Information Governance & GDPR Lead
| Posting date: | 16 April 2026 |
|---|---|
| Salary: | £40,000.00 to £50,000.00 per year |
| Additional salary information: | £40000.00 - £50000.00 a year |
| Hours: | Full time |
| Closing date: | 01 May 2026 |
| Location: | Sutton Coldfield, B74 2UE |
| Company: | NHS Jobs |
| Job type: | Permanent |
| Job reference: | A3813-26-0001 |
Summary
Manage internal staff Subject Access Requests (SARs): scope, ID checks, searches, redaction, exemptions, responses, and logging. Coordinate incident/breach identification, triage and internal reporting; prepare materials for potential ICO notification via the DPO within statutory timescales. Design and deliver GDPR/IG training and targeted refreshers; run internal audits/spot checks and address findings. Conduct planned and ad-hoc information governance audits. Including site visits to assess compliance with GDPR and organisational policies, as part of internal assurance and continuous improvement Produce reports to the Board & SMT on risks, incidents, SAR metrics, DPIAs and DSPT status Liaise with the ICB DPO for independent advice and escalate complex issues as needed Communicates clearly and professionally with all staff, explaining GDPR and IG requirements in a practical, accessible way. Builds effective working relationships with clinical, admin and management teams, supporting them to meet data protection responsibilities. Works constructively with the ICB appointed DPO, seeking advice and escalating issues where required, in line with NHS and ICO expectations for accountability and independence. Handles sensitive matters (e.g., internal SARs, access concerns, incidents) with discretion, fairness and confidentiality. Provides training and guidance that supports a positive, open culture around information governance. Completes SARs, incident assessments, DPIAs and DSP Toolkit tasks accurately and within required timescales, as expected under NHS England policy and ICO guidance. Ensures consistent application of IG policies and standards. Demonstrates good judgment, proportionality and risk awareness when advising staff or escalating to the ICB DPO. Delivers training, audits and actions that support ongoing compliance and continuous improvement