About the Role
Job Purpose
This role will play a critical part in
delivery of the Information Governance agenda for AFG, developing the framework
and systems to manage information and deliver compliance with Data Protection
legislation.
The role holder will be the Champion for
Information Governance within the organisation, providing advice and guidance
in relation to data protection and security.
Dimensions
This post has no direct reports, however,
will coordinate, monitor and guide the activities of other stakeholders or
colleagues as part of the records management, data protection and data security
processes.
Key
Accountabilities and Responsibilities
Compliance
·
Manage and co-ordinate subject access requests received
from internal and external sources within the relevant timescales.
·
Investigate and respond to data protection complaints and
data breaches, and where necessary prepare information for reporting breaches
to the Information Commissioner’s Office.
·
Actively promote the importance of proactive reporting of
data breaches within the business, to ensure that all breaches are being
appropriately recorded and acted upon.
·
Investigate the root causes of data breaches and then
work with the business to prevent recurrence of the same issues.
·
Provide expert advice and support to all colleagues on
records management, data protection and privacy matters.
·
Work with the Senior Leadership Team to actively promote
and support completion of Data Protection Impact Assessments.
·
Manage and oversee the DPIA tracking processes.
·
Collaborate with key stakeholders in the organisation to
maintain the Register of Processing Activity.
·
Actively monitor the regulatory environment and ensure
that any changes to legislation, case law, official guidance, decision notices
that may impact upon local practice and procedures, are understood and
appropriate changes implemented to AFG’s policies and processes.
·
Continually researching and reviewing best practice,
driving AFG’s systems and processes to be contemporary and responsive to the
Information Governance environment.
·
Build and develop effective relationships with key
individuals across the organisation in order to understand the detail of all
data processing activities.
·
Co-ordinate Information Governance, Data Protection and
Security Group.
·
Work closely with the Senior Leadership Team to identify
areas of risk and gaps in compliance with information governance standards.
·
Co-ordinate the submission of the annual Data Protection
and Security Toolkit.
·
Maintain centralised records of advice provided, data
subjects rights exercised and data breach incidents to support the
organisation’s accountability records.
·
Create and maintain centralised records of data sharing
agreements and schedule reviews as necessary with the contract leads.
Records Management
· Develop and
oversee systems of records management for paper records across AFG services and
departments.
· Monitor the
performance of the outsourced records storage provider, providing regular
reporting on records held on and off AFG sites.
· Lead and
direct the annual destruction of paper records held in the outsourced off-site
records store.
· Lead and
direct the annual activity to assess paper records for retention and inclusion
in the off-site records store.
· Develop and
manage systems in collaboration with IT colleagues to manage digital records,
ensuring retention and timely destruction in line with data protection
legislation.
Training and Communication
· Be the
Champion of data protection, records management and data security for the
organisation.
· Design and
support the delivery of information governance training programmes for all
staff.
· Raise
awareness of the information governance agenda through ongoing campaigns.
· To
undertake an ongoing evaluation of the effectiveness and understanding of the
information governance policy and processes, developing appropriate
documentation, procedural manuals and resource material.
Information
Security
- Evaluation of data security controls such as processes
for leavers and user access control systems
- Assist the Digital Steering Group with advice around
practice and new systems
Person
Specification - Essential Requirements
Please only
apply if you meet the below requirements:
Skills and
Knowledge
- Strong working knowledge of the Data Protection Act
2018 and UK GDPR and Caldicott principles.
- Knowledge of the Data Protection and Security Toolkit
or previous Information governance Toolkit.
- Very high level of attention to detail.
- Ability to manage own time effectively is essential as
well as an ability to maintain a calm approach whilst managing multiple
tasks in order to effectively prioritise your workload.
- Excellent communicator and team player, building
strong working relationships with colleagues and external local authority
contacts.
- Strong presentation and report writing skills are
critical for this role.
Experience
- Prior experience of working in an Information
Governance Role.
- Experience of developing and implementing procedures
related to Information Governance.
Qualifications
and Training
- Proficient in the Use of Office365 applications
(Particularly Word, PowerPoint & Excel
- Educated to NVQ Level 4 or equivalent