Purpose of the post
Are you an expert in data protection law and practices?
Are you looking for an opportunity to take the lead as the Data Protection Officer of a of a UNIQUE, FAST MOVING, and DYNAMIC organisation?
The IMA has an exciting newly created role where you will be able to shape and lead on ensuring that all our data is protected, and that we comply with our duties under Data Protection law (including the Data Protection Act and GDPR Regulations).
We’re looking for you to lead on the implementation of how we manage potentially sensitive information, carry out internal security reviews, and act as the main point of contact between the IMA and data protection authorities, such as the Information Commissioner’s Office (ICO).
You will be used to working with colleagues to assess information risks and ensure that effective controls are in place. You will have experience of providing evidence based, objective and impartial advice to senior management on the level of organisational compliance with data protection law.
You will be experienced in developing and implementing processes for monitoring and managing compliance with corporate data protection policies, standards and procedures, and in building a strong culture of compliance with data protection principles.
If you have high level of experience in building and leading positive and effective working relationships, be a self-starter able to work without supervision, have strong verbal, written and presentational skills, and be able to work well under pressure and to tight deadlines, then this is the ideal role for you!
You’ll often be asked to work independently in this role, but also to communicate with all relevant stakeholders as you promote a culture of data protection compliance within the organisation.
You will have expert knowledge of data protection law and practices, including the UK General Data Protection Regulation, Data Protection Act and the Privacy and Electronic Communications Regulations, as well as the codes of practice, frameworks and guidance issued by the Information Commissioner’s Office (ICO). You will have experience of engaging with the ICO to support organisations in complying with data protection law. You will have a good understanding of the Caldicott principles and the role of the Caldicott Guardian.
Key Responsibilities
You will act as the IMA’s designated Data Protection Officer (DPO) as defined under the EU General Data Protection Regulations (GDPR) as follows:
-
Monitoring compliance with the Regulation and other applicable laws and regulations and with the relevant policies of the data controllers, this includes assignment of responsibilities, awareness and training, and relevant assurance.
-
Liaising with the Information Commissioner’s Office as required (Article 39) (1) (a) – (e).
-
Maintaining the IMA’s registration with the Information Commissioner’s Office.
-
Advising on data protection impact assessments (DPIA) and monitor their performance, including identifying trends in GDPR and information risk.
-
Informing and advising the data controllers and employees of their obligations under the Regulation and other applicable laws and regulations.
-
Lead on assessments of any data breaches and liaise with the ICO on any mandatory reporting.
The DPO will be the main point of contact for the Information Commissioner’s Office and for relevant individuals whose data is processed (e.g. employees and EU citizens).
The successful candidate will be an experienced Data Protection Officer who will:
-
Be accountable for compliance with the GDPR and data protection laws, including managing internal data protection activities and records management, compliance by the IMA suppliers, agents, and data processors with the IMA’s Data Protection policies and procedures.
-
Lead on the IMA’s information management and corporate knowledge strategy
-
Design, develop and oversee the implementation of overall Information Governance and Records Management across the IMA and report on this work to the IMA’s SIRO. Identify, create and facilitate process design changes by conducting business and systems process analysis, mapping and design at a complex level; focusing on quality improvement and data management.
-
Review information, trends and risks to ensure that the output of processes are achieving the desired results and that services are meeting agreed-upon service levels.
-
Pro-actively assess and manage GDPR related risks and review interdependency with other organisational risks.
-
Comprehensively understand, interpret, advise on and apply data protection law to inform business activity and decision making.
-
Lead on co-ordinating responses to Freedom of Information and Subject Access Requests in the legislation and statutory timescales.
-
Design and deliver GDPR best practice training to the IMA and its employees.
-
Provide effective support to the delivery of IMA Business Continuity plans.
-
Advise the Senior ICT Manager on Information Governance matters relating to IT specifications and requirements, including monitoring and reviewing the IMA’s Information Security and IT Security policies and processes and report on this work to the IMA’s SIRO
-
Act in a key leadership capacity across the IMA.
