Data Protection Officer

UKHSA is looking for an experienced and hard-working Data Protection Officer to join its Data and Cyber Security directorate and provide an expert data protection support and assurance function to ensure UKHSA fully complies with the requirements of data protection law while maximising the public health benefit of the data and information it collects and uses to fulfil its remit as the national expert agency for health protection. The postholder will be based in the Compliance team, working alongside the Head of Compliance, and have strong working relationships with teams in the Information Management, Data Governance and Privacy (IMP) division. The postholder will also have a close working relationship with the Data Protection Officer team in the Department of Health and Social Care.

**Please see the section**: Detailed job description and main responsibilities for a full description of the role

UKHSA ethos is to be an inclusive organisation for all our staff and stakeholders. To create, nurture and sustain an inclusive culture, where differences drive innovative solutions to meet the needs of our workforce and wider communities. We do this through celebrating and protecting differences by removing barriers and promoting equity and equality of opportunity for all.

You will have strong experience of providing a Data Protection Officer service to complex organisations handling large volumes of personal data and special category data, preferably in the health and care sector. You will have expert knowledge of data protection law and practices, including the UK General Data Protection Regulation, Data Protection Act and the Privacy and Electronic Communications Regulations, as well as the codes of practice, frameworks and guidance issued by the Information Commissioner’s Office (ICO). You will have experience of engaging with the ICO to support organisations in complying with data protection law.

You will have a good understanding of the role of the National Data Guardian for Health and Social Care, as well as the Caldicott principles and the role of the Caldicott Guardian. You will have detailed knowledge of the codes of practice and guidance published by expert bodies such as the National Cyber Security Centre, and of assurance standards such as the Data Security and Protection Toolkit.

You will be used to working with colleagues to assess information risks and ensure that effective controls are in place. You will have experience of providing evidence-based, objective and impartial advice to senior management, including information asset owners, the senior information risk owner and, where appropriate, the chief executive and senior governance groups, on the level of organisational compliance with data protection law. You will be experienced in developing and implementing processes for monitoring and managing compliance with corporate data protection policies, standards and procedures, and in building a strong culture of compliance with the data protection principles.

You will have a high level of experience in building and leading positive and effective working relationships, be a self-starter able to work without supervision, have strong verbal, written and presentational skills, and be able to work well under pressure and to tight deadlines.

The main duties and responsibilities of the Data Protection Officer are to provide the following services to UKHSA:

- work closely alongside the senior information risk owner, Caldicott Guardian and other senior managers to provide timely expert verbal and written advice to the chief executive and senior governance groups to support the agency’s compliance with data protection law and the common law duty of confidentiality
- provide timely expert verbal and written support and assurance to information asset owners and other senior staff on identifying information risks and implementing effective controls to ensure compliance with data protection law and the agency’s data protection policy framework
- work alongside the Compliance team to monitor compliance with data protection law and the agency’s corporate policies, standards and procedures, including conducting data protection reviews and audits (independently, as well as jointly with the Compliance team and Internal Audit)
- provide structured and systematic evidence-based monitoring reports to senior management on the agency’s compliance with data protection law and its corporate governance and assurance frameworks, in particular highlighting compliance risks and issues at tactical and strategic levels (independently, as well as jointly with the Governance, Risk and Assurance team)
- raise awareness of data protection law and the agency’s data protection policy framework, including advising on and providing training and guidance to staff, including targeted training to senior managers, and producing regular awareness-raising campaigns and communications to all staff
- work alongside the Privacy