Data Protection Officer (Infected Blood Compensation Authority)

The Infected Blood Compensation Authority is seeking a Data Protection Officer to ensure compliance with data protection legislation in processing personal data. IBCA is responsible for paying compensation to eligible applicants, including those infected and affected by the infected blood scandal. The role involves processing a variety of evidence, including medical records and health data, and managing information flows with other government departments and relevant bodies. As a newly established department, IBCA requires data protection assurance as its operations develop. This is a unique opportunity to shape and implement a data protection function that supports a mission-focused team.

Opportunities to move to IBCA

Currently, all IBCA roles are hosted by the Cabinet Office within the Civil Service. Once IBCA becomes operational, most roles are expected to transfer to IBCA, a new Arms Length Body (ALB) separate from the Cabinet Office. Transferring roles will maintain similar terms and conditions of employment, with continued participation in Civil Service Pension arrangements and no break in pensionable service. Roles starting after IBCA's operational launch will be with IBCA on comparable terms. Successful candidates will receive full details of employment terms with their job offer.

IBCA’s mission suggests it will be operational for approximately 5 to 7 years. When its work winds down, employees will receive support and guidance to find new roles within the Civil Service, other ALBs, or externally.

The Data Protection Officer will report to the Head of Data Governance and will work alongside other Data Governance workstreams: Knowledge and Information Management, Information Rights and Disclosure, and Data Acquisition and Quality. The post-holder will serve as the Authority’s statutory DPO.

The role is dynamic and fast-paced, aimed at ensuring IBCA delivers a service underpinned by trustworthy data. It includes line management responsibility for one staff member supporting the DPO’s duties.

Main Responsibilities

The successful candidate will:

• Engage with operational teams and external stakeholders to establish a data protection framework and support compliance with legislation.
• Develop IBCA’s data protection strategy and policies.
• Lead assurance of Data Protection Impact Assessments for new or alternative processing activities, influencing system and process development with a privacy by design and default approach.
• Ensure compliance with UK GDPR and other data protection laws, managing policies, processes, and internal activities, including compliance reviews.
• Provide advice on data security incidents, support breach decision-making, and liaise with the ICO as needed.
• Advise on the lawfulness of using IBCA’s statutory powers.
• Ensure compliance with policies, processes, and digital tools related to data protection.
• Determine lawful bases for processing and data controllership.
• Champion privacy issues related to IBCA’s use of personal data.
• Create and support data protection products and procedures.
• Manage IBCA’s data protection functions, producing accessible procedures, forms, and guidance.
• Develop and deliver data protection training programs.
• Address other relevant data protection issues as required.

The post holder will collaborate closely with other Data Governance leads, especially Knowledge and Information Management, to embed consistent, compliant information governance controls across IBCA, including information asset ownership and retention.