Job title: Data Protection Compliance Officer Grade: SCALE 6 Role code: EUX1229 Status: Police Staff
Main purpose of the role:
Support the Force Data Protection Officer and Data Protection Compliance Manager in their duties to ensure that Essex Police is compliant in all of its legislated responsibilities under Data Protection law through auditing processes, procedures, IT systems, staff, partners and suppliers. Ensuring robust auditing and compliance procedures are in place and are effective. To provide support and advice for data protection matters across the organisation.
Conduct localised and force audits to ensure all processing activities follow the requirement of the UK GDPR and Data Protection Act 2018 (as set out in section 55-68), including ensuring organisational compliance with s.62 logging requirements. The posts holder will be directed by the agreed Force Data Protection Audit Schedule (as designed by the Force Data Protection Officer, under consultation with the Head of Information Management and the organisations Information Asset Owners).
Support the Force Data Protection Officer to ensure compliance with the regulators (ICOs) requirements for minimum data protection standards and compliance. This will involve engagement with ICO caseworkers, in dealing with complaints relating to the handling of personal data and feeding back into the organisation any lessons learnt (via effective communications or policy/procedure changes to be agreed by DPO).
Support and offer advice relating to data protection matters, including input for Data Protection Impact Assessments (DPIAs), for all new projects and initiatives. The postholder will work with business leads to prepare and scrutinise the DPIAs in preparation for sign-off with the DPIA Advisors. offering much needed support and guidance to business- leads.
Provide support to the Force Data Protection Officer, and their staff, to support the day-to-day operations associated to the management of the Information Asset Register. This includes acting a SPOC to Information Asset Owners for such matters. As well as being responsible for completing audits of the Register to ensure that all processing activities that are logged are in compliance with the law. This will include working with Information Asset Owners, Coordinators and Assistants to ensure that the processing activities being undertaken are in full compliance of the legislation including the use of Data Protection Impact Assessments,ensuring the lawfulness of the processing, ensuring policies, and procedures are in place that meet the requirements of the law, as well as reviewing the retention processes and procedures as well as technical and security measures in place for each activity. Where non-compliance is identified ensuring that the Information Asset Owners are provided the advice and guidance to ensure that the processing is amended to ensure compliance with data protection legislation.
Review all suppliers and partner agencies processing personal data on behalf of Essex Police and ensure the appropriate Data Processing Contracts are in place. Undertake audits with processors to ensure all controller obligations under Data Protection legislation are met. This will include liaising with suppliers and agencies to organise and undertaken audits electronically and onsite where required, reviewing suppliers policies and procedures as well as the practical application of these procedures in relation to obtaining, storing, securing, handling, sharing and retaining personal data.
Responsible for identifying where there is joint controllership in the processing of pe sonal data with other agencies, that the relevant contracts and agreements are in place. This will be undertaken by auditing identifying multiagency/supplier working arrangements and ensuring the relevant contracts are in place.
Responsible for reviewing all Information Sharing Agreements in place in force to ensure that they are fit for purpose, also ensuring that the force understands that ISAs are not the primary lawful basis for processing personal data, but an additional process in which partners agree to their obligations already set in law. The postholder will also advise on national ISAs and other agreements.
Produce reports, statistics and reviews on request to the Force Data Protection Officer, Head of Information Management and Force SIRO in relation to the auditing of processing activities within Essex Police.
Pre-May 2023, the post holder will be expected to carry out inspections on all Police IT systems for compliance with Section 62 (s.62) of the Data Protection Act 2018 logging requirements and where compliance is lacking, consider and implement options for ensuring compliance. This is undertaken through initial audits of systems and thereafter monthly routine monitoring of audit logs in the back office of IT systems and providing monthly reports as to levels of compliance. Where the auditing function is not compliant with the requirements of the legislation then the Data Protection Compliance Officer will work with IT, Procurement and any other relevant department or supplier to identify a solution to ensure compliance. Post-May 2023, it would be expected that this requirement is built into the DPIA process.
Created July 2022.
