "one team" respectful and inclusive culture. Working collaboratively across team, function, and organisational boundaries, to achieve the best outcomes.
- Advising on sharing personal data with other organisations, data processing agreements, identifying appropriate controller / processor relationships for highly complex data flows, and the required documentation to facilitate such sharing, Writing and tailoring key information governance documents, including policies, data protection impact assessments, privacy notices. Producing executive level reports and briefings to evaluate the organisation's compliance.
- Leading on and co-ordinating responses to urgent activities such a personal data breach responses and other issues. Providing timely, clear and practical IG advice in a range of formats on highly complex and high-profile matters, services, and projects, including detailed privacy by design advice and delivering advice at Executive and Board level. Representing organisations before external stakeholders such as the Information Commissioner's Office.
- Creating and delivering an effective IG strategy which performs highly complex data processing. Conducting IG related research, communicating key IG issues and raising awareness of IG issues across the organisation.
Disclosure and Barring Service Check
This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.
