Job title: Data Protection Compliance Manager Grade: PO 2 Role code: EUX1230 Status: Police Staff Home Office code: Organisational Support
Main purpose of the role:
Reporting to the Force Data Protection Officer, the Data Protection Compliance Manager will act as the tactical lead for information-based risk, specifically leading on data protection audit-based activity for the Force (to identify, assess and mitigate information-based risk). The role will line manage the Data Protection specific resources. Activities will include development of force-wide data protection audit schedule, and duties associated to supporting the Information Asset Register. The role also acts as an auxiliary resource for assuring police systems, where demand exceeds the working capacity of the Force Information Security Officer and/or Information Security Accreditor. This position may be required to assist with policy and procedure development, regulatory and standards compliance, risk assessments/management, and other related information assurance activities.
Manage information-based risk, specifically leading on data protection audit-based activity for the Force and general day-to-day management of the Forces Information Asset Register. Activity will be centred around identifying areas of non-compliance and risk, by managing activity associated to data protection auditing (both via site visits, IAR audits etc.). Any areas of residual risk will be escalated via the appropriate channels, including to risk star chamber, or the Learning the Lessons Board or other Board - any escalation will be agreed by the Force DPO).
Develop and deliver force-wide data protection audit schedule. This is a requirement of the UK GDPR (and not currently resourced in Essex Police). The data protection audit schedule is owned by the Force DPO. This audit activity is required to not only satisfy the obligation as set on Controllers within data protection law, but to specifically to action the high-risk recommendation made by the Information Commissioners 2018/19 audit of Essex Police
Co-ordinate activity associated to the Information Asset Register, as directed by the Force DPO. The IAR is a legal requirement of the UK GDPR and requires regular maintenance to keep it compliant.
Deputise for the Force Data Protection Officer - where it is deemed appropriate to do so, as it is required. This may include responsibilities for training members of the Professionalism Command or the wider force.
Manage and co-ordinate activity associated to the decommissioning of IT systems, working closely with ITD lead and Information Asset Owners. This activity is required to reduce the cyber-related risk associated to continuing to support obsolete systems on the KEP network.
Act as an auxiliary resource for assuring police systems, where demand exceeds the working capacity of the Force Information Security Officer and/or Information Security Accreditor. To ensure that the Force is compliant with national policing information assurance requirements and Codes of Connection.
This position may be required to assist with policy and procedure development, regulatory and standards compliance, risk assessments/management, and other related information assurance activities.
Any reasonable management request in relation to supporting activity concerning information-based risk and/or data protection compliance.
The post holder will be required to have a good working knowledge of Data Protection Legislation and the responsibilities of the Data Protection Officer and the Senior Information Risk Owner roles. A formal data protection qualification, BCS Practitioners Certificate in Data Protection. The post holder will need evidence of 2-5 years previous experience in a data protection environment.
The post holder will have experience working in an Information Security/Assurance environment, a minimum of 2 years experience. The BCS certificate in Information Security Management Principles (CISMP) would be desirable.
Line management experience and experience of assuring systems in accordance with national policing information assurance requirements are desirable.
Analyse Critically (Level 2)
I ensure that the best available evidence from a wide range of sources is taken into account when making decisions. I think about different perspectives and motivations when reviewing information and how this may influence key points. I ask incisive questions to test out facts and assumptions, questioning and challenging the information provided when necessary. I understand when to balance decisive action with due consideration. I recognise patterns, themes and connections between several and diverse sources of information and the best available evidence. I identify when I need to take action on the basis of limited information and think about how to mitigate the risks in doing so. I challenge others to ensure that decisions are made in alignment with our mission, values and the Code of Ethics.
Collaborative (Level 2)
I manage relationships and partnerships for the long term, sharing information and building trust to find the best solutions. I help create joined-up solutions across organisational and geographical boundaries, partner organisations and those the police serve. I understand the local partnership context, helping me to use a range of tailored steps to build support. I work with our partners to decide who is best placed to take the lead on initiatives. I try to anticipate our partners' needs and take action to address these. I do not make assumptions. I check that our partners are getting what they need from the police service. I build commitment from others (including the public) to work together to deliver agreed outcomes.
