DPO and Head of Information Governance

The Company

Psychiatry UK (PUK) is the nation’s leading online psychiatry service, providing assessment, diagnosis, and treatment for a range of mental health conditions. Our mission is to rise to the challenge to help solve the UK’s mental health crisis. Powered by our intelligent, A.I (Artificial Intelligence). enabled platform we provide consultant-led psychiatric care for the whole family, specialising in ADHD and Autism.

Job Summary

The DPO is an essential role supporting the Chief Finance Officer and the Executive Board to manage the Information Governance and Cyber Security Agenda across the organisation. The DPO will lead on the ongoing development and management of the organisation’s Information Governance Framework, using the Information Commissioner’s Office (ICO) Accountability Tracker, as well as the NHS Data Security and Protection Toolkit (DSPT) as a basis for this framework. Acting as the organisation’s specialist lead on all matters pertaining to Information Governance, Data Protection and Records Management, the DPO will provide expert guidance and interpretation of relevant legislation. The Head of Information Governance will develop, implement, and monitor policies, processes, and procedures to support the IG requirements to enable PUK to meet its statutory, contractual, and regulatory obligations while reducing security and information risks. The DPO will develop a training programme to ensure staff are appropriately trained on core topics within the IG Framework.

The DPO will Line Manage a team of specialist staff working across all areas within the IG Framework. This will include overseeing a team of Health Records Officers whose role is to process Subject Access Requests/Access to Health Records requests in line with statutory requirements and specialist Information Governance Officers who work to support the DPO to deliver against the IG Framework.

The DPO will be the subject matter expert on all matters relating to data protection and information governance and monitoring internal compliance. The DPO must align to the requirements as detailed under articles 37-39 of UK GDPR. The DPO will inform and advise the Executive Board on data protection obligations. The DPO will review all Data Protection Impact Assessments and support with reviewing and producing compliance documentation to evidence accountability. The DPO will be the point of contact for all data subjects including staff and patients, and be the named contact for the regulatory authority, the Information Commissioner’s Office and be named on their register of DPOs.

Key focus over the next 24 months:

1. Implementing /embedding an agile IG framework for an agile, digital, growth business - building a culture and capability for 'first line' confidence and accountability
2. Leading the identification and remediation of high rated data privacy and compliance risks across all areas of PUKs operation - with focus on the evolution of our digital / data platform and including the development of automated controls
3. Support the digital transformation in the business, including the safe / complaint use of data for analytics

Main Duties and Responsibilities

• To manage the Information Governance Agenda across the organisation.
• To ensure legislative and regulatory compliance standards are adhered to when working on digital transformation projects, automated systems and the use of Artificial intelligence across the organisation.
• To continually keep abreast of legislative changes and ensure the organisation is prepared should any relevant changes to legislation be implemented.
• To ensure adherence to key Data Protection legislation and advise staff on the statutory requirements under relevant legislation.
• To lead on the completion of the mandatory annual organisational submission to the Data Security and Protection Toolkit.
• To lead on the ongoing development and management of the organisation’s Information Governance Framework.
• To develop a suite of key IG and Data Protection policies, processes, and procedures to support staff.
• To support the Learning and Development Team to develop a training plan to ensure staff are appropriately trained on a broad range of topics within the IG framework.
• To support in the completion of Data Protection Impact Assessments, Data Sharing Agreements, Data Processing Agreements, Data Transfer Agreements, Memorandum of Understandings etc.
• To regularly review and update organisational privacy notices.
• To oversee the Health Records Team whose job is to ensure the Rights of Access is appropriately met following statutory requirements.
• To support public authorities in responding to any relevant Freedom of Information Requests.
• To be registered as the DPO with the ICO and be the main point of contact for all regulatory authorities and the general public in relation to data issues.
• To review and handle data complaints in line with the organisational complaints policy.
• To review and grade all data incidents and to report any incidents to the ICO within 72-hours of notification.
• To work collaboratively with core members of the organisation to ensure data compliance is an integral part of any process.
• To support with the Information Risk Management programme and ensuring a central asset register and record of processing activities can be evidenced across the organisation.
• To lead on the Records Management function of the organisation and ensure staff are understanding of their responsibilities from creation of data right through to disposal.
• To provide regular reports to Board to apprise on progress within the IG framework.
• To develop a series of Key Performance Indicators for monitoring and compliance purposes.
• To oversee the regular IG and Data Protection Steering Group, ensuring appropriate updates are provided on how the organisation is being steered via the IG Framework.

Essential Qualifications and Skills

• To be educated to Degree Level in a relevant discipline.
• To hold suitable Data Protection qualifications/certifications and have extensive knowledge of Data Protection legislation (Data Protection Act 2018/UK GDPR/PECR/Computer Misuse Act etc).
• Managerial/leadership qualifications evidenced through training or through relevant experience.
• Advanced knowledge of frameworks such as Cyber Essentials Plus, DSPT, ISO:27001 etc.
• High level of interpersonal skills and ability to work with Executive Level staff.
• Advanced oral and written skills for communicating on complex information governance and data protection matters.
• Report writing skills,
• Problem solving skills and ability to respond to sudden unexpected demands.
• Excellent time management skills with the ability to prioritise based on need.
• Ability to work to tight deadlines.
• Effective line manager with the ability to undertake regular 1-2-1s with staff, conduct appraisals and manage performance effectively and provide comprehensive documentation.

Desirable Qualifications and Skills

• Experience of working in a healthcare setting in a Lead Information Governance role.
• Experience operating in a rapidly scaling digital (health) environment with use of sensitive/ special category data
• Experience of managing and communicating with regulators including ICO
• Strong technical background with experience of Cyber security management.

Compensation

Competitive (plus £1,000 home-working allowance per annum)

Job Location

Home-based/various meeting locations as required.

Equal Opportunity Statement

Psychiatry-UK is an equal opportunity employer. We embrace diversity and are committed to creating an inclusive environment for all employees. We welcome applications from individuals of all backgrounds and strive to provide a fair and unbiased recruitment process.