Skip to main content

This job has expired

Data Security and Protection Advisor

Kettering General Hospital NHS Foundation Trust
£28,407 to £34,581 per annum
Closing date
4 Jun 2024

View more

Other Health Profession
Band 5
Contract Type
Full Time

Job Details

Full Time, Permanent, hybrid of office and home based working, although the member of staff would be expected to be in the office at least 2 days per week.

Northampton and Kettering General Hospitals are currently seeking a Band 5 Data Security and Protection Advisor to join our Data, Security and Protection Team. The team is key to ensuring that the Trust is able to meet its legal obligations relating to personal data.

You will be outgoing and proactive with a passion for all things data security! You will have experience of developing and delivering training to a wide range of colleagues and will be able to quickly develop relationships with colleagues across the Trust.

You will be driven by 'being helpful' - providing the best possible service at all times. You will be able to manage conflicting demands and work with minimal supervision.

You will have a sound knowledge of the UK General Data Protection Regulation and the Data Protection Act 2018 and will be able to translate this into meaningful guidance for colleagues. Experience of processing subject access requests and freedom of information act requests would be advantageous but not essential.

Previous NHS experience including knowledge of the Data Security Protection Toolkit is not essential but would be welcomed.

You will be joining a supportive and dedicated team with the opportunity to grow and develop your knowledge and skills.

Main duties of the job

The primary role of the Data Security and Protection Advisor is to support the DSP Team Leader with the overall delivery of the Data, Security & Protection (DSP) strategy and work programme, ensuring that the Group is compliant with all legislation and codes of conduct relevant to Information Governance and Data Security and Protection, including the UK General Data Protection Regulation and the Data Protection Act 2018.

Provide advice and guidance and act as the first point of contact for responding to and dealing with routine Data Security and Protection (DSP) related enquiries.

Work with the DSP Team Leader to ensure the Group is compliant with the UK GDPR and Data Protection Act 2018 and assist in the recognition, reporting and mitigation of any areas of risk.

Deliver Data Security and Protection training via various methods including classroom-based, small groups and virtually via MS Teams.

Manage Data Security and Protection breaches and incidents via the Trust's Incident Management system Datix.

Maintain the Information Sharing Gateway to ensure it is up to date, and accurately records Information Sharing Agreements, Group Assets, Data Protection Impact Assessments and third parties assurance.

About us

Kettering General Hospital NHS Foundation Trust is one of the largest employers in the area and we are on an exciting journey. Our mission is to provide safe, compassionate, and clinically excellent patient care, by being an outstanding employer for our people. We have entered into a Group Model with neighbouring Northampton General Hospital and have become University Hospitals of Northamptonshire. Our Excellence Values: Compassion Respect Integrity Courageous Accountable

Kettering General Hospital is a defence positive trust, supporting veterans, reservists, spouses and their partners, and cadet armed forces volunteers, utilising their unique skills and experiences within the hospital workforce. We provide exceptional support to our employees who serve as reservists, ensuring they can balance their civilian and military responsibilities effectively.

