Information and Privacy Specialist in Southampton

Can you provide expert advice to manage lawful processing of requests made under the Freedom of Information Act, the Environmental Information Regulations and the Data Protection Act? Do you have experience assessing privacy compliance and risk to ensure lawful, proportionate, information management that builds organisational trust and confidence in line with UK GDPR? If so, we'd love to hear from you!

The Data Protection and Information Access team works as part of the Maritime and Coastguard Agency’s (MCA’s) Corporate Governance framework to inform the Agency’s compliance with Data Protection and Information Access Legislations. The team provides independent, expert advice and guidance to the Agency, its staff, volunteers and third parties. The team acts as a point of contact for individuals whose personal data the MCA processes and ensures lawful and compliant processing and disclosure of personal and non-personal information under the relevant legislations. The function acts to ensure that the MCA’s Executive Officers and Board are adequately informed and advised of Data Protection and Information Access risks, best practice and relevant updates or changes to the regulatory landscape.

Benefits

• Employer pension contribution of 28.97% of your salary.
• 25 days annual leave, increasing by 1 day each year of service (up to a maximum of 30 days annual leave), plus 8 bank holidays and a privilege day for the King’s birthday.
• Flexible working options where we encourage a great work-life balance.

The Information and Privacy Specialist will support and deputise for the Head of Data Protection and Information Access, ensuring information and privacy advice to the organisation is delivered in a timely and compliant manner. The role will support the Head of Data Protection and Information Access in carrying out the delegated statutory tasks of the Department of Transport (DfT) Data Protection Officer (DPO), to facilitate and support the MCA’s compliance with Information and Privacy legislations, ensuring a sensible and proportionate approach is taken to help the department do its business in a way that inspires staff and public trust and confidence.

Responsibilities

• Manage the process for lawful and compliant disclosure of information under the Freedom of Information Act/Environmental Information Regulations and the Subject access provisions of the General Data Protection Regulation (GDPR)/Data Protection Act 2018 (DPA), ensuring the agency responds to requests for information as required by the legislation.
• Advise on and assess risks identified in providing information, working with stakeholders to assess risks.
• Assist in the management of referrals to the DPO and Information Commissioner Office (ICO) where residual risk remains high.
• Support the Head of Data Protection in the provision of expert advice to the MCA, its suppliers and employees on a wide range of information access and data protection matters, ensuring a sensible and proportionate approach is taken to help the department process and disseminate personal data in a lawful way that inspires staff and public trust and confidence, with the provision of timely, accurate and well-written expert advice.
• Manage and support the Information Access, Privacy, and Data Protection risk registers by identifying compliance risks alongside other business risks, and escalating these appropriately to the Head of Data Protection and Information Access, the Data Protection Officer (DPO), and the Maritime and Coastguard Agency (MCA) Senior Information Responsible Officer (SIRO), in line with internal risk escalation procedures.
• Maintain the systems for managing information access including managing the contract for system providers and ensuring that the local records are well maintained, auditable and able to produce accurate reports on the status and progress of information access and privacy activities.
• Assist the Head of Data Protection in responding to formal complaints received from data subjects, managing the logging and recording of complaints processed and assisting with complaint investigations.
• Monitor compliance with information access and privacy legislations for the MCA, undertaking regular audit activities to assess the MCA’s protection of personal data, including the assignment of responsibilities, awareness raising and training of staff involved in processing activities.
• Provide regular information access and privacy compliance updates to the Head of Data Protection for representation to the DPO and the MCA SIRO.
• Highlight areas of concern and assist in preparing action and mitigation plans.
• Manage the data breach reporting process, assessing risk and advising on appropriate actions, mitigations and reporting obligations where personal data breaches have occurred. Escalating to and consulting with the Head of Data Protection where appropriate, communicating relevant breaches to the MCA SIRO, DPO, ICO, and data subjects where required.

For further information on the role, please read the role profile. Please note that the role profile is for information purposes only - whilst all elements are relevant to the role, they may not all be assessed during the recruitment process. This job advert will detail exactly what will be assessed during the recruitment process.