Job Description Job title Reporting to Responsible for line managing Salary Directorate Hours of work Located at Type of contract Compliance Officer (Data Protection) Compliance and Quality Manager N/A Grade D of Mind s salary scales Infrastructure 35 hours per week, full time Stratford, office based Permanent About Mind We re Mind, the mental health charity. We won t give up until everyone experiencing a mental health problem gets support and respect. We provide advice and support to empower anybody experiencing a mental health problem and we campaign to improve services, raise awareness and promote understanding. Purpose of Job As Compliance Officer (Data Protection), you will be the first point of contact for Data Protection matters within the organisation, with responsibility for handling enquiries and providing guidance in line with the Mind s policies and procedures. You will ensure the safe and secure processing of information that service users and supporters share with us, especially information that is sensitive in nature. Scope of the Job As Mind s expert advisor in relation to Data Protection, you will provide advice and support to staff through a responsive and customer-focused helpdesk. You will also work proactively to develop staff awareness and improve practice through an annual schedule of training and by working in partnership with key teams to support the delivery of core projects including the development of Mind s Children and Young People s Programme. You will also work as part of a small team to support the implementation of our Compliance Assurance, Audit and Quality Frameworks which will enable the organisation to effectively manage risk and demonstrate quality to beneficiaries, supporters and regulators alongside informing decisions and embedding a culture of learning and continuous improvement. Through this work, you will help to ensure that Mind has the appropriate policy framework and can demonstrate good practice in order to achieve organization-wide legal and regulatory compliance in the following areas: 14.11.17 Compliance Officer (Data Protection) JD & PS Page 1 of 6
- Information governance and data protection - Safeguarding and risk management - Fundraising governance - Contract compliance and due diligence Mind operates within a federated structure with up to 140 local, independent organisations affiliated to us through a membership agreement, quality assured through the Network Relations and Development team with approximately 1.7 million of direct funding distributed annually through contracts and partnership agreements. This is a critical time for the whole Mind network as we seek to harness the strengths of this federated model, understand our collective impact and achieve collective growth, you will be expected to play an active role in supporting this development. Mind aims to ensure that the needs and interests of mental health service users, women and black and minority ethnic communities, disabled people and lesbians, gay men, bisexuals and people of all ages are reflected in all its activities. The post holder is expected to contribute to this aim. Job specific responsibilities 1. To lead on key aspects of Mind s Compliance Assurance, Audit and Quality Frameworks, driving continuous development and improvement, working alongside the Safeguarding Officer to ensure they continue to meet the needs of the organisation in a fast changing external environment. 2. To provide specialist advice and recommendations to staff and ensure organisational compliance and conformance with statutory and regulatory requirements with a focus on Data Protection, Direct Marketing and Fundraising regulations and codes of practice 3. To effectively communicate and explain quality and compliance concepts to colleagues, championing the highest levels of customer care and providing a responsive, high-quality service to colleagues internally and stakeholders externally. 4. To lead the Internal Audits to ensure that Data Protection and Information Security Policies, Procedures and controls are in place, meet the organisation s needs and are effectively implemented. 5. To conduct regular analysis of data relating to Mind s quality, compliance and risk management; prepare and deliver verbal and written briefings and reports which ensure the colleagues and Managers have access to accurate and reliable information to guide decision making. 14.11.17 Compliance Officer (Data Protection) JD & PS Page 2 of 6
6. To assist colleagues with controls around the secure storage of hard copy information and ensure that information handling policies are adhered to. 7. Create and maintain documentation that provides evidence of Data Protection Legislation compliance. 8. Assist with the development and implementation of relevant policies, processes and procedures, maintain an appropriate review cycle and ensure joined up working is taking place across the wider teams in order to support and achieve organisational strategic aims. 9. Coordinate and deliver some aspects of an annual programme if training and capacity building for staff across Mind, covering all key areas of policy and practice and equipping the organisation to understand and manage their responsibilities in terms of risk management and reporting. 10. To support the broad team objective to ensure organisational compliance with Fundraising legislation and codes of practice, Information Governance and Data protection legislation, and Contract compliance. 