Data Security & Protection; DSP Adviser

DSP Adviser – Overview

As a DSP Adviser, you will act as the first point of contact for routine Data Security & Protection queries and contribute to the delivery of the Group's Data, Security & Protection (DSP) strategy.

• Provide clear, specialist advice on UK GDPR, Data Protection Act 2018 and confidentiality requirements.
• Manage and investigate data security incidents via Datix, escalating concerns where appropriate.
• Deliver DSP training sessions (classroom, small groups, MS Teams) and help maintain compliance above required thresholds.
• Maintain key organisational records including the Information Asset Register and Information Sharing Gateway.
• Support colleagues with Data Protection Impact Assessments, Privacy Notices and policy development.
• Work closely with department colleagues, support services, clinical services, operational and strategic DSP leads to promote excellent Information Governance, Data Security and Data Protection practice.
• Be aware of Data Security and Protection incidents and support the investigation process, ensuring relevant actions are taken and lessons learned to prevent recurrence.
• Provide support for a programme of DSP‑related work managed by the Head of DSP, locally directed by the DSP Team Leader.
• Log serious Information Governance incidents on the DSP Toolkit incident reporting tool.
• Conduct Data Security and Protection user satisfaction surveys in line with DSP Toolkit requirements.
• Deputise for the DSP Team Leader, attending relevant meetings when necessary.
• Support other areas of the DSP Team as directed by the Head of DSP and the DSP Team Leader.
• Act as first line of response for DSP queries, providing support, advice and guidance to key areas of the Trust including Research and Innovation, Complaints, Governance and IT.
• Develop and maintain standard operating procedures for all routine tasks carried out within the role.
• Support the development, review and roll‑out of appropriate DSP‑related policies and procedures.
• Manage DSP records (paper and electronic), updating reports, maintaining action plans, policies and procedures.
• Take a proactive role in collating evidence required for the annual DSP Toolkit submission and participate in improvement plans.
• Maintain a register of Information Governance incidents and produce regular reports from Datix, liaising with all departments and Risk Management, leading on incident investigations where appropriate.
• Maintain the Trust’s Information Asset Register and undertake reviews in coordination with Information Asset Owners and Administrators.
• Support internal colleagues with the completion of Data Protection Impact Assessments, highlighting data protection and security risks.
• Update and maintain the Trust’s Privacy Notice to ensure compliance with UK GDPR standards and internal policies.
• Understand and monitor compliance with relevant legislation, including the common law duty of confidentiality, the Data Protection Act 2018, GDPR, Computer Misuse Act 1990, Human Rights Act 1998, etc.
• Manage Information Sharing Agreements and flows via the Information Sharing Gateway, working with internal and external stakeholders to ensure these are appropriately documented.
• Liaise with relevant stakeholders to ensure Information Sharing Agreements are completed and reviewed in line with GDPR.
• Establish good working relationships with key staff in all departments across the Trust.
• Implement policies and propose changes to Group DSP policies as appropriate, monitoring compliance with those policies and protocols.
• Conduct Data Protection Impact Assessments (DPIAs) where necessary and ensure the Group adheres to the data privacy by design and default as set out in Article 25 GDPR.
• Assist the DSP Team Leader in collating relevant reports and information for compliance reporting, inspections and internal assurance.
• Escalate incidents to the Team Leader immediately when they may meet the criteria for a Serious Incident / reportable to the ICO.
• Work with the complaints team and directly with members of the public to communicate appropriately regarding any DSP grievances and queries.
• Maintain specialist knowledge in Data Protection Law and UK…