JOB DESCRIPTION. Data Protection Officer. Policy & Governance. Legal Services. The Burys, Godalming, Surrey, GU7 1HR.

Transcription

1 Waverley is an ambitious authority, committed to being one of the leading Councils in the country at a time of major change by developing a high performing, highly engaged staff team to share the organisation s values and deliver our corporate objectives. JOB DESCRIPTION Job title: Service: Team: Location: Reporting to: Responsible for: Data Protection Officer Policy & Governance Legal Services The Burys, Godalming, Surrey, GU7 1HR Deputy Borough Solicitor N/A OUR ORGANISATIONAL VALUES Openness Excellence Fairness In Waverley we value openness and honesty where communication is clear and constructive and actions are transparent. In Waverley we value excellence, working in a consistent and professional way to achieve the highest standards possible, taking the time to recognise and celebrate success. In Waverley we value fairness and respect, working with integrity to ensure that everyone is treated well and has equal access to the opportunities available. Team Work Taking Ownership In Waverley we value team work and collaboration, with approachable staff actively contributing to our shared corporate goals. In Waverley we value taking ownership, where everyone feels personally committed to issues at hand and is working towards a positive outcome. PRINCIPAL PURPOSE OF THE ROLE To provide direction, support and advice to the Council, its senior management team and all teams across the Council s services in relation to their data protection obligations. To take the lead role in the management and implementation of data protection compliance. 1 P a g e

2 MAIN DUTIES AND ACCOUNTABILITIES To take the lead in providing expert data protection advice to Council officers and Councillors relating to all aspects of data protection. To provide expert advice where requested regarding data protection impact assessments and monitor their performance. To cooperate with the Information Commissioner s Office in all matters relating to information governance; and to investigate regulatory complaints in accordance with relevant regulatory requirements. To act as the principal contact point for the Information Commissioner s Office on issues relating to data processing, including the prior consultation, and to consult, where appropriate, with regard to any other matter relating to information governance. To promote data protection compliance and best practice by setting and maintaining standards and procedures, ensuring the Council s data protection policies are up-to-date and disseminate any changes in relevant legislation to key members of staff. To advise on all elements of collecting and processing personal data and on the requirements and implications of data protection legislation. To provide expert advice to the Council and where appropriate draft privacy notices, fair processing notices and any other data protection documentation in order to ensure that individuals are aware of our intentions to process their data and ensuring that the Council is processing personal data in a fair and lawful manner in line with the individuals rights. To investigate and report on any processing, blocking, erasure, destruction and the right to be forgotten notices issued by individuals in accordance with relevant legislation, ensuring that the purposes of the processing are compatible with the conditions for processing in accordance with that legislation and to respond to individuals accordingly. To undertake and manage data protection audits and reviews across all Council services that are processing personal data in order to ensure that the Council is compliant with relevant legislation. To investigate breaches and incidents of data protection, establishing any potential weaknesses in Council policies and inform the Information Governance Board accordingly. Formally report all compliance issues relating to information governance, including any complaints and breaches of the legislative framework to the Borough Solicitor (Senior Information Risk Owner) and senior management. To provide advice and assist with all data protection queries relating to projects, programmes and data sharing initiatives. The Data Protection Officer is a protected role within the Council. The Data Protection Officer will be required to report on data protection matters to the highest management level within the Council. Business Continuity Play a pivotal role in business continuity planning and should the need arise assist in ensuring business recovery of key service provision in a 24 hour window. Health and Safety Comply with all Health and safety legislation for your area of work, ensuring that risks are identified, managed and monitored as required. 2 P a g e

