This job has expired

Head of Digital Governance and Data Protection Officer

Blackpool Teaching Hospitals NHS Foundation Trust
£70,417 to £81,138 a year per annum
Closing date
1 Jun 2023

View more

Other Health Profession
Band 8C
Contract Type
Full Time
Job summary

The Head of Digital Governance & Data Protection Officer (DPO) post is the professional lead for Information Governance within Blackpool Teaching Hospitals, its subsidiary company (Atlas Engineering).

As an expert in Information Governance, Data Protection, Freedom of Information and other associated legislation they will work to ensure that all parties meet their legal and regulatory obligations. The post holder will also work with all the various management teams, its companies and key partners to ensure that all parties are processing information in accordance with legislation and guidance.

The post holder will also lead on the Digital divisions wider Assurance & Governance; such as Risk & Incident Management, Root Cause Analysis, Service Level Agreements, Digital Maturity and Certification.

The post holder will also be expected to provide expert Digital & Information Governance advice and guidance to the strategic regional agenda across Blackpool and the Fylde Coast as well as offering leadership to Integrated Care System (ICS) wide projects where required.

Main duties of the job

  • to act as the appointed Statutory Data Protection Officer as defined by the EU General Data Protection Regulation 2016 (Articles 37-39)
  • to be the lead source of information and expertise on information governance and data protection including EU and national legislation.
  • to lead on the translation of the above into strategy, policy and guidance that impact across the organisations to ensure organisational compliance. This will involve decision making where no precedent exists
  • have senior responsibility for the development of a robust Information Risk Assurance function which includes Cyber Security, System Failure, Digital Clinical Risk and GDPR.
  • provide a single point of knowledge to senior management and staff with clear policies and procedures that ensure the organisation meets both its statutory and legal obligations

About us

Welcome to Blackpool Teaching Hospitals NHS FT and thank you for taking an interest in joining our Digital division!

There has never been a better time to join #TeamBTH as we start our five-year journey to improve the lives of people who live, work and volunteer on the Fylde Coast and beyond. Our new five-year strategy commits to making care pathways more streamlined and accessible by investing in Digital.

We are looking for various roles to join #TeamBTH to help us deliver our new Digital Plan that underpins the Trusts strategy and will support the organisation to:
  • improve access to information for all, including patients, to improve their experience and outcomes.
  • procure and implement a new Electronic Patient Record, to enable us to share health care information
  • increase our digital capability and maturity
  • deliver the NHS long term plan ambitions to reduce face to face appointments, where appropriate
  • embrace virtual working and wearable technology
  • offer health advice quickly using digital means
  • use data and digital to widen access to care, support health promotion and reduce health inequalities

Job description

Job responsibilities

In the role as Head of Digital Governance, Health and Corporate records the post holder will:
  • provide strategic direction, professional leadership and development for the Information Governance Service including maintaining and developing its structure to ensure that all required roles, responsibilities and reporting lines are in place.
  • be the Freedom of Information Act 2000 (FOI) and The Environmental Information Regulations 2004 (EIR) lead for organisations including the provision of independent advice on potentially highly complex/contentious issues e.g. applicability of exemptions and exceptions to the release of requested information.
  • lead on the development of training, awareness and communications programmes aimed at informing and advising the Trust and its staff (at all levels) to promote understanding of their obligations to comply with information governance requirements.
  • provide high quality, responsive and customer focused advice in response to often complex, contentious and sensitive requests from a wide range of stakeholders including senior management, staff, contractors and the public.
  • proactively disseminate complex and contentious information governance principles to a wide audience through regular communications briefings using e-mail, intranet and bulletins and other communications media, where there may be resistance to compliance.
  • create and maintain a methodology to record Data Protection decisions made by the organisation.
  • ensure the Data Security and Protection Toolkit(DSPT) and other IG related audit submissions are made correctly, within timescales and are signed off by the Board where applicable and that evidence is available to support the attainment levels submitted. This to include overseeing the delivery of action plans and improvement programmes to support compliance with legislation and national Information Governance requirements. This will require liaison with senior managers throughout the organisations.
  • collaborate with the Head of ICT to promote and continuously improve upon information security compliance, this to include:
  • ensuring technical requirements become embedded into robust information security principles.
  • providing specialist expert advice and support on a range of information security and assurance issues.
  • identify and advise on the management of organisational information risk, develop and maintain an information governance risk register and ensure appropriate assurance mechanisms are in place including acting as the focal point for the discussion and resolution of information risk issues.
  • monitor (including audit) and report on compliance with IG requirements providing feedback to the SIRO / Caldicott Guardian / Committee.
  • provide guidance to Asset Owners/System Administrators in relation to the risk assessment of business critical and multi-user systems and support them in the development of action plans to address significant areas of risk including system specific information policies and related procedures.
  • Use/set organisational trigger-points for mandatory input from the DPO providing advice on Data Protection Impact Assessments (DPIA) to offer a balanced independent review of activities such as business improvements, system requests for change, large scale business development and introduction of new systems and services.

