Head of Information Governance & Data Protection | North Tees and Hartlepool NHS Foundation Trust
| Dyddiad hysbysebu: | 16 Mawrth 2026 |
|---|---|
| Cyflog: | Heb ei nodi |
| Gwybodaeth ychwanegol am y cyflog: | £64,455 - £74,896 £64,455 - £74,896 pro rata per annum |
| Oriau: | Llawn Amser |
| Dyddiad cau: | 15 Ebrill 2026 |
| Lleoliad: | Stockton on Tees, TS19 8PE |
| Cwmni: | North Tees & Hartlepool NHS Foundation Trust |
| Math o swydd: | Parhaol |
| Cyfeirnod swydd: | 7791444/345-COR7791444 |
Crynodeb
This is a senior position reporting to the Deputy CIO and accountable to the SIRO. The Head of Information Governance and Data Protection Officer (DPO) provides strategic leadership for the organisations Information Governance (IG) framework, ensuring compliance with statutory and regulatory requirements across data protection, confidentiality, records management, information rights (including FOI and SAR) and information security.
The post holder acts as the Groups statutory DPO under the UK GDPR and the Data Protection Act 2018, offering independent oversight of compliance, advising on high-risk processing and DPIAs, and serving as the primary contact for the Information Commissioner’s Office (ICO) and data subjects.
The role leads the IG function, develops and maintains policies, oversees the DSP Toolkit, coordinates training and awareness, and ensures effective incident management and risk assurance to the SIRO, Caldicott Guardian and Trust Board.
Key Relationships:
Works closely with the Chief Information Officer, Deputy Chief Information Officer, Caldicott Guardian, Senior Information Risk Owner, Executive Directors, CSU leads and Information Asset Owners to ensure data protection and confidentiality are embedded across the organisation, while also supporting clinical and operational teams with policy implementation.
Work closely with the management teams and boards of the Groups Limited Liability Partnerships (LLP’s) in the role of DPO.
Collaborates with clinical staff, corporate staff, digital / cyber teams, and information governance colleagues both within the Groups and regionally and nationally including NHS England.
Data Protection Officer,appointed under Article 37 of UK GDPR,operates independently but liaises with the Chief Executive, SIRO, and Information Governance leads to advice on legal compliance, data breaches, and privacy risks, while maintaining a direct line to the Information Commissioner’s Office for regulatory matters.
South Tees Hospitals NHS Foundation Trust and North Tees and Hartlepool NHS Foundation Trust now form University Hospitals Tees and as such you may be required to work at any site across both Trusts.
At North Tees & Hartlepool NHS Foundation Trust, we want our organisation to be the best place to work with the right staff, in the right roles, at the right time, to ensure we deliver exceptional patient care and experience.
We will support staff through providing an inclusive and supportive workplace with health and well-being initiatives, staff benefits and opportunities for personal and professional development.
We support the 'Making Every Contact Count'approach to behaviour change in the promotion of health and wellbeing of individuals and communities.
Developing and maintaining policies, ensuring compliance with data protection laws, managing information risks, leading staff training, and overseeing audits and incident investigations
Monitors compliance with data protection legislation, advises on privacy matters, manages data breaches, FOI and subject access requests, liaises with the Information Commissioner’s Office, and promotes staff awareness and training
Prepare regular reports to the SIRO and Group Boards and Groups to report on Information Governance, data protection and FOIA compliance and assurance
Leads IG strategy, policy, and compliance across the Trust.
Advises senior leaders on data protection, confidentiality, and security.
Manages IG audits, training, and incident investigations.
Oversees secure storage and access to records.
Ensures compliance with legal and clinical documentation standards.
Independently monitors GDPR compliance and advises on data risks.
Manages data breaches, FOI, subject access requests, and DPIAs.
Act as Asset Owner (IAO) for Information Governance departments
Reports to senior leadership and liaises with the ICO when needed.
Liaise with partner organisations, suppliers and researchers to establish compliant data flows and agreements (e.g., DSAs, IGAs, DTAs).
This is a non-clinical role with no direct contact with patients.
Delivery of the Group values and behaviors when communicating or dealing with members of the public.
Support patients, members of the public and staff regarding their right to information under the Data Protection Act 2018, General Data Protection Regulation (GDPR), FOI Act 2000 and the Environmental Information Regulations 2004.
This advert closes on Monday 30 Mar 2026