Data Protection Officer
JOB AIM AND PURPOSE (What is the job trying to do?)
The post holder will be the Council Officer responsible for overseeing data protection compliance within the Council.
The post holder will be key to moving forward the Council’s data protection and information governance agenda.
The post holder will report to senior management on data breaches and will be the point of contact for the Information Commissioner’s Office in respect of such issues.
4. MAIN OBJECTIVES
To provide direction, support and advice to the Council, its senior management team and all teams across the Council’s services in relation to their data protection obligations.
To provide leadership across the council on data protection compliance.
5. MAIN DUTIES AND RESPONSILBITIES OF THE POST
To take the lead in providing expert data protection advice to Council officers and Councillors relating to all aspects of data protection.
To provide expert advice and input where requested regarding the drafting and sign off of data protection impact assessment.
To have oversight of the progress and status of DPIAs prepared by the council.
To cooperate with the Information Commissioner’s Office in all matters relating to information governance; and to investigate regulatory complaints in accordance with relevant regulatory requirements.
To act as the principal contact point for the Information Commissioner’s Office on issues relating to data processing, including the prior consultation, and to consult, where appropriate, with regard to any other matter relating to information governance.
To promote data protection compliance and best practice by setting and maintaining standards and procedures, ensuring the Council’s data protection policies are up-to-date and disseminate any changes in relevant legislation to key members of staff.
To advise on all elements of collecting and processing personal data and on the requirements and implications of data protection legislation.
To provide expert advice to the Council and where appropriate draft privacy notices, and any other data protection documentation in order to ensure that individuals are aware of our intentions to process their data and ensuring that the Council is processing personal data in a fair and lawful manner in line with the individual’s rights.
To investigate and report on any processing, blocking, erasure, destruction and the right to be forgotten notices issued by individuals in accordance with relevant legislation, ensuring that the purposes of the processing are compatible with the conditions for processing in accordance with that legislation and to respond to individuals accordingly.
To participate in data protection audits and reviews across all Council services that are processing personal data in order to ensure that the Council is compliant with relevant legislation.
To investigate breaches and incidents of data protection, establishing any potential weaknesses in Council policies and inform the Corporate Leadership Team accordingly. Formally report all compliance issues relating to information governance, including any complaints and breaches of the legislative framework to the Corporate Head of Law and Governance (SIRO) and senior management.
To provide advice and assist with all data protection queries relating to projects, programmes and data sharing initiatives.