Data Protection and Information Governance Officer
This is a leadership role in the organisation, offering the opportunity to work in a fast-paced, dynamic environment as a multiple service provider.
South Dublin County Council processes a large volume of highly sensitive personal data daily to deliver the range of local authority services to citizens across the county. In doing this, the Council must ensure that it has adequate organisational and technical measures in place to develop a fit for purpose operating model for data protection and information compliance within the organisation, to ensure the rights of service users are respected and any privacy risks are minimised.
The person holding this role has primary responsibility for overseeing the Council's Data Protection and Information governance framework to ensure the Council is compliant with legal and regulatory requirements and adopts principles of good corporate governance in relation to data protection and information management.
Working as a member of the Council's Corporate Services team, the person appointed will effectively oversee and manage all aspects of information management and data protection governance and will have specific responsibility for the role of Data Protection Officer for the Council.
The successful candidate will work with all sections in the Council to establish and maintain effective corporate and departmental processes and systems to ensure all information handled and processed by South Dublin County Council is managed in line with the Council's policies, procedures and relevant legislation and regulation.
The post holder will take the Strategic and operational lead for compliance with corporate governance standards within the organisation in the areas of:
* Information Governance
* Data Protection
* Records Management and Retention
* Freedom of Information
* Access to Information on the Environment
The duties include, but are not limited to the following:
* Reporting to the Chief Executive or delegated nominee, the duties of the post will include the following:
* Leadership role in devising and implementing the Council's Information Governance framework and develop and report on relevant KPIs.
* Responsible for the effective implementation of Data Protection across the Council.
* Engage at all levels across the organisation with members and staff and develop relationships with external partners and stakeholders, to maximise compliance and efficiency in the management of personal data.
* Co-ordinate the meetings and work programme of the Council's Data and Record Management Steering Group.
* Monitor compliance with the Council's data protection obligations concerning the operation of its CCTV systems and advise the Council on the operation of such from a data protection perspective.
* Report and manage all data protection incidents and breaches and liaise with employees, affected data subjects, processors and the Data Protection Commission (DPC), as required.
* Conduct or arrange for regular audits of Data Protection Compliance throughout the organisation including a data breach analysis and develop multi-annual plans to achieve and sustain compliance.
* Proactively identify risks to compliance and recommend mitigations including advice regarding requirements for and conduct of data protection impact assessments (DPIA), data sharing and processing agreements, records of processing.
* Engage with ICT to review the adequacy of data and information security controls and to assist in the development and review of related business continuity plans and disaster recovery plans.
* Ensure all public information and Council websites are up-to-date providing information to the public on their rights and compliant with all data protection requirements.
* Identify, review and amend as needed all third-party contracts involving data processors to ensure that they are compliant with relevant data protection legislation and offer suitable technical and organisational measures to protect personal data and bring into compliance any international data transfers.
* Promote and embed a data protection culture within the organisation including delivery of staff induction and awareness programmes, developing and maintaining resources such as portals, training programmes, guides, tips and supporting data protection champions as needed.
* Be responsible for cooperation with and act as the contact point with the Data Protection Commission on issues relating to processing, including prior consultation referred to in Article 36 of the GDPR, and to consult, where appropriate, regarding any other matter.
* Where required, devise, review and update best practice policy and procedures considering business needs, developments in law and guidance from the Data Protection Commission.
* Liaise with and facilitate appropriate access to personal data with other statutory organisations including An Garda Sochna and so on, and any other bodies where joint controller sharing agreements exist or are required.
* Act as a contact point for data subjects regarding all issues related to processing of their personal data and to the exercise of their rights under the GDPR, managing subject rights requests and ensuring that processes to exercise such rights are organisationally efficient.
* Ensure that each business unit maintains a current record of all categories of processing activities (ROPA) and is compliant with GDPR.
* Act as the Freedom of Information (FOI) Officer for the Council and the contact point for FOI/AIE (Access to Information on the Environment), and Personal Data Access requests, and liaise with decision makers and internal reviewers in dealing with requests for information, providing advice where necessary and ensuring that statutory deadlines are met.
* Update the documentation required for FOI Publication Scheme and periodically monitor and track compliance.
* Maintain the FOI request tracking and recording system and the preparation of the FOI Request log as part of the FOI Publication Scheme requirement.
* Develop and advise on organisational compliance with Section 65 of the Local Government Act, 1994 and European Committees (Privacy and Electronic Communications) Regulations 2011, as amended.
* Lead and oversee the implementation of the prevailing National Local Authority Record Retention Policy across all Council operations.
* Manage, monitor and report on the implementation of the Document Management and Storage system and ensure all departments and staff are aware of their associated requirements in adhering to this system in their management, storage and use of documents and records.
* Other duties that may arise relevant to Data Protection and Information Governance.
Persons employed will be required to work in any location within the South Dublin administrative area.