The duties/responsibilities listed above describe the post and are not intended to be exhaustive.
Essential Skills
The successful candidate will have a proven track record of the following:
-
Extensive knowledge of the requirements of UK Data Protection laws, Freedom of Information Act and Environmental Information Regulations.
-
Comprehensive knowledge of information governance standards and in particular knowledge in the following key areas of information governance:
-
Processing of Subject Access Requests
-
Information Security
-
Data Protection and Confidentiality
-
Corporate Information Assurance
-
Information Governance Management and Awareness
-
Information Governance training
-
Comprehensive knowledge of relevant national policies, Information Governance principles and processes relating to the security, integrity and confidentiality of public and staff information.
-
Knowledge of records management (ISO15489) and data security (ISO27001) best practice standards
-
Ability to tailor and communicate complex information to a variety of audiences
-
Confident communicator who can build effective stakeholder relationships
-
Ability to be independent and innovative
Qualifications
Qualified Data Protection Practitioner, including:
-
A degree or equivalent qualification/experience in relevant subject area.
-
Foundation or practitioner GDPR certification and/or the FOI Practitioner Certificate.
Desirable skills
-
Experience liaising with the Information Commissioner’s Office.
-
Experience of working in a complex matrix of inter-dependent partners.
-
Experience of working in an organisation which is ISO27701 accredited.
Behaviours
We'll assess you against these behaviours during the selection process:
-
Changing and Improving
-
Delivering at Pace
-
Communicating and Influencing
-
Seeing the Bigger Picture
-
Leadership
Pwrpas y swydd
Ydych chi'n arbenigo mewn cyfraith ac arferion gwarchod data?
Ydych chi'n chwilio am gyfle i gymryd yr awenau fel Swyddog Gwarchod Data sefydliad sy’n UNIGRYW, DEINAMIG ac SY'N DATBLYGU'N GYFLYM?
Mae gan yr Awdurdod Monitro Annibynnol (yr IMA) rôl gyffrous sydd newydd ei chreu lle byddwch yn gallu llunio'r holl ddata ac arwain ar sicrhau ei fod wedi ei warchod a'n bod yn cydymffurfio â'n dyletswyddau dan gyfraith Gwarchod Data (gan gynnwys y Ddeddf Gwarchod Data a Rheoliadau GDPR).
Byddwn yn disgwyl i chi arwain ar waith sut y byddwn yn ymdopi â gwybodaeth sydd, o bosib, yn sensitif, cynnal adolygiadau diogelwch mewnol a bod yn brif bwynt cyswllt rhwng yr IMA ac awdurdodau gwarchod data, megis Swyddfa’r Comisiynydd Gwybodaeth (ICO).
Byddwch wedi arfer gweithio gyda chydweithwyr i asesu risgiau gwybodaeth a sicrhau fod rheolaethau effeithiol ar waith. Bydd gennych brofiad o roi cyngor seiliedig ar dystiolaeth, gwrthrychol a di-duedd i uwch-reolwyr ar lefel cydymffurfiaeth sefydliadol â chyfraith gwarchod data.
Byddwch â phrofiad mewn datblygu a gweithredu prosesau ar gyfer monitro a rheoli cydymffurfiaeth â pholisïau, safonau a gweithdrefnau corfforaethol gwarchod data ac mewn creu diwylliant cryf o gydymffurfio ag egwyddorion gwarchod data.
Os oes gennych brofiad helaeth mewn creu ac arwain perthynas waith gadarnhaol ac effeithiol, o ysgogi'ch hun i weithio heb oruchwyliaeth, o fod â sgiliau llafar, ysgrifenedig a chyflwyniadol cryf ac yn gallu gweithio'n dda dan bwysau ac i amserlenni tynn, yna hon yw'r rôl ddelfrydol i chi!
Bydd gofyn i chi'n aml weithio'n annibynnol yn y rôl hon ond, hefyd, i gyfathrebu gyda'r holl randdeiliaid perthnasol wrth i chi hyrwyddo diwylliant o gydymffurfio â gwarchod data yn y sefydliad.