The Data Protection Compliance Officer will require a good level of understanding of data protection (and associated) legislation and will have the ability and experience in conducting audits. They will be required to undertake the (BCS) Foundation Certificate in Data Protection and pass the relevant assessment. The post holder will be required to have 2-5 years experience in a data protection environment and associated legislation.
The post holder will possess strong and well developed interpersonal, communication and presentation skills, both verbal and written. These skills will need to be flexibly applied to handle a variety of situations including dealing with internal partners and providing advice and guidance to senior managers. The post holder must be comfortable providing feedback and recommendations to senior leaders and understand the wider organisational issues in Information Management and Data Protection.
The role holder should be proficient in the use of Policing IT systems, such as, Athena, PNC, STORM, as well as all office products, however, training courses can be provided.
Educated to A-Level (or equivalent experience) with a good standard of written English and Maths. Whilst an educational standard is written here, an expectation of experience and evidence will be more important from candidates.
There is an expectation that it would take six months to be fully competent in role (12 months where candidates may not meet the full experience requirement but may be considered based on ability).
Analyse Critically (Level 3)
I balance risks, costs and benefits associated with decisions, thinking about the wider impact and how actions are seen in that context. I think through 'what if' scenarios. I use discretion wisely in making decisions, knowing when the 'tried and tested' is not always the most appropriate and being willing to challenge the status quo when beneficial. I seek to identify the key reasons or incidents behind issues, even in ambiguous or unclear situations. I use my knowledge of the wider external environment and long-term situations to inform effective decision making. I acknowledge that some decisions may represent a significant change. I think about the best way to introduce such decisions and win support.
Collaborative (Level 1)
I work cooperatively with others to get things done, willingly giving help and support to colleagues. I am approachable, and explain things well so that I generate a common understanding. I take the time to get to know others and their perspective in order to build rapport. I treat people with respect as individuals and address their specific needs and concerns. I am open and transparent in my relationships with others. I ensure I am clear and appropriate in my communications.
Deliver, Support and Inspire (Level 2)
I give clear direction and expectations, helping others to understand how their work operates in the wider context. I identify barriers that inhibit performance in my teams and take steps to resolve these, enabling others to perform. I lead the public and/or colleagues, where appropriate, during incidents or through the provision of advice and support. I ensure the efficient use of resources to create the most value and the right impact within my areas. I keep track of changes in the external environment, anticipating both the short and long term potential implications for the Police Service. I motivate and inspire others to achieve their best.
Emotionally Aware (Level 2)
I consider the perspectives of people from a wide range of backgrounds before taking action. I adapt my style and approach according to the needs of the people I am working with, using my own behaviour to achieve the best outcome. I promote a culture that values diversity and encourages challenge. I encourage reflective practice among others and take the time to support others to understand reactions and behaviours. I take responsibility for helping to ensuring the emotional well being of those in my teams. I take the responsibility to deal with any inappropriate behaviours.
Innovative and Open-minded (Level 1)
I demonstrate an openness to changing ideas, perceptions and ways of working. I share suggestions with colleagues, speaking up to help improve existing working methods and practices. I constantly reflect on my own way of working and periodically review processes and procedures for continuous improvements. I adapt to change and am flexible as the need arises while encouraging others to do the same. I learn from my experiences and do not let myself be unduly influenced by preconceptions.
Take Ownership (Level 1)
I actively identify and respond to problems. I approach tasks with enthusiasm, focusing on public service excellence. I regularly seek feedback to understand the quality of my work and the impact of my behaviour. I recognise where I can help others and willingly take on additional tasks to support them, where appropriate. I give feedback to others that I make sure is understandable and constructive. I take responsibility for my own actions, I fulfil my promises and do what I say I will. I will admit if I have made a mistake and take action to rectify this. I demonstrate pride in representing the police service. I understand my own strengths and areas for development and take responsibility for my own learning to address gaps.
