Job Description
Job Title: Data Protection Officer
Service Area: Law and Governance
Division: Data Protection / Information Governance
Grade: MMB
Working Hours: 20 hours per week
Work Base: Civic Offices
Working Arrangement: Agile / Flexible Working
Reports To: Corporate Head of Law and Governance
Direct Reports: None
Indirect Reporting Responsibility: Information Governance Officer
The post holder will act as the Council’s Data Protection Officer and will be responsible for overseeing and promoting compliance with data protection legislation across the organisation.
The role will provide expert advice, guidance and assurance to elected Members, senior leaders, managers and officers on all matters relating to data protection, information governance and the lawful processing of personal information.
The post holder will support the development and delivery of the Council’s data protection and information governance framework, ensuring that personal data is handled fairly, lawfully, securely and transparently.
The post holder will act as the Council’s principal point of contact with the Information Commissioner’s Office (ICO) on data protection matters, including regulatory enquiries, breaches and compliance issues.
Key Responsibilities
Data Protection Advice and Compliance
- Provide expert advice and guidance to Council officers, elected Members and senior management on all aspects of data protection legislation.
- Advise services on the lawful collection, use, sharing, storage and disposal of personal data.
- Promote a strong culture of data protection compliance and good information governance practice across the Council.
- Provide advice on the implications of changes in data protection legislation, guidance and regulatory expectations.
- Ensure Council policies, procedures and documentation relating to data protection remain current and effective.
Data Protection Impact Assessments (DPIAs)
- Provide expert advice and support in the preparation, review and approval of Data Protection Impact Assessments.
- Maintain oversight of the Council’s DPIA process, including monitoring progress and identifying areas of risk.
- Advise project teams, programmes and services on privacy risks associated with new initiatives, systems and data processing activities.
Information Commissioner’s Office (ICO) Liaison
- Act as the Council’s primary contact point for the ICO on matters relating to data protection compliance.
- Cooperate with the ICO in relation to regulatory enquiries, investigations and consultations.
- Support the Council in responding appropriately to regulatory requirements and recommendations.
Data Breaches and Incidents
- Investigate personal data breaches and information governance incidents.
- Assess risks, identify causes and recommend improvements to policies, procedures and working practices.
- Report significant breaches, complaints and compliance issues to the Corporate Head of Law and Governance, Senior Information Risk Owner (SIRO), Corporate Leadership Team and senior management as appropriate.
- Maintain appropriate records of data protection incidents and actions taken.
Individual Rights and Data Protection Requests
- Provide advice and support in relation to individuals exercising their data protection rights.
- Review and advise on requests relating to access, rectification, restriction, erasure and other rights under data protection legislation.
- Ensure responses are legally compliant and that decisions are appropriately documented.
Auditing, Monitoring and Assurance
- Participate in data protection audits, reviews and compliance assessments across Council services.
- Identify areas of risk and provide recommendations for improvement.
- Monitor compliance with Council policies, procedures and legal requirements.
- Provide assurance reports on data protection matters to senior management.
Policies, Guidance and Training
- Draft, review and maintain data protection policies, procedures, guidance and supporting documentation.
- Develop and deliver staff training and awareness sessions on data protection responsibilities.
- Promote best practice in handling personal information across the Council.
Information Governance Leadership
- Lead and support the Council’s Information Governance Group.
- Ensure governance actions are clearly assigned, monitored and progressed.
- Support corporate projects and participate in relevant project groups where required.
- Work collaboratively with internal teams and external partners on information sharing arrangements and agreements.
Knowledge, Skills and Experience
The post holder will be expected to demonstrate:
Knowledge
- Strong knowledge and understanding of UK GDPR and the Data Protection Act 2018.
- Knowledge of information governance principles and regulatory requirements.
- Understanding of data protection risks within a public sector environment.
- Knowledge of DPIAs, data sharing arrangements, privacy notices and breach management processes.
Skills
- Ability to provide clear, practical and proportionate advice on complex data protection issues.
- Ability to interpret legislation and translate requirements into practical guidance.
- Strong written communication skills, including policy and report writing.
- Ability to investigate issues, identify risks and recommend solutions.
- Ability to influence and challenge colleagues at all levels of the organisation.
Experience
- Experience of working in a data protection, information governance, compliance, legal or regulatory environment.
- Experience of advising organisations on data protection obligations.
- Experience of managing or supporting data breaches, audits and compliance reviews.
- Experience of delivering training and awareness sessions.
Key Relationships
- Corporate Head of Law and Governance
- Senior Information Risk Owner (SIRO)
- Corporate Leadership Team
- Council officers and service managers
- Elected Members
- Information Governance colleagues
- IT and cyber security teams
- External partners and regulatory bodies
Role Summary
The Data Protection Officer provides independent specialist advice, assurance and oversight to ensure the Council complies with its legal obligations relating to personal data. The role supports a culture of responsible information handling and helps the Council manage data protection risks effectively.
#J-18808-Ljbffr…
