Senior Information Manager

This contract with our government client is for a Senior Information Manager for 4 months based in Southampton, Hybrid – 60% in the office/ 3 days.  

The key day to day tasks for this role are:  

- Provide expert data protection advice to the business in relation to the data protection functions.  

- Manage the Data Protection Impact Assessment (DPIA) process, ensuring the agency undertakes DPIAs when required. Advise on and assess risks identified in Data Protection Impact Assessments, working with stakeholders to mitigate risks.  

- Maintain the record of processing activities (ROPA) log.  

- Assist the Head of Data Protection in responding to formal complaints received from data subjects.  

- Provide advice to business areas responding to Individual Rights requests (including Subject Access Requests) from individuals, including advising on correct process, redaction and exemptions.  

- Manage the data breach reporting process, assessing risk and advising on appropriate actions, mitigations and reporting obligations where personal data breaches have occurred.  

- Manage the Data Protection risk register identifying data protection compliance risks alongside other business risks.  

- Review and maintain the MCA’s Privacy Notices, ensuring data subjects are accurately informed about MCA processing and the rights available to them. Ensuring relevant and accessible Privacy Notices are in place where required.  

- Raise awareness of Data Protection legislation and disseminate updates. Support the delivery of the annual training plan for the MCA, creating and delivering structured training as well as informal guidance to all staff on Data Protection issues.  

- Support the production of statistics/KPIs where required to track team activity and/or support wider business reporting requirements, escalating recommendations on matters that should be discussed with the DPO, Executive or the ICO.  

- Provide expert advice and assistance on the development of legal agreements relating to the processing of personal information to ensure data protection compliance, including data sharing agreements, data processing agreements, data transfer agreements, data disclosure agreements and other internal or third party agreements  

Core Day to Day Duties  

• Reviewing DP assessments  

• Privacy notices  

• Data breaches  

• Deciding actions  

• Advising on data sharing & disclosures of info  

• Supporting in reviewing individual rights disclosures  

• Approving responses  

• Governance responsibilities  

• data sharing & storage  

• Contracts  

• data protection clauses & schedules.

Key Essential Skills and Top 3 Evaluation Criteria:  

• Good grounding in Data protection law.  

• Know what disclosed & what cannot be disclosed.  

• min of 2 years’ experience  

• Making independent decisions  

1. 2 years of data protection experience  

2. Impact assessment experience  

3. Information rights requests.  

Desirable Skills  

• MS office.  

• Public Sector experience would be useful but not essential.  

• Quals would be great but not essential - Experience more beneficial