Also to:
  • give consideration of the business needs against GDPR and other information governance / security requirements.
  • provision of advice and guidance on changes required to meet/maintain GDPR/IG compliance.
  • identification of system change requirements to support GDPR/IG compliance.
  • consult with the Information Commissioners Office (ICO) where proposed processing poses a high risk in the absence of proposed mitigations.
  • provide expert input for contracts, invitations to tender, integrated partnership initiatives etc to support organisations bids and initiatives whilst ensuring robust information security and governance is maintained.
  • lead and support specific groups such as Information Asset Owners, System Administrators through effective networking structures sharing of relevant experience and provision of appropriate advice
  • ensure information breaches (eg security, confidentiality) including serious incidents are investigated and where necessary escalated in a professional manner. Provide guidance on operational and procedural improvements arising from lessons learned. Where serious incidents that warrant external reporting (eg ICO, Department of Health) are identified ensure these are brought to the attention of the SIRO in a timely manner so that GDPR reporting requirements and activities can be met[1] (including informing individuals affected).
  • be organisations expert on information sharing, ensuring organisations approaches are compliant with law and best practice.
  • proactively and strategically ensure organisations are able to effectively and appropriately share information where multi agency or partnership working exists.
  • take the lead in developing, managing and reviewing information sharing protocols and third party access agreements with other organisations including local authorities and voluntary organisations.
  • liaise with and influence a wide range of stakeholders including staff, service users, solicitors, the Courts and other organisations to ensure appropriate information sharing.

Person Specification



  • Educated to Master's level or significant experience of working at a senior level in the Information Governance Management with a an Information Governance qualification
  • Extensive knowledge of specialist areas, acquired through post-graduate diploma or equivalent experience or training plus further specialist knowledge demonstrated through a recognised qualification in data protection and/or information security
  • Member of a professional body e.g. BCS British Computer Society, National Association of Data Protection Officers


  • PRINCE2 Practitioner (or equivalent project management methodology)



  • Previous management experience and demonstrable knowledge of working within the Data Governance arena within the public sector or a similarly complex organisation
  • An understanding of the background and aims of current of healthcare policies and the implications for data security
  • Experience of the relationship between the Department of Health, NHS England and NHS Improvement and individual provider and commissioning organisations
  • Experience of successful multi agency working.
  • Experience of rapid identification of Information Risk and risk escalation processes.
  • Experience of co-ordinating activities and report findings.
  • Experienced in the development of strategy, policy, procedure and guidance and its implementation
  • Experience of developing and implementing an information governance framework policy and procedures within a large organisation.
  • Experience of managing projects.
  • Evidence of project performance monitoring


  • Statistical analysis knowledge /experience.



  • Able to travel between sites
  • Full Driving license with access to transport
  • Flexible approach to the working environment
  • Evidence of continued professional development.

Personal Qualities


  • Effective Leadership and negotiation skills at a board and senior level on matters which are very complex and detailed.
  • Able to foster and manage relationships with a range of different stakeholders
  • Manages the teams within the constraints of NHS strategic plan.

Skills and Knowledge


  • Highly developed problem solving with the ability to respond to sudden unexpected demands Ability to understand, analyse and present complex data and legislation to technical and non-technical person/s and situation and develop a range of options
  • Highly developed negotiation skills with senior stakeholders on difficult and controversial issues
  • Takes decisions on difficult and contentious issues where there maybe a number of cours
    Any attachments will be accessible after you click to apply.


Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert