Primary Care Information Governance Lead

Job summary

Are you an experienced Information Governance professional looking to make a difference in primary care? Innovate Healthcare Services is seeking a Primary Care Information Governance Lead to provide expert IG advice, act as Deputy Data Protection Officer, and support GP practices across Coventry, Warwickshire, Herefordshire and Worcestershire.

In this senior role, you will lead our primary care IG support service, manage complex IG matters, supervise the IG Officer function, and build strong relationships with GP practices, PCNs, ICBs and other key stakeholders to ensure high-quality, compliant and effective service delivery.

Main duties of the job

To lead the delivery, development and assurance of Innovate Healthcare Services Ltd's specialist primary care Information Governance (IG) support service, acting as the Deputy Data Protection Officer (Deputy DPO) for the primary care service and supporting the appointed Data Protection Officer (DPO) function for GP practices.

The post holder will provide senior expert IG advice, professional leadership and service oversight across Coventry &Warwickshire and Herefordshire & Worcestershire, ensuring that the service remains advisory, proportionate, virtual-first, deliverable within agreed capacity and aligned to the agreed service specification.

The role will lead the operational model, supervise the IG Officer role, manage escalations, provide senior Deputy DPO input under the oversight of the Data Protection Officer and Strategic IG Lead, maintain effective relationships with the Integrated Care Board (ICB), GP practices, Primary Care Networks (PCNs), Local Medical Committees (LMCs) and other stakeholders, and support other IG initiatives and services as required.

About us

As a growing company, Innovate has a range of benefits and opportunities to enable individuals to grow and experience a range of new challenges. Innovate has a commitment to develop staff and provide a supportive work life balance.

At Innovate, we are committed to encouraging equality, diversity and inclusion among our workforce, and eliminating unlawful discrimination. We recognise the benefits of transferable skills and a desire to learn. We encourage anyone who is interested in this role to get in touch, even if you do not meet all stated criteria.

Company Benefits

  • Employee Assistance Programme
  • Vivup staff benefits platform
  • Enhanced maternity pay
  • Generous annual leave package
  • Flexible working
  • Access to staff networks
  • Volunteer leave
  • Long service recognition scheme
  • Buy and sell annual leave option

Please note, we may close this vacancy earlier than the stated closing date if we receive a high number of applications.

Job description

Job responsibilities

Service leadership and management

Lead the day-to-day delivery of the primary care IG support service, ensuring the service operates within the agreed scope, exclusions, Key Performance Indicators (KPIs), reporting requirements and monthly capacity assumptions.

Provide line management, professional supervision, coaching and development support to the IG Officer role and any other staff allocated to the service.

Maintain the service operating model, including intake, triage, prioritisation, escalation, case tracking, documentation standards and reporting arrangements.

Monitor service demand, capacity, risks, out-of-scope requests and recurring themes, escalating concerns to Innovate leadership and the ICB where the service model, scope or funding may need review.

Deputy DPO function and senior IG advice

Act as the Deputy DPO for this service, supporting the Data Protection Officer and Strategic IG Lead in the delivery of the appointed DPO function for participating practices, including advice, monitoring, challenge, escalation and contact point arrangements for individuals and the Information Commissioner's Office (ICO), where required by law and contract arrangements.

Provide highly complex and strategic advice on UK General Data Protection Regulation (UK GDPR), Data Protection Act 2018, common law confidentiality, NHS IG requirements, information rights, transparency, retention, records management, information sharing and data protection by design and default.

Maintain clear operational boundaries, ensuring practices understand that they remain controllers and retain responsibility for local decisions, implementation, statutory compliance and approval of documentation unless otherwise agreed.

Ensure that Deputy DPO advice is objective, risk-based and appropriately documented, including any instances where risks, recommendations or unresolved issues require escalation to the Data Protection Officer and Strategic IG Lead.

Breach, DPIA, data sharing and supplier assurance oversight

Oversee significant or complex personal data breaches and IG incidents, including risk assessment, containment advice, reporting recommendations, data subject notification advice, lessons learned and escalation to senior stakeholders.

Provide senior review and challenge for Data Protection Impact Assessments (DPIAs), particularly where processing is high-risk, novel, system-wide, linked to digital transformation, Population Health Management (PHM), shared care records, artificial intelligence or data linkage.

Provide senior advice on Data Sharing Agreements (DSAs), Data Processing Agreements (DPAs), joint controller arrangements, lawful basis, Article 9 UK GDPR conditions, common law confidentiality and information sharing risks.