Job description

Job responsibilities

Data Security and Protection (DSP) Advisor
  • Provide specialist advice and assistance to staff where required on areas of complex information governance legislation, such as UK GDPR, Data Protection Act 2018 and the NHS Code of Practice on Confidentiality
  • To work closely with department colleagues, support services, clinical services, operational and strategic Data Security and Protection leads and internal and external DSP colleagues to promote excellent Information Governance, Data Security and Data Protection practice, by advising and supporting them in their understanding and delivery of these requirements.
  • To be aware of Data Security and Protection incidents and where appropriate support in the investigation process, ensuring relevant actions are taken and lessons learnt to prevent reoccurrence
  • Provide support for a programme of Data Security and Protection related work managed by the Head of DSP and locally directed by the DSP Manager and Team Leader
  • Log Serious Information Governance incidents on Data Security and Protection Toolkit incident reporting tool and the CCG STEIS tool as appropriate
  • Review and report key indicators to provide information for Data Governance Group (DGG) and Information Governance Group (IGG), including data statistics and analysis of incidents.
  • Conduct Data Security and Protection user satisfaction surveys in line with Data Security and Protection Toolkit requirements.
  • Deputise for the DSP Team Leader, attending relevant meetings when necessary.
  • Provide support to other areas of the Data Security and Protection Team as directed by the Head of Data Security and Protection.
  • Be the first line of response for data security and protection queries providing support, advice and guidance to key areas of the Trust including Research and Innovation, Complaints, Governance and IT.
  • Develop and maintain standard operating procedures for all routine tasks carried out within the role.
  • Support the development, review and roll-out of appropriate DSP related policies and procedures.
  • Manage DSP records, both paper and electronic, updating reports, maintaining action plans, policies and procedures etc.
  • Take a proactive role in the collation of the evidence required for the annual Data Security and Protection Toolkit submission and participate in improvement plans.
  • Maintain a register of Information Governance related incidents and produce regular reports from Datix, liaising with all departments and Risk Management as appropriate, leading on incident investigations where appropriate.
  • Maintain the Trusts Information Asset Register and undertake reviews in coordination with Information Asset Owners and Information Asset Administrators.
  • Supporting internal colleagues with the completion of Data Protection Impact Assessments, including highlighting data protection and security risks.
  • Update and maintain the Trusts Privacy Notice to ensure compliance with UK GDPR standards and internal policies.
  • Understand and monitor compliance with relevant legislation, particularly the common law duty of confidentiality, the Data Protection Act 2018, the General Data Protection Regulation, the Computer Misuse Act 1990, the Human Rights Act 1998
  • Manage Information Sharing Agreements and flows via the Information Sharing Gateway, working with internal and external stakeholders to make sure these are appropriately documented.
  • Liaise with relevant internal and external stakeholders to ensure Information Sharing Agreements are completed and reviewed in line with GDPR.
  • Establish good working relationships with key staff in all departments across the Trust.
  • Implement policies and propose changes to Group DSP policies as appropriate, conducting monitoring compliance with those policies and protocols
  • conduct data protection impact assessments (DPIA) where necessary and ensure the Group adheres to the data privacy by design and default as set out in Article 25 GDPR
  • complete DPIAs to relevant team members and ensure cross partnership working with relevant project and transformation leads
  • Assist the DSP Team Leader in the collation of relevant reports and information for compliance reporting, inspections and internal assurance
  • Assist with the Data Governance Group and Information Governance Group meetings, ensuring relevant reports, minutes actions and decisions are recorded
  • Escalate incidents to the Team Leader immediate when they may meet the criteria for a Serious Incident / reportable to the ICO
  • Provide IG input, advice, guidance for R& D programmes
  • Deputise for the DSP Team Leader when required
  • work with the complaints team and directly with members of the public to communicate appropriately regarding any DSP grievances and queries
  • to maintain their specialist knowledge in Data Protection Law and UK GDPR
  • update the Internet and Intranet pages for DSP as appropriate, ensuring it is up to date with pertinent advice and guidance, including applicable FAQs and relevant legislation

Training & Audit
  • To be responsible for the Data Security and Protection training programme, including planning and liaison with the Learning and Development Team for the regular delivery of DSP training sessions
  • To monitor Data Security and Protection training compliance and to take all reasonable action to ensure that compliance levels are maintained at above 90% at all times and take all possible steps to ensure 95% compliance is achieved annually for the DSP Toolkit assertion.
  • To ensure that this specialist knowledge is kept up to date and changes in legislation or national and local policy are communicated effectively to staff at all levels within the organisation
  • To input into and to support the Data Security and Protection communication strategy.
  • To undertake Data Security and Protection spot check audits in clinical and non-clinical areas, to report findings and work with relevant teams to develop and monitor action plans for improvement.
  • To review the Information Asset Register against the Information Sharing Gateway to identify assets and data flows which have not been documented.
  • Ensure that learning from Data Security and Protection incidents is incorporated into DSP training and awareness.
  • Training colleagues on the use of the Information Sharing Gateway and Information Asset Register.
  • Training colleagues on the practice of completing Data Protection Impact Assessments.
  • Developing training and awareness materials and guidelines.

Person Specification

Educations, Training and Qualifications


  • Educated to degree level or equivalent level of education, training or experience
  • Professional relevant qualification, for example GPDR Foundation


  • Formal Data Protection Act Training

Knowledge and Experience


  • Working knowledge of Data Protection Act 2018, UK GDPR
  • Knowledge of the information governance roles within the Trust (e.g. Senior Information Risk Owner, Caldicott Guardian and Information Asset Owner).
  • Experience of supporting the completion of Data Protection Impact Assessments and identifying information risks.


  • Experience of working in the NHS.
  • Analytical and judgement skills for problem solving.



  • Excellent written and verbal communication skills.
  • Developed attention to detail and accuracy.
  • Excellent IT skills, including experience of Microsoft Word, Excel, PowerPoint, Outlook and Visio.
  • Organisational skills and the ability to work methodically and prioritise.


  • Ability to interpret and judge conflicting views.
  • Advanced Excel skills, including data presentation.

Key Competencies/Personal Qualities and Attributes


  • Self-motivated and tenacious
  • Ability to use own initiative to prioritise and problem solve.
  • Courteous, tactful and efficient telephone manner.


  • Able to deal with difficult situations with tact and sensitivity.

Employer details

Employer name

Kettering General Hospital NHS Foundation Trust


Cytringham House

Robinson Way


NN16 8PT

Any attachments will be accessible after you click to apply.



Get job alerts

Create a job alert and receive personalised job recommendations straight to your inbox.

Create alert