Data Protection Officer
Role Purpose
This profile has recently been updated to include the CVF 2024 and core skills, and the new version can be found on College Learn by entering the Profile title in the search function. Please note this profile is out of date and is in the process of being reviewed.
To perform the protected statutory and independent role of Force Data Protection Officer and be the responsible officer for the provision of strategic advice, planning, and compliance with all aspects of the Data Protection Act 2018, General Data Protection Regulation and associated legislation and guidance.
Key Accountabilities
• Direct and lead the service strategically in relation to information governance, advising the Chief Constable regarding their obligations, as Data Controller, on compliance with the Data Protection Act 2018, General Data Protection Regulation (GDPR) and associated data protection legislation.
• Influence and provide advice to all levels of the service in relation to operational matters, policy, practice and procedures to ensure policing and organisational activity is compliant with data protection and associated legislation.
Represent the service as lead contact for the Information Commissioner’s Office (ICO), and as principal point of contact for data subjects in all matters relating to the protection of personal data, in order to ensure breach notifications, complaints, investigations, and confidentiality requests are facilitated.
• Lead and maintain a programme of awareness and training, developing appropriate policies and guidance, in order to influence, embed and integrate data protection and data privacy within the culture of the Force.
• Shape and direct the review, appraisal and maintenance of information management within force, advising on monitoring and information audit requirements, to mitigate against risks around data protection processing activities, and to ensure compliance with GPDR and associated data protection legislation.
• Monitor and advise on the undertaking and completion of data protection impact assessments when new or alternative processing activities are proposed, to enable solutions to be developed which meet compliance and the strategic and organisational objectives of the service.
• Establish, lead, develop and motivate a diverse data protection and information governance function to support Data Protection Officers in the fulfilment of their role and tasks, including information access, compliance, audit and disclosure, and the specialist areas of information security, records management and the Management of Police Information (MoPI).
• Set objectives for the Data Protection and information governance function, teams and individuals; evaluating progress, identifying emerging risks, issues and opportunities, assessing performance and intervening to take corrective steps when necessary.
• Maintain and develop active and effective relationships with partner agencies and Governing Bodies (Home Office, judiciary etc.) including representing the service at relevant local, regional and national meetings, conferences, forums etc. in order to share best practice and be the point of contact for other forces, NPCC and other Government Bodies.
Behaviours
All roles are expected to know, understand and act within the ethics and values of the Police Service.
The Competency and Values Framework (CVF) has six competencies that are clustered into three groups. Under each competency are three levels that show what behaviours will look like in practice.
It is suggested that this role should be operating or working towards the following levels of the CVF:
Resolute, compassionate and committed
Inclusive, enabling and visionary leadership
Intelligent, creative and informed policing
Education, Qualifications, Skills and Experience
Prior Education and Experience:
• Accredited or equivalent professional qualification in Data Protection.
• Substantial recent experience of managing data protection and information rights functions within a large organisation or law enforcement body.
• Educated to degree level.
• Possession of a management qualification.
Skills:
• Able to identify the likely future needs and obligations of the Force in relation to the information management function, taking account of internal and external factors, and positively create strategic organisational change within the Force in response to such factors.
• Able to use a range of communication and influencing techniques to successfully negotiate, collaborate or effect change, in relation to matters of a specialist/ technical nature.
• Able to manage budgets and allocate resources effectively across the information management function, delivering effective outcomes, and balancing complex competing demands, making risk- based decisions within the available budget.
• Skilled in leading, developing and motivating a diverse team which supports the information management function and the Force’s strategic priorities, values and behaviours, holding individuals to account for their performance and behaviours.
• Able to set function, team and individual objectives, assess progress, identify emerging risks, issues and opportunities, and take corrective steps as required to ensure that the right results are achieved.
• Ability to identify and recognise opportunities for new or improved technologies to enable a more effective data protection compliance function and improvements to Force operational effectiveness and efficiency.
• Able to research, devise and deliver specialist and team specific training.
Continuing Professional Development (CPD)
• Maintain up to date specialist knowledge of changes to relevant legislation to meet GDPR requirements, developing case law and the available tools to support the effective management of information via a range of methods such as pro-active engagement with peers, regional groups, attendance at NPCC forums, engagement with other relevant Non-Service information governance groups, environmental scanning, including the review of professional journals and publications, and guidance and decisions from the Information Commissioner.
• Requirement to maintain an up to knowledge of the technologies and systems operated within policing and the legal context.
• Complete all annual mandatory training.
• Maintain knowledge and understanding of performance management process and ensure they are implemented effectively when managing teams.
• Keep up to date with guidance and best practice on health, safety and welfare.
Professional Registration/Licenses
• Not applicable.
Links to other Profiles
• Not applicable.