Bydd gennych wybodaeth arbenigol am gyfraith ac arferion gwarchod data, gan gynnwys Rheoliad Gwarchod Data Cyffredinol y Deyrnas Unedig, y Ddeddf Gwarchod Data a'r Rheoliadau Cyfathrebu Electroneg a Phreifatrwydd, yn ogystal â'r codau ymarfer, y fframweithiau a'r canllawiau a gyflwynwyd gan Swyddfa’r Comisiynydd Gwybodaeth (ICO). Bydd gennych brofiad o ymgysylltu â'r ICO i gynorthwyo sefydliadau i gydymffurfio â'r ddeddf gwarchod data. Bydd gennych ddealltwriaeth dda o egwyddorion Caldicott a rôl Gwarcheidwad Caldicott.
Cyfrifoldebau Allweddol
Byddwch yn gweithredu fel Swyddog Gwarchod Data dynodedig yr IMA fel y'i diffinnir dan Reoliadau Gwarchod Data Cyffredinol yr Undeb Ewropeaidd (GDPR) fel a ganlyn:
-
Monitro cydymffurfiaeth â'r Rheoliad ac â chyfreithiau a rheoliadau eraill ac â pholisïau perthnasol y rheolwyr data. Mae hyn yn cynnwys neilltuo cyfrifoldebau, ymwybyddiaeth a hyfforddiant a sicrwydd perthnasol.
-
Cysylltu â Swyddfa'r Comisiynydd Gwybodaeth yn ôl y gofyn (Erthygl 39) (1) (a) – (e).
-
Cynnal cofrestriad yr IMA gyda Swyddfa'r Comisiynydd Gwybodaeth.
-
Cynghori ar asesiadau effaith gwarchod data a monitro'u perfformiad, gan gynnwys adnabod tueddiadau mewn GDPR a risg gwybodaeth.
-
Hysbysu'r rheolwyr data a'r gweithwyr o'u hymrwymiadau dan y Rheoliad a chyfreithiau a rheoliadau perthnasol eraill a'u cynghori yn hyn o beth.
-
Arwain ar asesiadau o unrhyw dor diogelwch data a chysylltu â'r ICO ynghylch adrodd ar unrhyw beth mandadol.
Y Swyddog Gwarchod Data fydd y prif bwynt cyswllt ar gyfer Swyddfa'r Comisiynydd Gwybodaeth ac unigolion perthnasol y prosesir eu data (e.e. gweithwyr a dinasyddion yr Undeb Ewropeaidd).
Bydd yr ymgeisydd llwyddiannus yn Swyddog Gwarchod Data profiadol fydd yn:
-
Atebol am gydymffurfio â GDPR a chyfreithiau gwarchod data, gan gynnwys rheoli gweithgareddau gwarchod data mewnol a rheoli cofnodion a sicrhau bod cyflenwyr yr IMA, asiantau a phrosesyddion data yn cydymffurfio â pholisïau a gweithdrefnau Gwarchod Data'r IMA.
-
Arwain ar strategaeth rheoli gwybodaeth a gwybodaeth gorfforaethol yr IMA
-
Dylunio, datblygu a goruchwylio gwaith cyffredinol Rheoli Cofnodion a Llywodraethu Gwybodaeth ar draws yr IMA ac adrodd ar y gwaith hwn i Uwch-berchennog Risg Gwybodaeth yr IMA.
-
Adnabod, creu a hwyluso newidiadau dylunio prosesau trwy gynnal gwaith dadansoddi prosesau systemau a busnes, mapio a dylunio ar lefel gymhleth, canolbwyntio ar wella ansawdd a rheoli data.
-
Adolygu gwybodaeth, tueddiadau a risgiau i sicrhau fod canlyniadau prosesau'n ganlyniadau a ddeisyfir a bod gwasanaethau yn cwrdd â lefelau gwasanaethau y cytunwyd arnynt.
-
Asesu a rheoli'n broactif risgiau sy'n gysylltiedig â GDPR ac adolygu rhyngddibyniaeth â risgiau sefydliadol eraill.
