Our client is a well known not for profit care provider within the UK. They specialise in providing high quality, person-centred care for older people, in care homes, supported housing and extra care housing nationwide. They are looking for an IT Governance Officer to join their team.
This role is responsible for helping the client meet requirements related to data protection and GDPR in line with the Data Protection Act 2018. Working closely across the clients functions you will look at improving performance through the development of key processes, managing and assessing risk, and communication activities related to GDPR and Data Protection whilst ensuring information kept is within the law.
Ensure the client establish compliance in Data Protection, and GDPR, highlighting any risk areas to senior management team.
Develop and maintain Data Protection Policies, and privacy policies across the business ensuring they are reviewed annually.
Act as the point of contact for the Information Commissioners Office, whilst being the Data Protection Officer for the busines and maintaining the annual notification to the ICO
Oversee, develop and maintain the processes for responding to requests for information, including subject access requests and requests from external organisations.
Oversee spot check data protection audits across the business.
Develop and maintain the incident reporting process for incidents, whilst investigate any incidents, and assess whether they need reporting to the ICO.
Ensure that all employees complete relevant information governance training, and relevant cyber security training.
Provide support to business functions related to data protection requirements.
Keep abreast of changes in data protection law and legislation to ensure that the business continues to comply with the law and best practice.
Experience as Data protection/GDPR Practitioner with a Data protection qualification (BCS/ISEB, CIPP/E, CIPM or equivalent practical experience.
Expert knowledge of the data protection law including the GDPR, Data Protection Act 2018, Access to Health Records Act 1990, and the common law of confidentiality.
Good working knowledge of the Privacy & Electronic Communications Regulations (PECR).
A good working knowledge of Information Security (ISO270001) principles and practice
A good working knowledge of information risk analysis and risk management
Knowledge of information systems and databases to determine how processes need to be developed
Good personal communication skills capable of dealing with wide range of stakeholders, including senior management
Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels
Previous experience of dealing with data protection issues in an operational environment, managing data incidents and breaches.
Experience of developing, implementing and maintaining policies and procedures, relating to legislative requirements and relate these to organisational practices and solutions.