Data Protection Officer

Transcription

1 Data Protection Officer External Vacancy Post Ref: Part Time. 15 hours per week. Permanent. 29, to 31, per annum, pro rata. Attractive benefits for this post include 35 days holiday per year plus bank holidays (prorata) and the opportunity to join the Local Government Pension Scheme. Do you have a background in data protection and a commitment to continuous improvement? Want to support the success of an award winning College? If so, read on. The role requires someone who can provide expert advice, guidance, and information to the organisation regarding their legal obligations. We are looking for an engaging communicator who can influence senior stakeholders and see their role make a difference at every level of the College. The selected candidate will provide independent expert guidance in support of the Colleges statutory information law obligations, specifically the Freedom of Information and Data Protection Acts. Report to the Deputy Chief Executive on matters of information law governance. Applicants should be able to demonstrate, in their personal statement, practical examples of how they fulfil the person specification. Due to the nature of this post you will be required to undertake an Enhanced Disclosure Check. To find out more about this great opportunity visit alternatively vacancies@sunderlandcollege.ac.uk or call to request an application pack. All applications must be received by 5:00pm on Friday 06 July 2018 It is anticipated that interviews will take place during the week commencing We are working towards equal opportunities and welcome applications from all sections of the community. We are committed to PREVENT and safeguarding the welfare of children and vulnerable adults.

2 Job Description (This is a description of the job as it is as present constituted. It may be necessary, from time to time, to update job descriptions to ensure that they relate to the job as then being performed. Therefore, management reserve the right to make changes to your job description, commensurate with your grade/level in the organisation, after consultation with you). Post title Reports to Data Protection Officer Deputy Principal and Deputy Chief Executive, Curriculum & Quality. Grade Contract Permanent 0.4 FTE, 15 hours per week Location Any College Campus ROLE PURPOSE Provide expert advice, guidance, and information to the organisation and those processing its data, regarding their legal obligations. Act in an independent manner so as not to compromise or prejudice the organisation and to ensure that any other tasks and duties carried out by the DPO do not result in a conflict of interests. To ensure systems and controls are in place to enable Sunderland College, including its managers and employees, to be compliant with the General Data Protection Regulations alongside any other existing UK Data Protection Law. KEY ACCOUNTABILITIES 1. Monitoring data protection compliance with privacy rights, data protection law (including General Data Protection Regulations) and internal data protection policies, ensuring that compliance checking activities are undertaken regularly. a. Be involved routinely and in a timely manner in all issues which relate to the protection of personal data b. Operate and report at a senior level, ensuring data protection and privacy is well embedded into college activities at both strategic and operational levels. c. Regularly review the organisation s data processing operations and the accessibility of personal data; d. Monitor compliance with the GDPR and with other UK data protection provisions. e. Ensure that the organisation has an adequate policy framework which is aligned to the requirements set out in the law and best practice guidance;

3 f. Have due regard to the risk associated with processing operations while in the performance of his/her duties, taking into account the nature, scope, context and purposes of processing. g. Ensure that the organisation has an appropriate compliance checking policy and procedures which provide test the effectiveness of information security controls including but not limited to technical, organisational, physical, and logical measures. h. Create or oversee the creation of a compliance checking schedule, to ensure that sufficient resources are set against compliance checking activities and that corrective or preventive actions are implemented in a timely manner. i. Ensure that sufficient resources are acquired and deployed as are necessary to carry out the responsibilities of the organisation with regards to data protection and privacy. 2. Reporting to the Senior Leadership Team and Audit Committee. Bi annually, regarding the organisation s compliance with Data Protection Policy and Procedures. 3. Responsible for the training and awareness-raising with the College on the subject of data protection, a. Ensure that your own professional development needs are attended to and that you continue to be aware of developments in relevant legal fields, relevant law, legal issues, cases and interpretations. 4. Offering advice and actively supporting the process of Privacy Impact Assessments, ensuring privacy by design is embedded into all college developments and reported regularly to the Resources and Infrastructure Committee. a. Create or ensure the creation of a PIA procedure and to ensure sufficient training, guidance and templates are provided to facilitate the efficient and effective use of privacy impact assessments in the organisation and which in turn foster a culture of privacy by design as default. b. Provide advice where requested regarding PIAs and to monitor the effectiveness of PIAs; c. Ensure that any high-risk processing identified by a PIA is discussed with the Regulator as required by Article 36 of the GDPR. d. Advise the relevant senior level committee on appropriateness and robustness of all Privacy Impact Assessments undertaken. Support lead persons with PIAs during systems renewal, replacement of development. 5. Monitoring and providing guidance as necessary in relation to data security breaches including the notification of breaches to the supervisory authority, data subjects, the marketing team, and any other relevant organisation a. Ensure the college has robust prevention of breech built into its systems. b. Develop and implement procedures for breach risk assessment in order to quantify a risk level for any potential breach, which will aid decision making about level of reporting. c. Ensure that the data subjects are informed about their rights under the GDPR with regard to all issues related to processing of their personal data. d. Ensure that the exercise of rights by data subjects is appropriately acted upon in a timely manner. 6. Maintaining appropriate records to enable the organisation to be able to demonstrate compliance with the law.

4 a. Create inventories and registers of processing activities, operations and elements which are capable of demonstrating that the organisation is compliant with relevant legislation, regulations, good practice notes, internal policies etc. b. Ensure comprehensive data protection procedures are available to and understood by all college staff. c. Inform, advise and issue recommendations to the controller or the processor. 7. Cooperating and liaising with the supervisory authority for Data Protection as the main point of contact. 8. Ensure the college is authorised to process personal data by making the correct registration / fee payment to the supervisory authority. GENERAL RESPONSIBILITIES Travel to other locations to attend meetings and meet with the teams when required. To work at any of the College sites on a temporary or indefinite basis. To undertake such duties as are reasonably allocated, appropriate to the grade of the post To take appropriate responsibility for PREVENT and the safeguarding and promotion of the welfare of children and/or vulnerable adults. To uphold British Values, the college values and responsibilities with regard to equality and diversity. To understand and adhere to college Health and Safety policies and guidelines ensuring compliance with statutory legislation Undertake such other duties as may be reasonably required.

5 Person Specification Post Title: Data Protection Officer. Post Reference: 5985 CRITERIA ESSENTIAL REQUIREMENT DESIRABLE REQUIREMENT Skills/Knowledge/Aptitude Expert knowledge of data privacy legislation - GDPR Practitioner Qualification or equivalent Appropriate and significant relevant experience in a similar role Organised and methodical approach to administration and record keeping. Be assertive with a calm demeanour and able to maintain perspective when faced with challenges or setbacks. Demonstrated ability to deliver a regulatory compliance programme and associated activities Excellent organisational and communication skills Works well under pressure and remains calm at all times Confident, proactive, self-starting and highly professional individual Experience in a similar industry and role Strong personal communication skills capable of dealing with wide range of stakeholders, including senior management Qualifications and Training GDPR Practitioner Qualification or equivalent Evidence of relevant CPD and a broad knowledge of data protection Level 2 qualification in English and Maths

6 Experience Several years experience working in an data protection role Experience of developing and implementing data protection systems, policies & procedures. A highly motivated, result orientated individual, maintaining focus and drive to achieve quality outcomes Disposition Perform consistently with the College s values and interacts in a way that reflects positively on the College, both inside and outside. To have due regard and take appropriate responsibility for PREVENT and the safeguarding and promotion of the welfare of children and/or vulnerable adults. To uphold British Values, the college values and responsibilities with regard to equality and diversity. To understand and adhere to college Health and Safety policies and guidelines ensuring compliance with statutory legislation.