Deputy Data Protection Officer (Infected Blood Compensation Authority)

The Infected Blood Compensation Authority (IBCA) is a recently established organisation set up to pay compensation to those infected and affected by the infected blood scandal. The IBCA Data Governance team is part of the wider Data Directorate, staffed by leads for Data Protection, Knowledge and Information Management (KIM), and Information Rights and Disclosure.

This position reports to the Data Protection strand, enabling IBCA to process personal data while ensuring compliance with data protection legislation, under the leadership of IBCA’s Data Protection Officer.

This is an excellent opportunity for a candidate with data protection experience who wants to apply, challenge, and develop their skills.

Opportunities to transfer to the new Infected Blood Compensation Authority (IBCA): Currently, all IBCA roles are hosted by the Cabinet Office within the Civil Service. Once IBCA becomes operational, most roles are expected to transfer to IBCA, a new Arms Length Body (ALB) separate from the Cabinet Office. Transferred roles will maintain similar terms and conditions of employment, which are overall no less favourable. Employees transferring will likely continue participating in Civil Service Pension arrangements without a break in pensionable service. Roles starting after IBCA becomes operational will be with IBCA on similar terms. Full details will be provided with the formal job offer.

IBCA is expected to be operational for approximately 5 to 7 years. When its work winds down, employees will receive support and guidance to find new roles within the Civil Service, other ALBs, or externally.

Successful candidates will be appointed as Deputy DPO, primarily supporting the Data Protection function.

As Deputy DPO, you will assist the Data Protection Officer in leading the data protection function and may deputise for statutory responsibilities.

The team will collaborate to provide effective data governance, with work flowing between strands as needed.

This role requires presence in either the Newcastle or Glasgow office at least 60% of the time, depending on your base.

Responsibilities

• Deputise for the Data Protection Officer in statutory functions, providing advice and guidance;
• Engage with operational teams and external stakeholders to implement a data protection framework and ensure compliance;
• Manage data protection functions, including developing procedures, processes, forms, and guidance;
• Monitor compliance with UK GDPR and other laws, and develop policies and procedures;
• Support statutory requirements, advising on data security incidents and breach reporting;
• Participate in quality improvement activities and follow-up on audit and investigation reports;
• Oversee Data Protection Impact Assessments and promote privacy by design and default;
• Support compliance across the organisation regarding data protection legislation;
• Review data protection concerns and recommend actions;
• Analyze audit data and produce reports;
• Develop data protection training programs.

The post holder may also support other Data Governance leads with tasks such as:

• Implementing DG policies;
• Creating communications on data governance;
• Monitoring performance against targets;
• Maintaining knowledge-sharing tools;
• Adapting to business needs across strands.

The post involves close collaboration with other Data Governance leads, especially Knowledge and Information Management, to embed consistent, compliant information governance controls, including information asset ownership and retention.