Reports to: Executive Director, Legal and Governance

Direct Reports: Deputy Information Governance Manager, Records Manager

Job Purpose:

The GDC’s use of information is central to the quality of the service we give to people, perceptions of that service, the protection we provide the public, and our ability to influence stakeholders and public policy.

This role manages a small team to deliver information services across the organisation. Working closely with the SIRO (the Executive Director, Legal and Governance), and key staff across the GDC, this role supports the delivery of information advice, responses to information requests, the completion of privacy impact assessments and projects to build and maintain compliance with statutory information governance responsibilities.

This post delivers the responsibilities of the Data Protection Officer role, as required by the UK General Data Protection Regulation (UK GDPR).

Areas of Responsibility:

  • Develop, maintain, and review the GDC’s Information Governance framework, corporate strategy, risk register, policies, procedures, and compliance audits to support information governance and effective use of information, in line with legal requirements, including the UK GDPR
  • Work with the Information Team to develop and deliver relevant staff training programs to ensure adherence to agreed processes and policies
  • Manage the GDC’s data security incident reporting, analysing the cause of the incident and recommending remedial action as required
  • Manage the relationship with the Information Commissioner’s Office in respect of complaints and reported incidents
  • Provide quarterly reports on the GDC’s information governance and compliance work to EMT and the Audit and Risk Committee
  • Escalate issues of non-compliance with legal requirements or data security incidents to the SIRO, Executive Management Team and Council as required
  • Advise the organisation, including EMT and Council in respect of Data Protection Impact Assessments, ensuring that where advice is not followed, the reasons for not doing so are recorded
  • Lead the GDC’s Information Governance Group in the development and maintenance of the information governance framework
  • Oversee all responses to all statutory requests for information under the Data Protection Act 2018 and Freedom of Information Act 2000 and internal reviews
  • Oversee work to improve the GDC’s life cycle management of records
  • Consider and respond to data subject rights complaints made to the Data Protection Officer
  • Support the GDC’s annual NHS Toolkit assessment and lead work in response to recommendations
  • Work closely with IT and the business to deliver effective and secure policies and processes to manage personal data
  • Support the design and implementation of the GDC’s data strategy

This site uses cookies, click here to read our privacy policy. I Understand