Data Protection Officer

HealthNet Homecare are specialists in delivering homecare services for patients, from medical deliveries to nursing support for patients in their own homes.

Working with over 180,000 patients across numerous different therapy areas, our dedicated team offer support to patients with rare and orphan diseases right through to more common conditions. Our aim is to make patients' lives easier by taking the stress out of managing their medication and ensuring they are confident they are in safe hands with HealthNet.

We are looking for a Head of Information Governance to join our busy Digital team!

If you are a passionate and caring individual, seeking a role with a mission statement you can truly get behind, where you can help to make a difference to patients' everyday lives, then this is the opportunity for you!

MainResponsibilities

The role of the Head of Information Governance (IG) is to be responsible for strategic and operational management of Information Governance and Data Protection activities at HealthNet, and lead in the development, interpretation and companywide implementation and monitoring of Information Governance Frameworks, in support of the achievement of the Organisation's Strategic and Corporate Objectives. This role will be a member of the Digital Management Team.

• Act as the Data Protection Officer for HealthNet
• Monitor companywide compliance with UK General Data Protection Regulations and other local data protection laws, HealthNet data protection policies, awareness-raising, training, and audits.
• Initiate actions to address areas of non-compliance, reporting on progress and risks to the Board in recognition of their accountability for data protection obligations
• Develop and implement processes to resolve and improve compliance issues across the Company, offering a range of options which are suitable both for service provision and for legislative compliance.
• Be the recognised authority on all Information Governance (IG) matters within the company and as such provide an organisational wide advisory and guidance service on highly complex information legislation matters where there can be differing interpretations.
• Have due regard to the risk associated with processing operations, and take into account the nature, scope, context, and purposes of processing by HealthNet.
• Assess the impact of changes to national IG requirements and initiatives and to the NHS England Data Security and Protection Toolkit, advising the Company of such changes, making recommendations and ensuring actions plans are prepared, agreed and implemented in order for the company to maintain all regulatory compliance, NHS and national IG requirements.
• Act as the Contact Point for the Information Commissioner's Office (ICO) on Data Protection matters, including during prior consultations under Article 36(4) of the GDPR.
• Oversee the process for handling data subject requests, including requests for access, rectification, erasure, and objection. Ensure timely and accurate responses to data subject requests, maintaining documentation of all requests and actions taken.
• Establish and manage an incident response process to promptly identify, assess, and report any data breaches or privacy incidents. Coordinate the response efforts, including notification to affected individuals, regulatory authorities, and other relevant stakeholders as required.
• Maintain and review HealthNet's Privacy Notices
• Review and advise on Data Protection Impact Assessments (DPIAs) wherever required to support company data processing activity, new initiatives, and changes. Monitor all business process requiring a DPIA. Collaborate with relevant stakeholders to ensure data protection requirements are incorporated from the design phase.
• Ensure appropriate Data Sharing Agreements are in place and maintained for all HealthNet business partners, clients and customers as needed
• Review and advise on client and other business contracts in relation to Data Processing, Data Retention, and Information Governance clauses
• Ensure understanding across the business and compliance with the company's Information Governance and Data Protection Policy at all times.
• Provide specialist advice on all IG and Data Protection matters to Board, Senior Management, and other relevant groups across the business.
• Communicate and educate staff members on their responsibilities and obligations regarding data protection
• Be easily accessible as a point of contact for all employees, individuals and the ICO
• Manage and co-ordinate completion of the annual company Information Governance self-assessment with Company lead, using the NHS Digital Data Security and Protection Toolkit
• Ensure constant improvement in competence and standards through personal development.
• Support the HealthNet Caldicott Guardian in fulfilling their role

What experience and skills are we looking for?

Essential

• Expert knowledge of information governance in a range of corporate disciplines, including business, strategy, healthcare, clinical and operational service delivery
• Significant knowledge and experience of the practical application of the fundamental principles of risk management and information governance
• Significant experience identifying, collecting, and analysing, comparing, and interpreting highly complex data from numerous different sources to produce information risk intelligence reports

Qualifications?

• Educated to degree level (essential)