JOB SUMMARY

The Infected Blood Compensation Authority is seeking a Data Protection Officer to assure our compliance with data protection legislation processing personal data. IBCA is responsible for paying compensation to eligible applicants, which will include those infected and affected by the infected blood scandal. As such, IBCA will be processing a wide variety of evidence, including medical records and other health data. IBCA will also be managing information flows to and from other government departments and relevant bodies to support the application process. IBCA is a recently established department, and as such requires data protection assurance as its operations develop. This is a unique opportunity to shape and implement a data protection function that provides capability to a mission-focused team.

JOB DESCRIPTION

The Data Protection Officer will report to the Head of Data Governance, and will sit alongside the other Data Governance workstreams, which are:

• Knowledge and Information Management
• Information Rights and Disclosure
• Data Acquisition and Quality.

The post-holder will serve as the Authority’s statutory DPO.
The role will be dynamic and fast paced, so that IBCA is able to deliver a service that is underpinned by quality, trustworthy data.
The role includes line management responsibility for one member of staff, who in turn will support the DPO with their duties.

TECHNICAL SKILLS

We’ll assess you against these technical skills during the selection process:

• Knowledge of UK GDPR

NATIONALITY REQUIREMENTS

This job is broadly open to the following groups:

• UK nationals
• nationals of the Republic of Ireland
• nationals of Commonwealth countries who have the right to work in the UK
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities with settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• nationals of the EU, Switzerland, Norway, Iceland or Liechtenstein and family members of those nationalities who have made a valid application for settled or pre-settled status under the European Union Settlement Scheme (EUSS)
• individuals with limited leave to remain or indefinite leave to remain who were eligible to apply for EUSS on or before 31 December 2020
• Turkish nationals, and certain family members of Turkish nationals, who have accrued the right to work in the Civil Service

Further information on nationality requirements

MAIN RESPONSIBILITIES

The successful candidate will:

• Engage with operational teams and external stakeholders to deliver a data protection framework across the organisation and support its compliance with relevant legislation.
• Continue to develop IBCA’s data protection strategy and policy.
• Lead on the assurance of Data Protection Impact Assessments when new or alternative processing is proposed. Influence the development of systems and processes to adopt a privacy by design and default approach across the organisation to meet compliance with the strategic and organisational objectives.
• Ensure compliance with the UK GDPR and other data protection laws, developing our data protection policies, processes and procedures, including managing internal data protection activities and conducting compliance reviews.
• Deliver statutory data protection requirements, including providing advice and assistance on data security incidents to support decision making decisions on breaches and whether to report them to the Information Commissioner’s Office (ICO).
• Advise on the lawfulness of using IBCA’s statutory powers.
• Provide assurance of compliance re: IBCA’s policies, processes and digital tools.
• Determine lawful bases for processing and controllership.
• Safeguard and champion privacy issues insofar as IBCA’s use of personal data.
• Create and support with data protection products and procedures.
• Manage IBCAs data protection functions, including producing and maintaining clear, accessible, user-friendly procedures, processes, forms and guidance.
• Develop and deliver data protection training programmes.
• Any other relevant data protection issues the Authority may be required to address.