Data Security Protection Specialist

Job summary We are seeking a skilled and experienced Data Security and Protection and DPIA (Data Protection Impact Assessment) Specialist to join our team for the implementation of multiple clinical systems and upgrades to current solutions.
The DSP Specialist will be responsible for conducting and overseeing the DPIA process to ensure compliance with data protection regulations and safeguarding patient information throughout the system lifecycles.
This role requires excellent knowledge of data protection laws, strong analytical skills, and the ability to work collaboratively with cross-functional teams.
Travel to the hospital site may be required.
Main duties of the job Conduct DPIAs: Lead the process of conducting Data Protection Impact Assessments for the EPR implementation project, ensuring that all necessary steps and considerations are taken into account.
Compliance: Ensure that the EPR implementation project adheres to relevant data protection laws, regulations, and best practices, such as Management of Records Code of Practice, UK General Data Protection Regulations (GDPR) and DPA 2018.
Risk Assessment: Identify and assess potential risks and impacts on patient data privacy and security throughout the EPR implementation, including data access, storage, transmission, and retention.
Mitigation Strategies: Develop and recommend appropriate mitigation strategies to address identified risks, including technical, organizational, and procedural measures.
Collaboration: Collaborate with project teams, IT professionals, suppliers, CCIO, CSO, legal experts, and other stakeholders to ensure that privacy and security requirements are integrated into the EPR implementation process.
Documentation: Prepare and maintain documentation related to DPIA processes, including reports, findings, and recommendations using the Trusts DPIA System - the Information Sharing Gateway.
Training and Awareness: Provide training and guidance to project teams and staff members regarding data protection principles, DPIA requirements, and best practices for handling patient information.
About us Kettering General Hospital NHS Foundation Trust is one of the largest employers in the area and we are on an exciting journey.
Our mission is to provide safe, compassionate, and clinically excellent patient care, by being an outstanding employer for our people.
We have entered into a Group Model with neighbouring Northampton General Hospital and have become University Hospitals of Northamptonshire.
Our Excellence Values: Compassion Respect Integrity Courageous Accountable Kettering General Hospital is a defence positive trust, supporting veterans, reservists, spouses & their families, and cadet armed forces volunteers, utilising their unique skills and experiences within the hospital workforce.
We provide exceptional support to our employees who serve as reservists, ensuring they can balance their civilian and military responsibilities effectively.
Please submit your application as soon as possible as we reserve the right to close any adverts before the closing date once we have received sufficient applications.
Job description Job responsibilities Data Security and Protection (DSP) Provide specialist advice and assistance to staff where required on areas of complex information governance legislation, such as UK GDPR, Data Protection Act 2018 and the NHS Code of Practice on Confidentiality with specific attention to the EPR implementation and roll out.
To work closely with department colleagues, support services, clinical services, operational and strategic Data Security and Protection leads and internal and external DSP colleagues to promote excellent Information Governance, Data Security and Data Protection practice, by advising and supporting them in their understanding and delivery of these requirements.
To be aware of Data Security and Protection incidents and where appropriate support in the investigation process, ensuring relevant actions are taken and lessons learnt to prevent reoccurrence Provide support for a programme of Data Security and Protection related work managed by the Head of DSP and locally directed by the DSP Manager and Team Leader Review and report key indicators to provide information for the Digital, Clinical and Operational Delivery Group and the Data Security and Protection Group, including DSP statistics, progress of projects and analysis of incidents.
Deputise for the Head of DSP, attending relevant meetings when necessary.
Provide support to other areas of the Data Security and Protection Team as directed by the Head of Data Security and Protection.
Develop and maintain standard operating procedures for all routine tasks carried out within the role.
Support the development, review and roll-out of appropriate DSP related policies and procedures, making recommendations and proposals for updates and new and existing policies with specific attention to system implementations and roll out.
Manage DSP records, both paper and electronic, updating reports, maintaining action plans, policies and procedures etc.
