Data Protection Officer

at  Crown Office and Procurator Fiscal Service

JOB SUMMARY

This is an exciting time to join COPFS as we move towards delivering a modern criminal justice system.
The Data Protection Officer (DPO) will assist COPFS to monitor internal compliance with data protection laws, inform and advise on data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the Information Commissioner.
You will play a crucial role in supporting and promoting a positive data protection culture within COPFS through educating employees on correct data use and compliance, conducting audits throughout COPFS, training peers in roles with data processing responsibilities, monitoring compliance and reporting on same to senior leaders.
Whilst you will be part of our Information Governance Unit, you will require to work autonomously and independently, managing a varied workload with competing priorities. The post holder will have both Line Management and Counter-signing responsibilities.

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS) (opens in a new window)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements (opens in a new window)

TYPE OF ROLE

Architecture and Data
Information Technology
Security

GENERAL RESPONSIBILITIES

• Advise on legal and regulatory requirements and best practice in data protection and information governance
• Promote a culture of data protection awareness and proper records management practices
• Influence the organisation’s response to data breaches and incidents
• Review and enforce records management policies and procedures
• Review and deliver training programs on information governance and data protection to staff
• Ensure rights of data subjects are upheld
• Continuing own professional development, self-assessing training needs to ensure understanding of the evolving landscape in data protection

ROLE SPECIFIC DUTIES

• Inform, advise and train COPFS staff about their obligations to comply with the UK GDPR and other relevant data protection laws such as Part 3 of the Act and any other emerging parliamentary changes to laws or regulations;
• Support senior leaders in understanding and enforcing these obligations in their functions;
• Work closely with Information Services Division and Procurement to implement strong data protection practices in development of technology in-house and in external contracts;
• Advise on data protection impact assessments and data sharing/processing agreements;
• Be the first point of contact for the Information Commissioner and for individuals whose data is processed;
• Managing the notification of registration with the Information Commissioner’s Office and, where necessary, report data protection breaches within the statutory timeframe and lead on any communication with the Information Commissioner’s Office;
• Review and implementation of information governance policies, procedures and guidelines;
• Conduct audits and risk assessments to identify compliance gaps and recommend corrective actions;
• Develop and maintain privacy policies, record of processing activities and appropriate policy documents;
• Review retention schedules and guidelines for records storage, retrieval and disposal;
• Participate in working groups across COPFS requiring data protection advice on projects;
• Continually assess the organisation’s information governance and data protection measures to ensure fitness changing needs and evolving risks.