Data Governance Officer
DescriptionFulfil the role of Data Protection Officer, maintaining arrangements to comply with data protection legislation and dealing with related SAR requests and queries. Implement and oversee arrangements to ensure compliance with the data protection legislation and best practice, including managing internal data protection activities, training colleagues and conducting internal information governance audits. In particular:Ensure appropriate arrangements are in place relating to privacy notices, data collection and retention, data sharing, data processing and data impact analyses;Maintaining a register of all processing activities, purposes of processing and the legitimisation criteria used;Respond to all requests relating to data protection; andSubmit returns and reports to the Information Commissioner's Office.
Build, implement and maintain Data Governance standards and content, including Data Governance and Document Retention Policies, Information Classification Standards etc.Develop and maintain Data Governance accountability and forums, such as the Information Security Forum.Develop and maintain access management standards across including identification and responsibilities of data owners.Record all reported information security breaches, including near misses, and co-ordinate investigations into all reported breaches, ensuring that any required remedial action is implemented.Audit business processes regarding the handling, storage and processing of non-electronically held information against the relevant ISO27001 controls. Ensure that any non-conformity identified is addressed and any associated risks are within the tolerance level identified in the Risk Assessment criteria.Develop, maintain and report on relevant metrics to assess the level of data governance for non-electronically held data.Provide advice and guidance to colleagues. In particular, contribute expertise to projects that involve processing personal data and/or introduction of new IT systems, ensuring data security.
ProfileIn order to be successful in this role, you will need: Expert knowledge of current data protection legislation and requirements. Experience of the ISO27001 framework.