3 DIMENSIONS OF THE ROLE To deal with internal data protection queries from colleagues across the Council (Up to 200 per year). To support the Information Rights Coordinator with responding to all Subject Access and Data Protection Act requests (Up to 50 per year). To support corporate projects across the Council, and to be an active member of associated project groups where required. To liaise with the Information Commissioner s Office regarding any reportable data breach within the Council. To develop and provide a staff data protection training (in conjunction with the Training & Development Officer) at appropriate intervals during each year. AREAS OF ACCOUNTABILITY/PROBLEM SOLVING DECISION MAKING / SCOPE FOR IMPACT The postholder will be the Council officer responsible for overseeing data protection within the Council. The postholder will be key to moving forward the Council s data protection and information governance agenda. The postholder will advise senior management regarding data breaches and will be responsible for liaising directly with the Information Commissioner s Office in respect of such issues. The postholder will work within the scope of applicable data protection legislation, and without waiting to be instructed as to what action(s) to take. PLANNING/ORGANISING/CONTROLLING The postholder will be in a position to advise and influence officers at all levels of the organisation. The postholder will be in a position to collect and collate large quantities of complex information on a daily basis in order to make key decisions. CUSTOMERS AND CONTACTS INTERNAL Chief Executive; Strategic Directors; Heads of Services; Borough Solicitor (and Senior Information Risk Owner) and Deputy Borough Solicitor; Service managers and officers across the organisation; Elected Councillors EXTERNAL Information Commissioner s Office; Information Tribunal; Members of the public; Officers of other local authorities and public sector organisations. SERVICE/TEAM STRUCTURE SEE STRUCTURE CHART ON FOLLOWING PAGE 3 P a g e

4 LEGAL SERVICES TEAM STRUCTURE Borough Solicitor Deputy Borough Solicitor Property (P/T) Projects and Regenera tion Litigation, Licensing & Regulatory Planning (P/T) Planning Legal Executive (P/T) Legal Business Manager Information Rights Coordinator Data Protection Officer Local Land Charges Administrator Legal Services Apprentice Legal Services & Local Land Charges Administrator (P/T) 4 P a g e P/T = Part-Time Local Land Charges Administrator

5 PERSON SPECIFICATION Candidates must be able to demonstrate, giving examples, all essential criteria marked as A, or within their application form to be shortlisted for this role. PERSON SPECIFICATION ESSENTIAL CRITERIA HOW ASSESSED DESIRABLE CRITERIA HOW ASSESSE D QUALIFICATIONS/ EDUCATION / TRAINING / EXPERIENCE Educated to A-Level (or equivalent) Data Protection Qualification Educated to Degreelevel (or equivalent) KNOWLEDGE /TECHNICAL SKILLS Expert working knowledge of Data Protection and Freedom of Information in an operational environment Strong knowledge of the General Data Protection Regulation Experience of advising staff on Data Protection requirements Experience of developing and delivering staff training Expert working knowledge of the General Data Protection Regulation Experience of undertaking Data Protection Impact Assessments Awareness of Safeguarding COMMUNICATION Ability to advise officers at all levels of an organisation, including senior officers Strong interpersonal skills with an ability to influence others Able to understand and summarise complex information for a nonspecialist audience Experience of communicating and liaising with external organisations CUSTOMER SERVICE Able to provide a polite and professional service to a wide range of internal and external 5 P a g e

6 contacts Understanding of and commitment to promoting equality and diversity in service delivery and employment. I TEAM WORKING Willing to participate fully as a team member of the Legal Services team. MANAGING SELF AND OTHERS Effective organisational and administrative skills, with an ability to plan and manage their own workload Ability to prioritise and focus on a range of activities CAN DO APPROACH / ACHIEVING RESULTS Ability to demonstrate a positive, personable, flexible and supportive approach to their duties SPECIAL REQUIREMENTS For business continuity purposes you are required to have access to the internet at home via broadband on a PC, laptop or tablet. item Competent with using spreadsheets and databases A Full and valid driver s licence How assessed A = Application CV/Personal Statement C = Certificates/professional Registration D = DBS police check E = Exercise I = Interview M = Medical assessment Basic Disclosure Clearance- Government Requirement for Accessing Council and Government Data To comply with the Public Sector Networks (PSN) Code of Connection, Waverley Borough Council, like other public organisations, need to undertake basic disclosure checks for unspent convictions only, in respect of those staff who will access our IT systems. 6 P a g e

7 For Official Use only Job title: Data Protection Officer Post no: AG18 Service: Policy & Governance JE score: 342 Team: Legal Services Pay band: 6 Location: The Burys Position type: Full-time Godalming, (if part time, working 37 Hours/ Five day week Competencies: (level 1 4) REVIEWED BY: CHECKED IN: LAST UPDATED: Surrey GU7 1HR pattern) Communication: 3 Customer Service: 2 Team Working: 2 Managing Self and Others: 2 Can do approach/results 2 Robin Taylor Employee Services this? January 2018 DATE: DATE: DATE: Jan 2018 Jan P a g e