Data Protection Officer and Information Governance Manager

The West of England Mayoral Combined Authority (MCA) is seeking an experienced Data Protection Officer and Information Governance Manager to join our Legal and Governance team. The role provides independent oversight and expert advice on compliance with the UK GDPR, the Data Protection Act 2018 and related legislation.

You will act as the statutory Data Protection Officer, carrying out statutory duties and leading the MCA in data protection compliance and best practice. Reporting to the Head of Legal Services, your key responsibilities include:

• Driving strategic information governance projects and providing expert guidance to senior leaders on a range of initiatives;
• Shaping a strong, compliant information culture across the organization;
• Leading the Information Governance Framework and all related matters (Data Protection, Information Rights, Freedom of Information, and Records Management);
• Providing effective leadership and management of the Information Governance team to deliver an efficient and effective Information Governance Service;
• Ensuring completion of Subject Access Requests and Freedom of Information requests within statutory timeframes;
• Providing advice on data handling/processing in line with UK GDPR, DPA principles;
• Supporting completion of Data Protection Impact Assessments, considering risk implications and mitigation;
• Liaising with partner organisations and suppliers to establish compliant data flows and agreements;
• Advising and supporting the drafting of data sharing agreements and external third party contracts;
• Managing data breaches/incidents to minimise immediate risks and mitigate future breaches.

You should have experience and expertise in:

• Providing expert advice on all matters relating to the Data Protection Act, the UK GDPR, Freedom of Information Act, the Environmental Information Regulations, information security, and records management in large, complex organisations (preferably local government);
• In-depth knowledge of all relevant legislation and its operational implementation;
• Developing, reviewing, delivering, managing and recommending improvements in policies, procedures, controls, monitoring systems and performance for effective information governance and data protection;
• Extensive knowledge of Data Privacy Impact Assessments, Information Sharing Agreements, information risk and records management;
• Investigating data breaches or incidents and recommending and implementing mitigating risk factors.

As Data Protection Officer you will play a central leadership role in managing the MCA's information as a strategic asset, influence decision making at the highest level, support major programmes and investments that directly affect the region, and shape a maturing Information Governance framework.