DPO and Head of Information Governance

DPO and Head of Information Governance

Remote UK

Salary: £85,000 per annum plus £1000 per annum work from home allowance (pro-rata)

Reporting to: Chief Finance Officer

Expected Hours: 40 hours per week

Location: Home-based/various meeting locations as required

The Company

Psychiatry UK is the leading provider of online mental health services in the United Kingdom. A career here offers the opportunity to develop your knowledge, skills and life experiences while enjoying the opportunity to work in a full or part-time role from your home office. Working in a leading online mental health service means working amongst innovative, forward-thinking and committed professionals in a multi-disciplinary team.

Job Summary

The Data Protection Officer (DPO) and Head of Information Governance will oversee and lead the Information Governance (IG) and Cyber Security Agenda, ensuring compliance with UK GDPR, the ICO Accountability Tracker, and the NHS Data Security and Protection Toolkit (DSPT). The role is responsible for developing and implementing data protection policies, training, and governance frameworks while advising senior leadership on regulatory obligations and best practices.

Key focus over the next 24 months:

1. Implementing /embedding an agile IG framework for an agile, digital, growth business – building a culture and capability for ‘first line’ confidence and accountability
2. Leading the identification and remediation of high rated data privacy and compliance risks across all areas of PUK’s operation – with focus on the evolution of our digital / data platform and including the development of automated controls
3. Support the digital transformation in the business, including the safe / compliant use of data for analytics

Responsibilities and Duties

• Lead Information Governance (IG): Oversee the IG agenda, ensuring compliance with legislation, regulatory standards, and data protection laws.
• Support Digital Transformation: Ensure compliance in projects involving digital systems, automation, and AI.
• Monitor Legislative Changes: Stay updated on data protection laws and implement necessary changes.
• Develop and Maintain IG Framework: Establish policies, procedures, and governance structures to support compliance.
• Mandatory Submissions & Reporting: Lead the Data Security and Protection Toolkit submission and provide board updates.
• Training & Awareness: Collaborate with Learning & Development to implement IG training for staff.
• Data Protection Compliance: Support Data Protection Impact Assessments (DPIAs), data-sharing agreements, and privacy notices.
• Manage Data Access & FOI Requests: Oversee the Health Records Team to ensure compliance with Rights of Access and respond to Freedom of Information (FOI) requests.
• Regulatory Liaison & Complaints Handling: Act as the registered DPO with the ICO, handle complaints, and review/report data incidents within 72 hours if required.
• Risk & Records Management: Support information risk management, maintain a central asset register, and oversee records management from creation to disposal.
• Governance & Oversight: Chair the IG & Data Protection Steering Group, develop Key Performance Indicators (KPIs), and embed data compliance across processes.
• Line Manage a team of specialist staff working across all areas within the IG Framework.

Person Specification

Essential Qualifications and Skills:

• Educated to Degree Level in a relevant discipline.
• Suitable Data Protection qualifications/certifications.
• Extensive knowledge of Data Protection legislation (Data Protection Act 2018/UK GDPR/PECR/Computer Misuse Act etc).
• Managerial/leadership skills evidenced through training or through relevant experience.
• Advanced knowledge of frameworks such as Cyber Essentials Plus, DSPT, ISO:27001 etc.
• High level of interpersonal skills and ability to work with Executive Level staff.
• Advanced oral and written skills for communicating on complex information governance and data protection matters.
• Report writing skills.
• Problem solving skills and ability to respond to sudden unexpected demands.
• Excellent time management skills with the ability to prioritise based on need.
• Ability to work to tight deadlines.

Desirable Qualifications and Skills:

• Experience of working in a healthcare setting in a Lead Information Governance role.
• Experience operating in a rapidly scaling digital (health) environment with use of sensitive/special category data.
• Experience of managing and communicating with regulators including ICO.
• Strong technical background with experience of Cyber security management.

Other information

This job description is intended as an outline indicator of general areas of activity and will be amended in the light of the changing needs of PUK. You may be required to work at other locations as determined by the duties of your post. You may be required to undertake any other duties at the request of the Line Manager, which are commensurate with the role, including project work, internal job rotation and absence cover. This job description describes responsibilities, as they are currently required. It is anticipated duties will change over time and the job description may need to be reviewed in the future.

Behaviour

• Support the values, aims and vision of PUK and its clients.
• Act with honesty and integrity at all times.
• Be positive ambassadors for PUK.
• Demonstrate high standards of personal conduct.
• Value and respect colleagues, other members of staff and patients.
• Work with others to develop and improve PUK services.
• Take personal responsibility for their words and deeds and for the quality of the service they deliver.

Confidentiality

The post holder must ensure that personal information is accurate, up to date, always kept secure and confidential in compliance with relevant legislation and the common law duty of confidentiality. The post holder must follow record-keeping guidelines to ensure compliance with the Freedom of Information Act.

Valuing Diversity & Human Rights

No person should receive less favourable treatment on the grounds of sex, sexual orientation, marital/partnership status, race, religion, age, creed, colour, ethnic origin, disability, part time working status and real or suspected HIV/AIDS status and must not be placed at a disadvantage by conditions or requirements which cannot be shown to be justifiable.

Data Protection

If you have contact with computerised data systems you are required to obtain, process, and/or use information held on a computer in a fair and lawful way, to hold data only for the specific registered purpose and not to use or disclose it in any way incompatible with such purpose. To disclose data only to authorised persons or organisations as instructed.

Locations UK – remote

Remote status: Fully Remote

#J-18808-Ljbffr