Provide senior IG oversight of supplier assurance, procurement documentation, data processing clauses, hosting, sub-processors, international transfers and Digital Technology Assessment Criteria (DTAC)-style responses where relevant.

DSPT, templates, training and assurance

Oversee DSPT/toolkit advisory support, ensuring practices receive proportionate evidence guidance, improvement advice and thematic feedback while remaining responsible for their own completion and submission.

Lead the development, maintenance and quality assurance of template policies, procedures, DPIA tools, DSA templates, privacy notice wording, breach guidance, retention guidance and other IG resources for local adaptation by practices.

Plan and deliver agreed system-wide or Primary Care Network (PCN) / protected learning time (PLT) training and awareness sessions, ensuring topics reflect demand, risk and common themes.

Reporting, stakeholder engagement and wider IG contribution

Prepare and present regular service reports for the ICB and Innovate leadership, covering demand, case mix, response performance, risk themes, breaches, DPIAs, DSAs, supplier assurance, toolkit support, training and out-of-scope demand.

Develop and maintain effective relationships with ICB leads, practices, PCNs, LMCs, Caldicott Guardians, Senior Information Risk Owners (SIROs), practice leadership, legal advisers, cyber security colleagues and other relevant stakeholders.

Support the ICB and practices in identifying common IG themes, risks and areas requiring system-wide action, guidance or assurance.

Contribute to wider Innovate IG initiatives and services as required, providing senior expertise, leadership, mentoring and service development support.

Person Specification

Qualifications

Essential
  • Practitioner-level or DPO qualification, such as BCS Practitioner Certificate in Data Protection, PDP Practitioner Certificate in Data Protection, CIPP/E, Certified Data Protection Officer or equivalent.

What we are looking for in our people

Essential
  • Expert working knowledge of UK GDPR, Data Protection Act 2018, common law confidentiality, NHS IG requirements, records management, information rights, data sharing and data protection by design and default.
  • Ability to lead a service, manage demand, set priorities, monitor KPIs, develop processes and pro-vide clear reporting to senior stakeholders or customers.
  • Strong leadership, coaching and people management skills, including the ability to support and de-velop staff.
  • Excellent written and verbal communication skills, with the ability to explain complex legal, regula-tory and technical issues in clear, practical language.
  • Strong stakeholder engagement and influencing skills, including the ability to work constructively with ICB colleagues, GP practices, clinical leaders, operational managers, suppliers and external partners.
  • Ability to identify, assess and escalate IG risks, maintain professional boundaries and balance legal compliance, patient care, operational delivery and commercial considerations.
  • Relevant data protection, IG, information security, records management, legal, audit or risk qualification, or equivalent specialist experience.
Desirable
  • Knowledge of Caldicott principles, DSPT, Cyber Assessment Framework (CAF), Digital Technology Assessment Criteria (DTAC), clinical safety, shared care records, Population Health Management (PHM) or artificial intelligence governance.

Experience

Essential
  • Significant experience in IG, data protection, privacy, records management, information risk, NHS compliance or a closely related discipline, including experience of advising on complex or high-risk matters.
  • Experience of working with primary care, GP practices, ICBs, Commissioning Support Units (CSUs), Local Medical Committees (LMCs), NHS Trusts, wider health and care systems or with Consultancy.
  • Experience providing DPO-level, deputy DPO or senior IG advice, or equivalent specialist assurance, including the ability to act independently, objectively and with appropriate professional challenge.
  • Experience overseeing personal data breaches, DPIAs, DSAs, supplier assurance, information rights issues, transparency, retention and regulatory escalation.
Desirable
  • Experience establishing, leading or improving an advisory, consultancy, shared service, deputy DPO, DPO-as-a-service or customer-facing IG support model.
  • Experience managing contract performance, commercial service boundaries, activity caps or service improvement plans.
  • Experience developing training programmes, template packs, audit approaches, assurance reports, dashboards or Power BI / Monday.com reporting.

Employer details

Employer name

Innovate Healthcare Services

Address

Warwick Hospital

Lakin Road

Warwick

Warwickshire

CV34 5BW

United Kingdom

Employer's website

https://www.innovatehs.co.uk/



Job Details

Company
Innovate Healthcare Services
Location
Warwick, CV34 5BW, United Kingdom
Salary
Negotiable
Posted