Data Protection Officer

Location: Remote - with occasional on-site visits if required and as agreed with clients.

Hours: Full-time and part-time applications welcome. 

Background

HEFESTIS is a not-for-profit shared service organisation, jointly owned by member institutions across the University and College sector. It provides shared services to institutions and where applicable to sector owned bodies and support services. Our core vision is “to be the shared service partner of choice for sustainably delivering information services across the Further and Higher Education sector”.

HEFESTIS has established a successful Data Protection & Governance share service, currently comprising nine Data Protection Officers (DPO’s) and two Information Rights Officers (IRO’s), who serve a large proportion of Further and Higher Education institutions. The DPO-share service is provided as part of this wider offering, in addition to IRO-share and FOI-share services. Each DPO fulfils the statutory obligations of the role for one or more institutions and/or associated bodies. The DPO’s work virtually as a team with the IRO’s, providing a peer network of support, with many years of experience across a variety of backgrounds. This allows individuals to grow professionally as well as providing an effective and resilient resource for our members.

The Role

We are looking to recruit a DPO for some of our member organisations in Scotland. You will be the named DPO, with a reporting line to an appropriate member of the senior management team at each institution as well as to the HEFESTIS Head of Service. You will be expected to work remotely with occasional on-site visits if required and as agreed with clients.

This role will provide the opportunity to guide institutions so that data protection is well-managed, supporting compliance and best practice to protect the privacy rights of data subjects. This role offers the independence and responsibility of a DPO as outlined under UKGDPR, with the benefits of being part of a knowledgeable, experienced, and well-respected team. Assisting with the FOI service as required, with full training to be provided.

The key aspects of this role include but are not limited to:

• Provide experience, expertise and guidance in data protection law including UKGDPR and the Data Protection Act 2018.
• To review and periodically update each institution’s data protection policy and supporting procedures/guidance.
• To have knowledge of case law and ICO regulatory action and disseminate this through recommending actions and issuing guidance.
• To provide reports to senior management teams, compliance checks and audits.
• To achieve a fundamental understanding of the sector, ensuring delivery of pragmatic, proportionate and workable guidance and support.
• Participation in operational meetings and advising on the impact of regulations on institutions.
• Raise awareness of data protection and provide training to institutional staff as required.
• Tailor service delivery by considering each institution’s environment/circumstances.
• Contextualise guidance in different functional areas within institutions, ensuring advice is consistent with that provided to other shared service members.
• Support and develop data protection tools and templates and share them across DPO-share service and/or utilise tools and templates developed by other DPOs in the Team to maximise efficiency across the service.
• Undertake data security incident/breach investigations and report matters to senior management.
• Cooperate with and act as a single point of contact for the ICO where appropriate.
• Provide a central/single point of contact during an investigation (should an incident/breach impact more than one Member institution).
• Available by phone for urgent enquiries (e.g. data incidents/breaches).
• Use balanced judgement to prioritise and deal with competing demands.
• Provide consistency of advice across institutions as part of the Service team.
• Learning about FOI, PECR, and records management to contribute to the HEFESTIS service and client work, including FOI work as required (with appropriate training).

The Person

The post holder must be able to work as part of the DPO-share service, engaging with and supporting the team to develop the service. In addition to this, you must be able to cooperate and gain the trust and respect of staff at all levels across your institutions as well as other stakeholders.

As such, candidates will be required to demonstrate capability and experience in a significant number of the following areas:

Experience and Skills

• A detailed knowledge of data protection legislation, including UKGDPR and the Data Protection Act 2018, is essential.
• A strong background in data protection, information governance, legislation and/or policy development is essential, preferably with a recognised qualification.
• A genuine passion for data protection.
• Experience of conducting compliance audits would be beneficial.
• An understanding of the Higher and Further Education sector would be beneficial although not essential.
• Experience of working in or with the public sector.
• Experience, or knowledge, applying FOI law (English or Scottish).

Personal

• Excellent verbal and written communication and presentation skills.
• Analytical background with attention to detail.
• Openness, transparency, and the ability to engender trust.
• Self-assured and capable.
• Skills in negotiating and influencing, with the ability to identify common ground and solutions.
• Demonstrable commitment to Equality and Diversity in all aspects of the company’s operation.

Terms

• Full-time and part-time applications will be considered.
• Full-time hours are 35.625 hours per week – 9.5 day fortnight working pattern as standard.
• Competitive Salary: £38K – £43K per annum which will be prorated for part time hours.
• Annual leave: 26 days annual leave plus 14 fixed/floating days per annum pro-rated for part-time hours.
• Benefits: Membership of the company pension scheme, access to the company benefits suite including cycle-to-work scheme, and gym discounts.

How to Apply

Applications should be made by forwarding your CV and covering letter outlining why you would like to work for HEFESTIS. Interviews will likely be held virtually via Microsoft Teams.