Information Governance Manager / Data Protection Officer in City of London

A Vacancy at South West London and St George's Mental Health NHS Trust. We are seeking to recruit an experienced hands-on professional to oversee our Information Governance work programme, manage the Information Services team and fulfil the role of Data Protection Officer. The successful candidate will have an excellent knowledge of the UK GDPR / Data Protection Act 2018 and other associated legislation within an NHS environment, plus a track record of managing a team responsible for provision of access request services and provision of high quality guidance and advice to colleagues at all levels on topics including confidentiality, data sharing, information security and records management. As part of the role the Trust will offer training in leadership, management and relevant legislation.

Key Responsibilities

• Provide professional guidance and leadership in matters of data protection and all aspects relating to the governance and security of patient, staff and corporate data.
• Manage and support the Information Services team which process access requests to information from patients and third parties to strict deadlines.
• Oversee compliance with the annual Data Security & Protection (DSP) Toolkit compliance work programme.
• Ensure compliance with mandatory Information Governance training targets, including provision of face-to-face training for new starters as part of their Welcome Day induction.
• Organise and attend bi-monthly meetings of the Data Protection Information Governance Group (DPIGG).
• Be the Trust’s named Data Protection Officer fulfilling all associated duties including being the Trust’s immediate contact for the Information Commissioner’s Office.

Flexible Working

We are proud to offer agile and flexible working opportunities as part of our new ways of working, and we are happy to discuss flexible working at the interview stage, giving you a very good work-life balance. The role can be home-based for several days a week with an office base at Tolworth Hospital and occasional trips to Springfield Hospital in Tooting.

Benefits

We offer flexible working, career development and a variety of benefits to enable a positive, welcoming environment in which our people and their careers can thrive.

About Us

We are Proud to Belong at South West London and St George’s Mental Health NHS Trust. We have expert services, a rich history and a clear commitment to providing the best quality care for those with mental ill-health. The Care Quality Commission already rates our services as ‘good’ – we aspire to be ‘outstanding’. This is a great time to join us. We are transforming the way we care for our communities to support our mission of Making Life Better Together. We have built two brand new mental health facilities at Springfield University Hospital, which are amongst the best in the world. More developments are planned across our sites and services as we invest a further £120 m to upgrade and modernise our estate by 2027. We are inclusive and diverse and strive to be actively anti-racist. We want to attract people from all backgrounds and experiences to enrich the work we do together. We are proud to co-produce and involve our local communities in all that we do.

Additional Responsibilities

• Act as source of expertise on Information Governance Issues to the Trust providing specialist advice and assistance to staff where required on areas of complex information governance legislation, such as the UK GDPR / Data Protection Act 2018 and the Confidentiality: NHS Code of Practice; ensure that this specialist knowledge is kept up to date and changes in legislation or national and local policy are communicated effectively to staff at all levels within the organisation.
• Support the Trust’s Data Protection Information Governance Group (DPIGG) and the Trust’s Caldicott Guardian in the implementation of Information Governance policies and procedures, in particular, the recording, storage and exchange of person-identifiable information.
• Lead maintenance of the Trust’s Data Security Protection (DSP) Toolkit work programme, co-ordinating with and supporting key staff in meeting requirements and expectations of this governance framework; ensure compliance to deadline of the annual DSP Toolkit online assessment.
• Implement policies and procedures for the secure and efficient management of clinical records as required by the Data Protection Act 2018 and Caldicott Report recommendations.
• Assist in the development and delivery of the information Governance Improvement/Action plan and audit of the DSP Toolkit submission to confirm score compliance; service and support the Trust’s Data Protection Information Governance Group and other related meetings as appropriate both internal and external to the Trust.
• Act as expert in regard to IG incidents leading the assessment, action planning and final sign-off of information governance incidents.
• Act as Trust nominated Information Security and Privacy Officer undertaking regular monitoring of system usage and compliance, development of security policies, controls and procedures in liaison with appropriate managers and ensuring appropriate documentation and guidance exists for members of staff.
• Proactively work with operational managers, the Senior Information Risk Owner (SIRO), Information Asset Owners (IAOs), Information Asset Administrators (IAAs) and other stakeholders to ensure the information risk management structure processes meet the business and data security requirements of the organisation.
• Be responsible for the administration of access to medical records, liaising between applicants and health professionals, ensuring that time limits and patients’ rights are adhered to; responsible for ensuring that there are documented requirements for access controls for all key information assets identified in the organisations asset register.
• Lead the Information Governance training programme, including planning and liaison with the Trust’s learning & Development department for the regular delivery of IG training sessions, both online and face to face as required; review content of training material.
• Give face-to-face IG training to new starters as part of the Welcome Day / Induction programme.
• Ensure secure processing of personal and otherwise confidential data by proactively monitoring activity, such as secure email, access request disclosure, physical checks of workstations.
• Ensure that there are suitable mechanisms for access to and disclosure of records as per the Data Protection Act and other legal routes of access to data.
• Be responsible for corresponding with external organisations and authorities regarding third party requests for mental health & social care records.
• Ensure that the Trust has an accurate, complete and maintained Data Protection Registration, including annual renewal of the associated Information Commissioner’s Office (ICO) fee.
• Ensure Information Governance documentation on the Trust’s website and intranet (InSite) are accurate and kept up to date, including the Privacy Notices.
• As Data Protection Officer (DPO) – monitor internal compliance with the UK GDPR / Data Protection Act 2018, inform and advise on the Trust’s data protection obligations, provide advice regarding and sign-off Data Protection Impact Assessments (DPISs), and act as a contact point for data subjects and the Information Commissioner’s Office (ICO).

This advert closes on Sunday 5 Apr 2026.