Information Governance Manager / Data Protection Officer
| Posting date: | 20 March 2026 |
|---|---|
| Salary: | £61,631.00 to £68,623.00 per year |
| Additional salary information: | £61631.00 - £68623.00 a year |
| Hours: | Full time |
| Closing date: | 05 April 2026 |
| Location: | Surbiton, KT6 7QU |
| Company: | NHS Jobs |
| Job type: | Permanent |
| Job reference: | C9294-26-0113 |
Summary
Act as source of expertise on Information Governance Issues to the Trust providing specialist advice and assistance to staff where required on areas of complex information governance legislation, such as the UK GDPR / Data Protection Act 2018 and the Confidentiality: NHS Code of Practice; ensure that this specialist knowledge is kept up to date and changes in legislation or national and local policy are communicated effectively to staff at all levels within the organisation Support the Trusts Data Protection Information Governance Group (DPIGG) and the Trusts Caldicott Guardian in the implementation of Information Governance policies and procedures, in particular, the recording, storage and exchange of person-identifiable information. Lead maintenance of the Trusts Data Security Protection (DSP) Toolkit work programme, co-ordinating with and supporting key staff in meeting requirements and expectations of this governance framework; ensure compliance to deadline of the annual DSP Toolkit online assessment Implement policies and procedures for the secure and efficient management of clinical records as required by the Data Protection Act 2018 and Caldicott Report recommendations. Assist in the development and delivery of the information Governance Improvement/Action plan and audit of the DSP Toolkit submission to confirm score compliance; service and support the Trusts Data Protection Information Governance Group and other related meetings as appropriate both internal and external to the Trust. Act as expert in regard to IG incidents leading the assessment, action planning and final signoff of information governance incidents. Act as Trust nominated Information Security and Privacy Officer undertaking regular monitoring of system usage and compliance, development of security policies, controls and procedures in liaison with appropriate managers and ensuring appropriate documentation and guidance exists for members of staff. Proactively work with operational managers, the Senior Information Risk Owner (SIRO), Information Asset Owners (IAOs), Information Asset Administrators (IAAs) and other stakeholders to ensure the information risk management structure processes meet the business and data security requirements of the organisation. Be responsible for the administration of access to medical records, liaising between applicants and health professionals, ensuring that time limits and patients rights are adhered to; responsible for ensuring that there are documented requirements for access controls for all key information assets identified in the organisations asset register. Lead the Information Governance training programme, including planning and liaison with the Trusts learning & Development department for the regular delivery of IG training sessions, both online and face to face as required; review content of training material. Give face to face IG training to new starters as part of the Welcome Day / Induction programme. Ensure secure processing of personal and otherwise confidential data by proactively monitoring activity, such as secure email, access request disclosure, physical checks of workstations. Ensure that there are suitable mechanisms for access to and disclosure of records as per the Data Protection Act and other legal routes of access to data. Be responsible for corresponding with external organisations and authorities regarding third party requests for mental health & social care records. Ensure that the Trust has an accurate, complete and maintained Data Protection Registration, including annual renewal of the associated Information Commissioners Office (ICO) fee. Ensure Information Governance documentation on the Trusts website and intranet (InSite) are accurate and kept up to date, including the Privacy Notices. As Data Protection Officer (DPO) monitor internal compliance with the UK GDPR / Data Protection Act 2018, inform and advise on the Trusts data protection obligations, provide advice regarding and sign off Data Protection Imapct Assessments (DPISs), and act as a contact point for data subjects and the Information Commissioners Office (ICO).