Maintain the Trusts Information Asset Register and undertake reviews in coordination with Information Asset Owners and Information Asset Administrators.
Supporting internal colleagues with the completion of Data Protection Impact Assessments, including highlighting data protection and security risks.
Update and maintain the Trusts Privacy Notice to ensure compliance with UK GDPR standards and internal policies with specific attention to system implementations, major upgrades and roll out.
Understand and monitor compliance with relevant legislation, particularly the common law duty of confidentiality, the Data Protection Act 2018, the General Data Protection Regulation, the Computer Misuse Act 1990, the Human Rights Act 1998; with specific attention to the system implementations and roll out.
Manage Information Sharing Agreements and flows via the Information Sharing Gateway, working with internal and external stakeholders to make sure these are appropriately documented.
Liaise with relevant internal and external stakeholders to ensure Information Sharing Agreements are completed and reviewed in line with GDPR.
Establish good working relationships with key staff in all departments across the Trust.
Implement policies and propose changes to Group DSP policies as appropriate, conducting monitoring compliance with those policies and protocols Conduct data protection impact assessments (DPIA) where necessary and ensure the Group adheres to the data privacy by design and default as set out in Article 25 GDPR Complete DPIAs to relevant team members and ensure cross partnership working with relevant project and transformation leads Work with project managers to devise and establish systems, applications and processes that must be modified and designed with robust data security and protection principles in place with specific attention to the system implementations and roll out.
Assist the DSP Team Leader in the collation of relevant reports and information for compliance reporting, inspections and internal assurance.
Work with the Cyber Security Team to assess cyber related assurance and controls with specific attention to the system implementations and roll out.
to monitor compliance, identify when non-compliance is detected and escalate to the Head of DSP as appropriate Assist with the DSP meetings, ensuring relevant reports, minutes actions and decisions are recorded that relate to the DSP Team and actions taken or escalated where necessary Escalate incidents to the Team Leader immediately when they may meet the criteria for a Serious Incident / reportable to the ICO update the Internet and Intranet pages for DSP as appropriate, ensuring it is up to date with pertinent advice and guidance, including applicable FAQs and relevant legislation.
Manage paper and consumables stock and use the e-proc system to order stationary items needing to be reordered and be responsible for equipment such as the photocopier used by the DSP Team Allocate tasks to and support the DSP Team administrator to ensure mailboxes are appropriately managed and their responsibilities are appropriately undertaken Manage a multiple and wide-ranging workload which requires independent task management and prioritisation to meet deadlines, with ability to concentrate on extended tasks Person Specification Education, Training & Qualifications Essential Educated to Masters level or equivalent level of education, training or experience.
Substantial experience in IG/DSP related activities across Acute NHS organisations, or to have extensive experience of working at a senior level in a public sector body Desirable Evidence of continuing professional development.
ISO 17024- accredited GDPR Foundation and Practitioner certificateor evidence of furthereducation in theapplication of ISO/IEC27002:2013 and otherassociated standards.
Knowledge & Experience Essential Substantial experience of practical implementation of the Data Protection Act at a senior level Significant experience of working within NHS or similar large multi-disciplinary organisation in a similar role.
Risk assessment and management Significant experience in writing and reviewing Data Protection Impact Assessments Desirable Experience of working with, supporting or implementing security systems within an NHS IT Department Change management experience Skills Essential Highly developed interpersonal skills within groups and on a one-to-one basis Ability to facilitate, teach and coach Established leadership and managerial skills Ability to solve problems and use initiative to secure desired outcomes Ability to prioritise between competing demands and allocate resources accordingly Desirable Ability to be able to present at local and national events Key Competencies/ Personal Qualities & Attributes Essential Self-motivated to work on own initiative Able to work under pressure and complete work within timescales/ deadlines Developed attention to detail and accuracy Excellent Team working skills Desirable Ability to travel to meetings off site as required