The Information Rights Officer will be a member of the team that delivers information governance and data protection for the National Church Institutions (NCIs). Based at Church House and Lambeth Palace, London, this post may involve some travel to the other offices from time to time although currently many employees are working remotely due to Covid-19 restrictions.
Working closely with colleagues, data subjects and the Information Commissioner's Office, the Information Rights Officer will ensure that the NCIs understand and implement the relevant processes to comply with their information rights obligations.
As Information Rights Officer, you will liaise with internal and external stakeholders at all levels, championing and raising awareness of information rights, potential risks and solutions.
Managing a case load of information requests, you will provide accurate and timely responses that are compliant with legislation and procedures. In addition, you will be involved in ensuring transparency, quality assurance and disseminating best practice.
You will contribute to the support of improved data protection practice and the provision of information legislation advice and guidance and you will train others, to ensure that these standards are maintained.
Together with enthusiasm and adaptability you will bring your:
Data Protection and/or GDPR expertise
Experience of managing Individual Rights Requests
Ability to work collaboratively to undertake searches for personal data
Experience of writing Privacy Notices and of Third Party Processing agreements
Experience of writing Data Protection procedures/guidance and training materials
Knowledge of Data Protection Impact Assessments
This is a fixed term contract expected to last for 12 months.
This is a full time role however we are happy to consider flexibility around working hours/arrangements.
An early application is encouraged as initial interviews which will be heldremotely on the 17th/18th September 2020.
In return we offer a unique environment with opportunities for continuous learning, generous annual leave for work life balance, season ticket loans and a range of benefits including discounted entry to attractions and what we feel is a market leading package when it comes to our pension scheme.
Act as first point of contact for the processing of all information rights requests relating to the National Church Institutions (NCIs), ensuring responses are accurate, compliant and timely.
Providing high quality advice and support on the application of data protection legislation through the scoping, collation and redaction of subject access request documentation and responses.
Effective and practical support to NCI departments and staff to develop and implement appropriate GDPR documentation and processes such as Privacy Notices and consent forms, data protection impact assessments etc.
Manage the Information Rights Register, ensuring that all requests are logged and monitored, and completed responses are accessioned into the NCI records management system and storage.
Provide effective and practical support to NCI departments and staff to undertake GDPR compliant procurement of suppliers and data processors.
Providing advice on whether information should be disclosed or refused in compliance with the relevant legislation, with the knowledge and understanding of when to defer to legal advisors for clarification, internal and external consultation and guidance in relation to other legislation which may apply to the disclosure.
Understanding, interpreting and applying any relevant tribunal and Information Commissioner’s Office (ICO) cases and guidance to individual rights request responses.
Assessing requests and correspondence to identify the relevant NCI and Church of England internal and external stakeholders that may be affected by disclosure.
Working with colleagues in the Technology team to identify relevant data.
Working with Information Asset Owners and other interested parties at all levels to identify and understand their concerns about disclosure or the application of exemptions and to provide expert advice on any applicable exemptions.
Responding to requests ensuring that all correspondence and associated disclosures are timely, accurate and compliant with legislation, regulations and policies.
Providing ongoing advice, training and guidance to the NCIs and the wider Church as whole where required.
Support the internal data protection co-ordinator/s to respond appropriately and lawfully to access requests.
Support the Data Protection Officer (DPO) in responding to data protection complaints.
Support the DPO and others to undertake internal reviews of responses to individual rights requests.
Provide supporting material to enable representations to the Information Commissioner's Office (ICO), in respect of data protection complaints.
Liaising with the DPO where a request relates to sensitive matters.
Liaising with external stakeholders or data controllers to ensure that their concerns about disclosure are considered.
Ensuring accurate records are kept of requests, responses, disclosures and exemptions and associated correspondence in accordance with data protection legislation.
Support the production of and updating of guidance on and support material used by the NCIs and wider church in order to promote best practice, in light of the evolving business and legal landscape.
Support the provision of information rights training across the organisation.
Updating and improving processes within the NCIs to deliver a better information rights service.
Keeping up to date with statute law, case law and practice relating to information rights legislation, including participating in in-house seminars, and external events. Facilitate knowledge transfer and dissemination to various staff including other data protection staff.
Manage the GDPR enquiry service, which provides responses to requests for advice on issues relating to information requests to enable NCI and wider Church staff to comply with requirements. This may involve researching and producing guidance, procedures and best practice advice in the context of relevant legislative requirements, codes of practice and standards.
Good communicator both orally and in writing with the ability to explain specialist issues simply to non-specialist staff at a variety of levels.
Able to work methodically and accurately.
Good IT skills.
Good understanding of how to search for and identify relevant personal data.
Self-motivated and able to work with minimal supervision when required.
Excellent interpersonal skills and ability to work effectively with employees and stakeholders.
Good analytical skills in order to assess information requests and the relevant legislative requirements.
Excellent organisational skills and the ability to work under pressure to tight deadlines.
Excellent attention to detail.
Theoretical and practical understanding of the GDPR and Data Protection Act 2018. A knowledge of other pertinent legislation i.e. the Human Rights Act, PERC etc are desirable.
Theoretical and practical understanding of data security as it relates to data protection.
Experience in working collaboratively with colleagues to identify and collate relevant data.
Proven ability to redact documents and prepare disclosure responses in accordance with the legislation.
Proven ability to draft Privacy Notices, and carry out Data Protection Impact Assessments
Ability to make evidence-based decisions considering the legislation.
Good knowledge and understanding of 3rd party processing.
Ability to influence colleagues at all levels across the whole organisation.
Proven ability to provide advice, guidance and training to both internal and external stakeholders on a variety of complex issues (including legal issues), with a keen awareness of sensitivities.
Ability to work effectively both independently and as part of a team.
Ability to advise and provide support on data protection in a complex organisation.
Proven ability to show initiative and contribute in a changing environment.
Relevant professional qualification or demonstrable experience in a similar role.
Able to prioritise duties, meet deadlines and work simultaneously on several cases.
Able and willing to learn new software, new systems and new processes.
Adaptable and flexible, open to new ideas and willing to undertake further professional development.
Good team member and team worker.
Able and willing to use own initiative and work with minimal supervision
This post is based at Church House and Lambeth Palace, with possible visits to other church institutions and organisations within the Church of England.
Active participant in networks of fellow professionals in data protection
Experience of using redaction software
We in the National Church Institutions support the mission and ministries of the Church all over England. We work with parishes, dioceses (regional offices), schools, other ministries and our partners at a national and international level.
Excellence, Respect, Integrity
We follow these three values in everything we do, whether we are of Christian faith, another faith or no faith. To learn more about working for National Church Institutions and our benefits, please click here
As a Disability Confident Leader, we actively look to attract, recruit and retain those of you who are disabled.
As a member of the Armed Forces Covenant, we welcome applications from those of you who have served in our Armed Forces and their families.
We are committed to being an equal opportunities employer and to ensuring that everyone, job applicants, customers and other people with whom we deal, are treated fairly and not subject to discrimination. We will do whatever is necessary to provide genuine equality of opportunity. We continuously review our policies and processes to support our aim to create a workforce as diverse as the nation the Church of England serves..