11. To work flexibly and collaboratively across all teams in the organisation to ensure the greatest impact and effectiveness of the Infrastructure department s day to day work. 12. Undertake any and all other reasonable and related tasks associated with this role. Expectations You will be expected to: 1. Adhere to relevant legal and statutory requirements including the Data Protection Act (ensuring an appropriate level of confidentiality at all times), Health and Safety at Work Act (ensuring H&S of own and others at all times), and any other relevant legislation and regulation. 2. Ensure that all responsibilities and activities within this post are conducted in accordance with the terms and spirit of Mind s mission, vision, values, objectives, policies, procedures, and practices. 3. Attend and contribute to team meetings, supervision, appraisal process, Mind staff training and any other training identified as appropriate for the post. 14.11.17 Compliance Officer (Data Protection) JD & PS Page 3 of 6
4. Facilitate meaningful involvement of people with experience of mental health problems in developing, delivering, and reviewing Mind s quality and compliance. 5. In partnership with the Networks and Communities department, share resources, knowledge and expertise which strengthen our partnership with the network of local Mind organisations. 6. Travel to meetings in England and Wales and work unsociable hours on occasion, which may require the need for an overnight stay, evening and weekend work. 7. Contribute to making Mind a greener workplace. General responsibilities 1. Use your excellent communication skills to explain legal and regulatory compliance concepts, specialising in information governance, and build positive relationships throughout the organisation. 2. To maintain policies, procedures and processes relating to quality, compliance, risk management, information governance, safeguarding and contract management. 3. To champion the highest levels of customer care, providing a responsive high quality service to colleagues internally and partners externally. 4. To advise colleagues relating to quality and compliance issues, specialising in Information Governance and Data Protection, escalating complex enquiries to the Compliance and Quality Manager. 5. To support the Compliance and Quality Manager in ensuring Mind s compliance with Data Protection legislation. 14.11.17 Compliance Officer (Data Protection) JD & PS Page 4 of 6
Person specification: Compliance Officer (Data Protection) Essential Criteria Experience 1. Experience of Data Protection and Information Security legislation and associated practices and working with colleagues to ensure that good practice is followed. 2. Demonstrable ability working as part of a team and to build effective working relationships with staff in other departments. 3. Experience of Information Security and Risk Management in a complex environment. 4. Experience of desk based research and summarising information to highlight key messages required for different audiences, both in written reports and through delivering presentations. 5. A proven ability to develop effective solutions to complex problems. Knowledge/skills 1. Strong verbal and written communication skills, in particular, being able to effectively communicate and present information clearly and concisely. 2. Ability to translate and explain complex legislative and regulatory requirements. 3. Ability to assimilate and summarise information rapidly, including drafting high quality reports. 4. The ability to maintain discretion to deal appropriately with confidential information and an understanding of when to escalate information to senior colleagues. 5. Demonstrable ability to use own initiative, work unsupervised and manage multiple tasks across a complex organisation, re-prioritising work as necessary and using creative problem solving to meet objectives and deadlines. 6. Excellent IT skills; including word processing, producing presentations and the setting up of storage of information through spreadsheets and databases. 7. Willingness to travel and work some unsocial hours 14.11.17 Compliance Officer (Data Protection) JD & PS Page 5 of 6
Desirable criteria 1. Knowledge and understanding of regulatory requirements for Direct Marketing or willingness to undertake training e.g. DMA Direct Marketing Code and the Fundraising Regulators Code of Fundraising Practice. 2. Experience of CRM databases. 3. Experience of delivering training and briefings; ensuring concepts, processes and procedures are explained simply and are engaging for a wide range of stakeholders. 4. Experience of organisational development or capacity improvement, including producing and disseminating effective resources to support a culture of learning and continuous improvement. 5. Experience of project management with the ability to effectively manage stakeholders and risks and meet agreed targets and timescales. 6. Knowledge and understanding of Mind s mission, vision, values and ambition and what this means in relation to this post and the ability to incorporate this into all aspects of work. 7. Knowledge and understanding of equality and diversity and what this means in relation to this post and the ability to incorporate this into all aspects of work. 8. Experience of working in mental health and/or a related social care or health sector. 9. Direct or indirect experience of mental health problems. 10. An understanding of Mind and its networks, or similar structures within the voluntary sector. 14.11.17 Compliance Officer (Data Protection) JD & PS Page 6 of 6