Information Governance and Compliance Lead

The Opportunity

Shore Medical Group is seeking an experienced Information Governance & Compliance Lead to join our Heatherview Medical Centre in Poole, Dorset.

This role plays a vital part in safeguarding data integrity and ensuring our organisation meets National information governance standards. You will support compliance with the Data Protection Act, GDPR and the DSPT.

Some of the key elements of the role include working across and supporting various teams within the Business, co‑ordinating and monitoring audit completion, managing data breaches, writing and reviewing policies and delivering IG & compliance training.

37.5 per week. Monday to Friday 9.00am-5.00pm

• To support Information Governance (IG) within the organisation
• Develop and maintain the IG framework to ensure compliance with the NHS Data Security and Protection Toolkit (DSPT)
• Responsible for the completion and submission of the DSP Toolkit annually
• Ensure compliance with the UK GDPR, Data Protection Act 2018, Caldicott principles and NHS information governance standards
• Write, review and update IG policies considering legal regulations and NHS standards
• Design and deliver training to new and existing staff on data protection, confidentiality and records management to ensure compliance in line with our IG policies
• Support our medical records team with the completion and compliance around Subject Access Requests (SARs) and Freedom of Information (FOI) requests
• Conduct Data Protection Impact Assessments (DPIAs) for new systems or data flows
• Responsible for logging any CQC registration changes and compiling evidence log in preparation for any CQC inspections
• In conjunction with the senior management team, lead on the preparation for CQC inspections, internal audits and external reviews
• Oversee and manage data breach investigations by reporting to the relevant authorities such as on Data Toolkit or to the ICO
• Maintain the Information Asset Register and ensure Data Sharing Agreements are up to date
• Act as the primary point of contact with NHS Digital, regulators and partners regarding IG matters
• Work closely with the Clinical Governance Lead/Caldicott guardian to discuss any internal matters which may need review
• Attend and participate in Clinical Governance Meetings for any matters which may need Data Protection/GDPR considerations
• Responsible for creating, conducting and coordinating audits on our Practice Index platform
• Be the Freedom to Speak Up Guardian on behalf of the organisation
• Supporting the Patient Liaison Officer/Manager with the logging of feedback and complaints onto our in‑house complaints log
• Liaise with our cleaning contractor to ensure compliance with cleaning across our facilities, ensuring that we are in receipt of monthly audit reports and coordinating the display of the cleaning standards across our surgeries with our site supervisors

See the attached Job Description and Person Specification for full details

Shore Medical is a GP Super Partnership with 6 practices across Poole and Bournemouth. We aspire to offer exceptional care to our 58,000 patients and are innovative in our approach to developing new teams and pathways to ever improve how general practice is delivered. We have a friendly and supportive team of more than 200 staff, with over 40 GPs, Pharmacists, Paramedics, Nurses, Mental Health specialists and our range of administrative staff. We have a great social side to our team with Summer and Christmas parties, running and paddle boarding groups as well as many other events throughout the year.

The Practices in the Partnership are:

• Lilliput Surgery
• Poole Road Medical Centre
• Wessex Road Surgery
• Heatherview Medical Centre
• Fernside Surgery
• Parkstone Tower Practice

• Friendly and supportive working environment
• Parking on‑site at most of our practices
• Continuous Professional Development
• NHS Pension Scheme with Life Insurance
• Competitive holiday entitlement scheme
• Cycle to work scheme
• Access to NHS discounts

Date posted: 05 January 2026

Other

£17 an hour

Permanent

Full‑time

W0037-25-0012

Heatherview Medical Centre
Alder Road
Poole
Dorset
BH12 4AY

• Educated to Degree level or equivalent experience in information governance and compliance.
• Evidence of relevant training in data protection and information governance, including UK GDPR and the Data Protection Act 2018.

• Recognised IG qualification or equivalent (such as BCS/ISEB)
• Data Protection Officer (DPO) training or certification
• NHS specific training such as Data Security and Protection (DSP) Toolkit training

• Demonstrable experience of working in information governance, data protection, compliance or risk management
• Experience of applying legislation, national guidance and organisational policies within an operational setting
• Experience in managing data protection incidents/breaches or near misses and implementing learning outcomes
• Experience handling highly sensitive and confidential personal and clinical information
• Experience supporting with CQC inspections, responding to CQC enquiries or providing assurance evidence relating to information governance and compliance

• Experience working in NHS General Practice, PCNs or wider health organisations
• Experience in liaising or supporting a Data Protection Officer
• Experience in creating/coordinating and actively managing audits, compliance reviews across multiple sites or teams
• Experience delivering IG and Compliance training to new and existing staff

This post is subject to the Rehabilitation of Offenders Act (Exceptions Order) 1975 and as such it will be necessary for a submission for Disclosure to be made to the Disclosure and Barring Service (formerly known as CRB) to check for any previous criminal convictions.

Shore Medical PCN

Heatherview Medical Centre
Alder Road
Poole
Dorset
BH12 4AY

Employer's website: https://shoremedical.co.uk/ (Opens in a new tab)