I take into account individual needs and requirements in all of my actions. I understand that treating everyone fairly does not mean everyone is treated the same. I always give people an equal opportunity to express their views. I communicate with everyone, making sure the most relevant message is provided to all. I value everyone's views and opinions by actively listening to understand their perspective. I make fair and objective decisions using the best available evidence. I enable everyone to have equal access to services and information, where appropriate.
I always act in line with the values of the police service and the Code of Ethics for the benefit of the public. I demonstrate courage in doing the right thing, even in challenging situations. I enhance the reputation of my organisation and the wider police service through my actions and behaviours. I challenge colleagues whose behaviour, attitude and language falls below the public's and the service's expectations. I am open and responsive to challenge about my actions and words. I declare any conflicts of interest at the earliest opportunity. I am respectful of the authority and influence my position gives me. I use resources effectively and efficiently and not for personal benefit.
Public Service (Accredited)
I act in the interest of the public, first and foremost. I am motivated by serving the public, ensuring that I provide the best service possible at all times. I seek to understand the needs of others to act in their best interests. I adapt to address the needs and concerns of different communities. I tailor my communication to be appropriate and respectful to my audience. I take into consideration how others want to be treated when interacting with them. I treat people respectfully regardless of the circumstances. I share credit with everyone involved in delivering services.
I ensure that my decision-making rationale is clear and considered so that it is easily understood by others. I am clear and comprehensive when communicating with others. I am open and honest about my areas for development and I strive to improve. I give an accurate representation of my actions and records. I recognise the value of feedback and act on it. I give constructive and accurate feedback. I represent the opinions of others accurately and consistently. I am consistent and truthful in my communications. I maintain confidentiality appropriately.
Information Gathering and Analysis (Level 5)
Information gathered is sufficient, valid and reliable and is consistent with the organisation's values, policies, guidelines and procedures. Able to deal with situations when information is insufficient, contradictory or ambiguous. Able to organise and interpret information so that conclusions can be drawn.
Information Management and Technology (Level 5)
Can retrieve information from computer searches across data source boundaries e.g. across a number of data sources, across county. Can analyse and compare data from such searches. Understands significance of findings and can provide guidance on the reliability of forecasts resulting from data analysis. Can monitor data quality in the work of others, and may manage the impact of data quality issues.
Internal Consultancy (Level 3)
Demonstrates an understanding of Force business/internal client needs and expectations in relation to the consultancy specialism offered by the Department or Unit. Clarifies client requirements in response to requests for help and support. Collects and analyses relevant data, using appropriate methodologies and offers practical solutions which meet client requirements. Builds and develops effective working relationships with clients.
Knowledge of Police Environment and Policy (Level 3)
Has a basic awareness of current policing issues, the environment in which Kent Police and/or Essex Police operate and developments in the way the County is policed. Possesses sufficient knowledge of the roles of the various Areas/Departments, organisation structures and police systems to operate effectively. Understands appreciates and adheres to working procedures, practices and policies relevant to the current role. Familiar with Force goals and local business plan objectives.
Knowledge of Legislation and Policy (Level 3)
Demonstrates a sound working knowledge of all legislation, policies and procedures relevant to the current role. Familiar with all five codes of practice but particularly well versed in the practical application of codes A, B and E. Able to apply this knowledge to suit the needs of the current role.
Management of Police Information (MOPI) (Level 3)
Has a basic understanding of the APP for Information Management (incorporating MOPI guidance) and its practical application. Recognises when there is a policing purpose to record information. Is familiar with the NPCC Retention Schedule. Takes personal responsibility to ensure information is recorded accurately and is retained for as long as it has a policing purpose and is stored in such way to allow it to be accessed by those with legitimate reason. Securely disposes of material which no longer has a policing purpose. Has successfully completed all standard relevant Information Management and Security, training package(s). Accurate use of Government Security Classification (GSC). Ensures physical and digital records are stored with appropriate security relevant to the sensitivity of the documents.
Risk Management (Level 3)
Demonstrates an awareness of personal risk management issues, challenges or difficulties likely to affect the post holder in the execution of their duties. Able to anticipate risks likely to affect their work and knows how to communicate the likelihood and possible impacts of such events to line managers or supervisors.