Data Protection Officer
In this newly created post, you will be shaping the Home Office's approach to the implementation of a new data protection regime. The Data Protection legislative landscape is changing - the General Data Protection Regulation (GDPR) and Data Protection Directive (DPD) will come into effect in May 2018, providing a modernised, accountability-based compliance framework for data protection. The GDPR requires all public authorities to designate a Data Protection Officer (DPO) to oversee compliance and embed a 'privacy by design' culture, and this newly created post will put you at the heart of the new legal framework. The new framework puts greater emphasis on public authorities being able to demonstrate compliance with the data protection regime. This will be key to any data sharing arrangements post the UK's exit from the European Union. All areas of the Home Office deal with citizens, other individuals, and their personal data. Rapid technological developments and globalisation have brought new challenges for the protection of personal data - this post will be central to ensuring the HO is successful in meeting these. Key responsibilities The main responsibilities of the DPO will be to: • provide leadership in raising the profile of data protection compliance across the HO and with those staff responsible for managing projects or work-streams that involve the processing of personal data this will involve close working with colleagues across the department; • provide advice and guidance to Home Office staff who control and process personal data about their obligations pursuant to the relevant data protection laws, ensuring service delivery is balanced with compliance; • monitor compliance with data protection legislation, including the assignment of responsibilities, awareness-raising including overseeing departmental training of staff involved in processing operations; • design and implement a planned programme of risk-based audits to test compliance; • provide advice on mitigating risks around data protection processing activities and data protection impact assessments, and monitor performance against the changes being introduced by the new regime; • cooperate with the supervisory authority (the Information Commissioner's Office in the UK) by acting as the contact point on issues related to the processing of personal data (including for major new projects), and provide information as requested on HO compliance in this area; • provide advice following both data processing audits and data breaches, monitoring and working with the business to address identified issues. Competencies We'll assess you against these competencies during the selection process: • A good knowledge and understanding of national and European data protection laws and practices including the DPA, GDPR and DPD and a willingness to become an expert in the resulting related UK legislation; • A good understanding of information technologies and data security and the relationship between these and data protection; • Excellent influencing skills with a proven track record of overseeing and improving compliance, identifying opportunities to improve operational processes in support of this, along with an ability to promote a data protection culture within organisations; • Experience of working in a high-profile and complex political and business environment, with competing challenges; • Demonstrable experience of building relationships and respect at the most senior levels within organisations, both supporting but also challenging senior stakeholders; • Very strong analytical skills, including the ability to convey analytical information effectively to senior audiences, both written and orally. To apply, please click on the APPLY button.
Closing date: 8 September 2017. The Home Office is committed to a policy of equal opportunity for all staff. We encourage a diverse workforce and aim to provide a working environment where all staff at all levels are valued and respected, and where discrimination, bullying, promotion of negative stereotyping and harassment are not tolerated.