-
Deall a dehongli cyfraith gwarchod data yn gynhwysfawr, cynghori arni a'i chymhwyso i lywio gweithgaredd busnes a gwneud penderfyniadau.
-
Arwain ar ymatebion cydlynol i Ryddid Gwybodaeth a Cheisiadau Gwrthrych am Wybodaeth yn y ddeddfwriaeth a'r amserlenni statudol.
-
Dylunio a darparu hyfforddiant arfer gorau GDPR i'r IMA a'i weithwyr.
-
Rhoi cefnogaeth effeithiol i gyflawni cynlluniau Parhad Busnes yr IMA.
-
Cynghori'r Uwch-reolwr TGCh ar faterion Llywodraethu Gwybodaeth sy'n ymwneud â manylebau a gofynion TG, gan gynnwys monitro ac adolygu Diogelwch Gwybodaeth a pholisïau a phrosesau Diogelwch TG yr IMA ac adrodd ar y gwaith hwn i Uwch-swyddog Risg Gwybodaeth yr IMA
-
Gweithredu fel arweinydd allweddol ar draws yr IMA.
Mae'r dyletswyddau/cyfrifoldebau uchod yn disgrifio'r swydd fel y mae ar hyn o bryd ac ni fwriedir iddynt fod yn gynhwysfawr.
Sgiliau Hanfodol
Bydd gan yr ymgeisydd hanes profedig o'r isod:
-
Gwybodaeth eang o ofynion cyfreithiau Gwarchod Data y Deyrnas Unedig, y Ddeddf Rhyddid Gwybodaeth a'r Rheoliadau Gwybodaeth Amgylcheddol.
-
Gwybodaeth gynhwysfawr am safonau llywodraethu gwybodaeth ac yn enwedig gwybodaeth yn y meysydd allweddol a ganlyn o lywodraethu gwybodaeth:
-
Prosesu Ceisiadau Gwrthrych am Wybodaeth
-
Diogelwch Gwybodaeth
-
Cyfrinachedd a Gwarchod Data
-
Sicrwydd Gwybodaeth Corfforaethol
-
Rheolaeth o Lywodraethu Gwybodaeth ac Ymwybyddiaeth Ohoni
-
Hyfforddiant Llywodraethu Gwybodaeth
-
Gwybodaeth gynhwysfawr am bolisïau cenedlaethol perthnasol, egwyddorion a phrosesau Llywodraethu Gwybodaeth sy'n gysylltiedig â diogelwch, cywirdeb a chyfrinachedd gwybodaeth gyhoeddus ac am staff.
-
Gwybodaeth am reoli cofnodiadau (ISO15489) a safonau arfer gorau diogelwch data (ISO27001)
-
Gallu i deilwra a chyfathrebu gwybodaeth gymhleth i amrywiaeth o gynulleidfaoedd
-
Cyfathrebwr hyderus sy'n gallu creu perthynas effeithiol â rhanddeiliaid
-
Gallu i fod yn annibynnol ac arloesol
Cymwysterau
Ymarferwr Gwarchod Data Cymwysedig, yn cynnwys:
-
Gradd neu gymhwyster/profiad cyfatebol mewn maes pwnc perthnasol
-
Ardystiad GDPR sylfaenol neu ymarferwr a/neu'r Dystysgrif Ymarferwr Rhyddid Gwybodaeth.
Sgiliau Dymunol
-
Profiad o gysylltu â Swyddfa'r Comisiynydd Gwybodaeth.
-
Profiad o weithio mewn matrics cymhleth o bartneriaid rhyngddibynnol.
-
Profiad o weithio mewn sefydliad sy'n ISO27701 achrededig.
Ymddygiadau
Byddwn yn eich asesu yn erbyn yr ymddygiadau hyn yn ystod y broses ddethol:
-
Newid a Gwella
-
Cyflawni'n Ddi-oed
-
Cyfathrebu a Dylanwadu
-
Gweld y Darlun Ehangach
-
Arweinyddiaeth