Deliver, Support and Inspire (Level 2)
I give clear direction and expectations, helping others to understand how their work operates in the wider context. I identify barriers that inhibit performance in my teams and take steps to resolve these, enabling others to perform. I lead the public and/or colleagues, where appropriate, during incidents or through the provision of advice and support. I ensure the efficient use of resources to create the most value and the right impact within my areas. I keep track of changes in the external environment, anticipating both the short and long term potential implications for the Police Service. I motivate and inspire others to achieve their best.
Emotionally Aware (Level 2)
I consider the perspectives of people from a wide range of backgrounds before taking action. I adapt my style and approach according to the needs of the people I am working with, using my own behaviour to achieve the best outcome. I promote a culture that values diversity and encourages challenge. I encourage reflective practice among others and take the time to support others to understand reactions and behaviours. I take responsibility for helping to ensuring the emotional well being of those in my teams. I take the responsibility to deal with any inappropriate behaviours.
Innovative and Open-minded (Level 2)
I explore a number of different sources of information and use a variety of tools when faced with a problem and look for good practice that is not always from policing. I am able to spot opportunities or threats which may influence how I go about my job in the future by using knowledge of trends, new thinking about policing and changing demographics in the population. I am flexible in my approach, changing my plans to make sure that I have the best impact. I encourage others to be creative and take appropriate risks. I share my explorations and understanding of the wider internal and external environment.
Take Ownership (Level 2)
I proactively create a culture of ownership within my areas of work and support others to display personal responsibility. I take responsibility for making improvements to policies, processes and procedures, actively encouraging others to contribute their ideas. I am accountable for the decisions my team make and the activities within our teams. I take personal responsibility for seeing events through to a satisfactory conclusion and for correcting any problems both promptly and openly. I actively encourage and support learning within my teams and colleagues.
I take into account individual needs and requirements in all of my actions. I understand that treating everyone fairly does not mean everyone is treated the same. I always give people an equal opportunity to express their views. I communicate with everyone, making sure the most relevant message is provided to all. I value everyone's views and opinions by actively listening to understand their perspective. I make fair and objective decisions using the best available evidence. I enable everyone to have equal access to services and information, where appropriate.
I always act in line with the values of the police service and the Code of Ethics for the benefit of the public. I demonstrate courage in doing the right thing, even in challenging situations. I enhance the reputation of my organisation and the wider police service through my actions and behaviours. I challenge colleagues whose behaviour, attitude and language falls below the public's and the service's expectations. I am open and responsive to challenge about my actions and words. I declare any conflicts of interest at the earliest opportunity. I am respectful of the authority and influence my position gives me. I use resources effectively and efficiently and not for personal benefit.
Public Service (Accredited)
I act in the interest of the public, first and foremost. I am motivated by serving the public, ensuring that I provide the best service possible at all times. I seek to understand the needs of others to act in their best interests. I adapt to address the needs and concerns of different communities. I tailor my communication to be appropriate and respectful to my audience. I take into consideration how others want to be treated when interacting with them. I treat people respectfully regardless of the circumstances. I share credit with everyone involved in delivering services.
I ensure that my decision-making rationale is clear and considered so that it is easily understood by others. I am clear and comprehensive when communicating with others. I am open and honest about my areas for development and I strive to improve. I give an accurate representation of my actions and records. I recognise the value of feedback and act on it. I give constructive and accurate feedback. I represent the opinions of others accurately and consistently. I am consistent and truthful in my communications. I maintain confidentiality appropriately.
Business Planning (Level 4)
Gathers relevant information and statistics to support the business planning process at Division/Department level. Identifies key objectives in order to improve local performance and ensures these are aligned with the Force Strategic Aims. Effectively communicates agreed objectives and targets to the local workforce. Plans for and ensures the best use of resources and value for money.
Data and Systems Security (Level 3)
Able to undertake the testing of data to ascertain accuracy and can report findings and implications to the appropriate authority. Can create and request non standard reports from systems and interpret information supplied from system and audit logs. Recognises when technology has been misused and displays discretion in identifying the appropriate response. Aware of the software, hardware and environmental controls that should be in place and whether they are operating effectively. Familiar with a range of Force systems, networks, their use and registration. Possession of QiCA is desirable.
