The role.
Principal duties & responsibilities • To act as the University’s Data Protection Officer as defined under the UK General Data Protection Regulation (GDPR). • To lead on the development of the University’s approach to data protection, freedom of information, information governance and records management, keeping the University informed about changes in relevant legislation and making recommendations on best practice and the improvement of compliance. • To provide expert information and advice on the University’s obligations under data protection and freedom of information legislation, and on records management and information governance. • To monitor the University’s compliance with the Data Protection Act 2018, Freedom of Information Act (FOI) 2000 and other applicable law or regulation. To report on this and to escalate non- compliance as necessary. • To work with staff across the University to promote a culture of effective information governance which sustains high standards of compliance. • To review, develop, update and implement, in conjunction with other appropriate staff, data protection, information governance and records management policies, and the procedures and processes for ensuring purpose and compliant with relevant legislation. To monitor and report on policy and process compliance. • To analyse the University’s activities with personal data with a view to preventing non-compliance. compliance with these. To ensure policies and processes are fit for
• To be responsible for the maintenance of the University’s Freedom of Information Publication Scheme, ensuring its accurate and timely updating. • To develop and maintain appropriate guidance documentation for staff. • To devise, deliver and maintain guidance and staff development and training in data protection, GDPR, freedom of information and information governance, working with other colleagues as appropriate. • To ensure a contact point and contact details are clear and visible to individuals whose data is processed, and that individuals contacting the team receive timely, accurate and sensitive responses. • To maintain a thorough awareness of developments in higher education, data protection, freedom of information and information governance, liaising with other DPOs to share and learn from best practice. To provide timely advice to the University on the implications of new developments. • To represent the University externally as appropriate. • To be the first point of contact for the Information Commissioner’s Office. • To represent the Governance, Compliance and Risk team at University committees and working groups as requested by the Associate Director of Governance, Compliance and Risk to liaise internally and externally about the storage of records. • To take responsibility for their own personal development to contribute to the overall strategic direction of the Governance, Compliance and Risk team.
• To assess the risks of data processing activities and design policies and procedures accordingly. To provide advice to senior management, data controllers and processors about the risks of data processing activities. • To be responsible for the management of subject access and FOI requests in accordance with the applicable legislation. • To advise on Data Protection Impact Assessments (DPIAs) and monitor their completion and conclusions in accordance with legal/regulatory requirements to ensure that there are mechanisms for carrying out DPIAs which are robust and visible. • To record and investigate data breaches and information security incidents with the intention of preventing future reoccurrence and protecting individuals’ data and the organisation to ensure that records of data breaches and information security incidents are kept. • To ensure that information audits take place as necessary. To be responsible for the completion of audits and/or mapping of information, data, and processes and for reporting on these. • To ensure that records of the processing are kept by the University in accordance with GDPR Article 30. • To provide as required high quality information, data, and reports about the work and findings of the data protection and information governance team. • To establish, develop and maintain a records retention schedule for the University’s corporate records in line with relevant legislation and best practice. To monitor compliance with the records retention schedule and promote the use of best practice records management throughout the University.
Job Title
Data Protection & Information Governance Manager Associate Director of Governance, Compliance and Risk 8
Grade
Responsible to
Overall purpose • To lead the University’s data protection and information governance service and team. • To be the University’s lead on data protection, freedom of information, information governance and records management and in particular to advise on compliance in these areas. • To develop and implement the policies and procedures that ensure compliance.
Made with FlippingBook - Online Brochure Maker