Deputy Data Protection Officer (Infected Blood Compensation Authority)

The Infected Blood Compensation Authority (IBCA) is a recently established organisation which has been set up to pay compensation to those who have been infected and affected by the infected blood scandal. The IBCA Data Governance team sits within the wider Data Directorate, and is staffed by leads for Data Protection, Knowledge and Information Management (KIM), and Information Rights and Disclosure.

This post reports to the Data Protection strand, which will enable IBCA to process personal data while assuring compliance with data protection legislation, and is led by IBCA’s Data Protection Officer.

This is an ideal opportunity for a candidate with data protection experience, who is looking to apply, challenge and develop their skills.

Opportunities to move to the new Infected Blood Compensation Authority (IBCA). At the moment all IBCA roles are hosted by Cabinet Office within the Civil Service. However, once IBCA becomes operational, it is anticipated that most of these roles will transfer to IBCA, which is a new Arms Length Body (ALB) separate from the Cabinet Office. Roles that transfer to IBCA from Cabinet Office will maintain the same or substantially the same terms and conditions of employment that are overall no less favourable. It is anticipated that employees who move from Cabinet Office to IBCA will be able to continue to participate in the Civil Service Pension arrangements with no break in their pensionable service. Roles commencing after IBCA has become operational will be with IBCA itself on similar terms and conditions. All successful candidates will receive full details of the terms and conditions of employment for their role with their formal job offer.

Please note that the mission of IBCA means that it is likely to be operational for a period of approximately 5 to 7 years. When IBCA’s work begins to wind down, IBCA employees will receive support and practical guidance to find a new role, whether in the Civil Service, another Arms Length Body (ALB), or an external employer.

Successful candidates will be appointed as the Deputy DPO, working primarily within the Data Protection function.

As the Deputy DPO, you will support the Data Protection Officer to lead the data protection function within IBCA, as well as occasionally deputising in the performance of statutory data protection responsibilities.

The team functions will collaborate to provide effective data governance for IBCA, with an expectation that work will also flow between the strands as circumstances and business needs require.

This role requires you to be in either the Newcastle or Glasgow office at least 60% of your time, depending on which office you are based at.

Responsibilities

• Deputise for the Data Protection Officer in the performance of statutory functions, providing advice and guidance to the Data Governance team and across the organisation;
• Engage with operational teams and external stakeholders to deliver a data protection framework across the organisation and support its compliance with relevant legislation;
• Support the management of IBCAs data protection functions, including producing and maintaining clear, accessible, user-friendly procedures, processes, forms and guidance;
• Monitor compliance with the UK GDPR and other data protection laws, developing our data protection policies, processes and procedures, including managing internal data protection activities and conducting compliance reviews;
• Support statutory data protection requirements, including providing advice and assistance on data security incidents to support decision making decisions on breaches and whether to report them to the Information Commissioner’s Office (ICO);
• Participate in quality improvement activities and follow up actions of audit and investigation reports;
• Monitor and advise on the undertaking and completion of Data Protection Impact Assessments when new or alternative processing is proposed. Influence the development of systems and processes to adopt a privacy by design and default approach across the organisation to meet compliance with the strategic and organisational objectives;
• Supporting colleagues as required with compliance to organisational wide and statutory compliance regarding data protection legislation;
• Undertake reviews on behalf of the Data Protection Officer in respect of data protection concerns and to provide recommended actions;
• Analysing data gathered through audit controls and producing high quality reports;
• Develop data protection training programmes.

The post holder may also support other Data Governance leads with their responsibilities. These may include:

• Supporting with the implementation of DG policies;
• Creating effective communications on data governance matters;
• Monitoring performance against corporate and legal performance targets;
• Creating and maintaining collaborative tools to facilitate the sharing of knowledge;
• Being agile to business requirements, working across the different strands.

The post holder will work closely with the other Data Governance leads, particularly Knowledge and Information Management, to embed consistent, compliant information governance controls across the organisation, covering for example information asset ownership and retention.