Health and Safety (Level 3)
Has a basic understanding of Health and Safety issues affecting the current role and working environment. Takes responsibility for personal safety and the safety of others. Aware of hazards and reports problems identified to line manager. Understands and minimises the physical risk of injury through the use of proper manual handling procedures.
Information Gathering and Analysis (Level 4)
Is able to identify reliable and appropriate sources of information and select methods of gathering information which are efficient and effective. Has a working knowledge of legislation and policy relevant to the collection, recording, storage and distribution of information.
Information Management and Technology (Level 4)
Can conduct basic computer searches and can correctly interpret data generated. Can create and amend records, according to role requirement. Knows established rules and protocols. Understands impact of data quality, and is self-monitoring on data quality issues.
Inspection (Level 4)
Undertakes risk analysis to determine areas within the organisation that need to be reviewed. Is able to design specific tests that provide for findings that add value to the inspection process and the Force. Can translate findings into reports that are well presented and easily understood. Understands significance of findings and can interpret them to identify their impact upon the Force. Produces options for consideration. Continuously monitors internal, and Force systems under review, to ascertain best value.
Internal Consultancy (Level 4)
Demonstrates an in depth knowledge of the relevant specialist area and combines this with high level consultancy skills. Develops collaborative relationships with internal clients and works with them to achieve joint objectives and targets. Maintains an up to date awareness of all developments which may affect Force business and policies and proactively advises clients of all relevant matters.
Interviewing - General (Level 3)
Demonstrates the ability to conduct effective routine interviews for a variety of purposes. Prepares and plans carefully and is clear about the purpose of the interview. Asks relevant questions and is able to obtain the required information. Regularly reviews personal interview performance. Adapts style to suit the needs of the interview.
Knowledge of Police Environment and Policy (Level 5)
Has a thorough understanding of the police service, nationally and locally, and is proactive in developing proposals which affect the way Kent Police and/or Essex Police operates. Possesses a detailed understanding of the inter-relationships between activities, roles, functions, and how organisation structures and police systems work. Understands and impacts on working procedures, practices and policies within areas of responsibility and ensures that these are followed at all times. Contributes to Force goals and is laccountable for delivering local business plan objectives.
Management of Police Information (MOPI) (Level 5)
Has sufficient understanding of the NPCC records management policies be able to offer appropriate guidance and support to staff. Is able to identify the appropriate MOPI group for any record with a policing purpose and ensure that all policing records within the team are retained, reviewed or destroyed in line with the MOPI codes of practice. Quality assures staff to ensure a full understanding and compliance with the APP for Information Management (incorporating MOPI guidance), highlighting failings and taking appropriate action as required. Ensures training and / or refresher training is provided and completed. Ensures that systems are correctly linked together to ensure effective management and recording of information across systems. Appropriately reviews digital information held on system(s) and physical records in storage to ensure that they are retained only where there is a policing purpose. Complies with relevant policies and procedures in respect of prioritisation, sanitisation, dissemination, sharing, relevancy, accuracy, adequacy and timeliness.
Office Technology (Level 4)
Demonstrates advanced skills in the use of one or more office software products Able to use these packages to enhance the quality or presentation of work required within the role. Manages data files and file structures. Provides on the job training and guidance to other staff in the use of specific or specialist software, if required. Familiar with established IT rules and protocols and shows a good understanding of data protection requirements.
Project Management (Level 3)
Demonstrates an understanding of the key principles of project management. Able to assist in the management of projects within a Department or Division where the objectives, milestones and timescales have already been defined and manpower resources are limited. Will need project management support.
Risk Management (Level 3)
Demonstrates an awareness of personal risk management issues, challenges or difficulties likely to affect the post holder in the execution of their duties. Able to anticipate risks likely to affect their work and knows how to communicate the likelihood and possible impacts of such events to line managers or supervisors.
Training (Level 3)
Able to present and convey ideas and new/ revised procedures, on a one to one or group basis, to a logical and well structured plan. Aware of a variety of training techniques, tools and principles.