RNIB Job Description
Job Title: Information Governance Manager and
designated Data Protection Officer
Job level: L3
Job level cluster: Leadership, Strategy, Direction
Group: Corporate Services
Section: Business Support
Unit: Information Governance
Location: 105 Judd St, London, WC1H 9NE with some
travel nationally.
Reports to: Head of Business Support and Compliance
Purpose of Job:
Develop, implement and maintain Information Governance
policies and procedures and controls to manage the
charity’s information assets in order to support its business
needs and its legal, risk management and operational
requirements.
Provide specialised knowledge to senior management and
staff, and clear guidance and performance assessment to
ensure that the organisation meets its meets both its
statutory and legal obligations.
IG Manager would be the designated Data Protection
Officer (DPO) for RNIB
RNIB would like to expand its IG function and continue its
plans to embed privacy into all parts of the organisations,
people and processes, becoming compliant with the new
Data Protection Regulation.
The IG Manager would not only be the designated Data
Protection Officer (DPO) for RNIB (as set out in Article 37
of GDPR) but would be responsible for working with the
business to embed privacy throughout all processes, in
line with the Data Protection Act 1998 (DPA), the General
Data Protection Regulation (GDPR), The Privacy and
Electronic Communication Regulations (PECR) and any
other relevant information legislation or standards.
Impact:
The post holder will work across the organisation leading
the Information Governance Team, which consists of a
Data Protection and Records Management which will
impact on all aspects of the organisation.
Financial responsibility:
Financial responsibility for the information governance
budget
Main accountabilities:
1. Lead the development and implementation of the
Data Protection Impact Assessments across the
organisation, including defining the methodology,
determining outcomes for advice
2. Act as the first point of contact for Data Protection
issues, both externally and internally. To foster a
practical, privacy by design and ethical approach to
data management
3. To be involved in all aspects of privacy work and to
give advice, where necessary, ensuring that any view
that dissents from yours is recorded
4. Attendance at key leadership meetings to understand
the business
5. Liaison with the Information Commissioners Office,
as necessary ensuring up to date understanding of
requirements and processes.
6. Lead on the planning and implementation of the
General Data Protection Regulations compliance
work and then develop and implement appropriate
monitoring processes, and create and maintain
briefings and risk registers
7. Collect information to identify processing activities
and maintain records of processing activities as set
out under Article 30.
8. Being accountable to and Provide regular reporting
and updates to the Executive team, the Board of
Trustees, SIRO and Head of Business Support and
Compliance ensuring they are aware of high IG risks
as well as an overall picture of compliance.
9. Provision of advice on marketing and fundraising
communications in line with the DPA, GDPR and
PECR.
10. Assessment of contracts, ensuring relevant clauses
with processors and controllers relating to DPA and
GDPR
11. Creation of and advice on data sharing agreements
and memoranda of understanding
12. Submission of NHS IG Toolkit, maintaining at least
Level 2 accreditation
13. Strategic lead on the records management projects,
enabling specialist records management staff to
create an information asset register and other
records management projects,
14. Create practical training courses on DPA, GDPR
and PECR for staff and volunteers as well as the
Board of Trustees, SIRO and Caldicott Guardian.
15. Advise on an data breaches and incident handling of
issues
16. Providing expert advice on any other issues relating
to data protection and Information Governance.
17. Lead on the development and implementation of
policies and procedures to support the delivery of
information Governance
18. Manage a team of information professionals,
including records and data management experts.
General
1. Undertake any other duties commensurate with the
post.
2. Adhere to all RNIB policies and procedures.
Person Specification
All criteria are essential unless otherwise stated
1. Specialist knowledge, skills and experience
1.1 A lead role in a significant organisation with
Data Protection, Information Compliance,
Information Governance or Information
Assurance as the main remit;
1.2 Knowledge and understanding of the legislation
in the context of Privacy and Electronic
Communications Regulations 2003, Data
Protection 1998 and the governance of
marketing communications;
1.3 A thorough understanding of GDPR and ability
to understand how to apply it in a practical riskbased way.
1.4 Experience of completing the NHS IG Toolkit
and other audit work.
1.5 Experience of information risk assessment and
management;
1.6 Experience at leading with liaison with the ICO;
1.7 Some understanding of Records Management,
specifically information asset registers;
1.8 Some experience of Information Security
management, specifically breach and incident
handling and reporting and Privacy Impact
Assessments
1.9 Experienced in delivering direct Training to staff,
the SIRO and Caldicott Guardian
1.10 Education and development:
1.10.1 ISEB in Data Protection or Postgraduate at
Northumbria or Winchester on the LLM
programme, or equivalent experience and a
recognised qualification in Data Protection
and/or Freedom of Information
1.10.2 Course in GDPR or other evidence of
expertise in the Regulation;
1.10.3 Evidence of attendance at relevant
conferences and/or membership of, for
example, NADPO, IRMS, IAPP or ARA, to
show ongoing professional development.
Other skills:
1.10.4 Ability to translate GDPR, PECR and other
requirements into clear business processes.
1.10.5 Understanding business processes and
being able to give tailored, balanced advice,
with regard to risk and business needs;
1.10.6 Ability to create risk registers, plans,
strategies and other business documents;
2. People management skills / team working skills
2.1 Good leadership and management skills.
2.2 Proven ability to motivate and empower others
through clear leadership and direction.
2.3 Ability to influence others to adopt information
governance good practice.
3. Planning and organisational skills
3.1 Experience in effective planning and in
setting, managing and monitoring budgets.
4. Problem-solving and creative skills
4.1 Ability to find innovative ways of solving or preempting problems.
4.2 Ability to make high level decisions through
evaluating information and making systematic
and rational judgements.
5. Communication skills
5.1 Effective communication skills, in all formats, with
the ability to impart difficult ideas in a clear way
to non-specialists;
5.2 Experience of Board-level reporting.
5.3
Ability to develop and maintain effective working
relationships with other members of the
programme team, senior managers, the project
teams and third-party providers.
5.4 Experience in building alliances and maintain
effective relationships. Able to influence,
convince and negotiate with others in a way that
results in acceptance and agreement.
6. Special conditions
6.1 The post holder will be expected to travel
throughout the UK and to make occasional
overnight stays.
Behaviours
Deliver results
 Inspire and enable commitment to outstanding service.
Engage Customers
 Determine and drive customer outcomes and work
across the organisation to deliver customer excellence.
Engage others
 Lead by example in promoting equality and inclusion for
all.
Set Direction
 Develop strategies to achieve greater commercial and
financial accountability and sustainability.
 Creates a culture of innovation, flexibility and
responsiveness. Seeks and encourage ideas,
improvements and measured risk taking to deliver
better approaches and services.
 Is able to manage complexity, uncertainty and
ambiguity of major change. Work with others internally
and externally to embrace opportunities and find
innovative ways to overcome challenges while
maintaining the effectiveness of service delivery.
Lead and inspire
 Creates and leads a culture of high performance and
accountability.
 Displays resilience and takes a rational approach.
Personal impact
 Adapts own influencing style according to the audience
and context and expertly negotiates in complex
situations to achieve successes.