Head of IG & Data Protection Officer | Guy's and St Thomas' NHS Foundation Trust
| Posting date: | 18 June 2025 |
|---|---|
| Salary: | Not specified |
| Additional salary information: | £82,462 - £93,773 per annum inc HCA |
| Hours: | Full time |
| Closing date: | 20 July 2025 |
| Location: | London, SE1 7EH |
| Company: | Guys and St Thomas NHS Foundation Trust |
| Job type: | Permanent |
| Job reference: | 7288434/196-SMT1732 |
Summary
This is an exciting opportunity to play a significant role in the senior leadership and operational management of Information Governance and medical records services across two of the largest NHS Foundation Trusts in London.
Guy's & St Thomas', with over 23,000 dedicated staff, operates from 5 main hospitals - Guy's Hospital, St Thomas' Hospital, Evelina London Children's Hospital, Royal Brompton Hospital and Harefield Hospital, and in the community.
King’s College Hospital NHS Foundation Trust, employing over 15,000 staff, is also one of the biggest and busiest Trusts in the country, primarily serving the London Boroughs of Southwark, Lambeth and Bromley, with a population of over 1 million people, and acting as a referral centre for millions more. Our specialist services are also available to patients from a wider area, and we provide nationally and internationally recognised treatment.
This role will provide senior leadership and advice on Information Governance and data protection matters for all Trust services, programmes and projects. The successful applicant will ensure expert advice and support to policy development, to create and maintain high level awareness, profile and understanding of the strategic and practical importance of data protection and IG, and to ensure that the highest level of subject matter expertise and support is provided to the Trusts in order to meet their statutory and mandatory obligations.
The job holder is required to provide independent advice and assurance to the KCH and GSTT Boards on all matters relating to data protection & IG, patient records and underpinning legislation, ensuring executive and non-executive awareness of responsibilities and maintaining compliance with mandatory training / skills requirements.
Main duties include:
• Ensuring effective delivery of the annual IG service and business plan, the budget for pay and non-pay expenditure and the underpinning operational plan
• Ensuring that GSTT/KCH and data subjects are informed about their data protection rights, obligations and responsibilities
• Ensuring the review and amendment of records of processing to ensure legal compliance
• Overseeing complaints concerning information rights and data protection, as raised by the ICO, GSTT/KCH or other person(s)
• Acting as principal liaison between the Trusts and the ICO regarding investigations, complaint handling and inspections
• Advising on applicable data protection rules/regulations and laws
• Responsibility for IG staff performance and development
Financial and staff management responsibility, including:
• Annual business plan and budget for IG and patient records services, with a current operating budget of £7m pa as at 2023/24 staffing levels
• Leading the Trusts’ Information Governance teams, setting strategy and monitoring performance
• Monitoring compliance within the directorate with Trust-wide staff management policies and procedures
The successful applicant will work with an enthusiastic and dedicated team to provide strategic leadership within the Trusts to deliver an effective, integrated, responsive and flexible IG service. The post holder will support the Joint Director of Information Governance & Management in developing a strategic IG service model by contributing to service design, taking responsibility for areas of service improvement and developing a shared vision for the service.
In performing the tasks set out by law, the DPO must have significant and demonstrable experience. in particular:
• • Experience leading a privacy-by-design approach, strategically implementing and utilising Data Protection Risk Assessments (DPIAs)
• Experience operating within a risk-first environment, understanding and utilising risks to drive change and innovation.
• Data Protection Officer (or deputy) level experience within UK Healthcare.
See attached job description for details of main responsibilities.
Key relationships of the job holder will span both KCH and GSTT NHS Foundation Trusts, and include the following:
Internal
• Chief Executives
• Senior Information Risk Owner / Chief Digital Information Officer
• Senior Information Management / IG and Health Records Managers
• Caldicott Guardians & Trust Legal / General Counsel
• Clinical Directors and Managers
• Directors of Quality & Assurance
• Heads of Information Security & Major Programmes
• Business, Finance and Project Managers
External
• Information Commissioner’s Office
• NHS England / Transformation
• National Coordinating Centre (CRNCC) | NIHR
Kings College and AI Centre
• DPOs across major programmes and research projects
• Police, Solicitors and Courts
Health Innovation Network
This advert closes on Sunday 6 Jul 2025