Job Title:Head of Data Compliance and Records Management

Job title:Head of Data Compliance and Records Management

Reports to:Deputy University Secretary

Department:Vice-Chancellor’s Office

Location:Brighton - Moulsecoomb

Grade:8

Purpose of the role: To be responsible for the University’s Data Protection Strategy and Records Management ensuring compliance with data protection and freedom of information legislation, providing a source of expertise, and taking day-to-day responsibility for administration, processing and consideration of all DPA/FOI requests made to the University.

Main areas of responsibility:

Data and Compliance Strategy

1.1.To ensure that University policies are fully compliant with the General Data Protection Regulations (GDPR) including a suite of appropriate documents covering policy, process and operational guidance.

1.2.To act as Lead Adviser on GDPR/Data Protection activities across the University communicating Data Protection requirements, the risks of non-compliance and establishinga compliance culture across the University.

1.3.To be responsible for the monitoring of GDPR/Data compliance and to challenge areas of the University at risk of non-compliance.

1.4.To lead on all data protection issues, and to deliver appropriate training and guidance.

1.5.To act as specialist adviser to the University’s Data Governance Group, whose remit includes responsibility for oversight of data protection, and liaise with the data stewards as agreed by that Group.

1.6.To develop good working relations with schools and departments at the University in respect of data protection work, particularly with Academic Services, Human Resources, Philanthropy and Alumni Engagement, and Research and Social Enterprise Partnerships to ensure compliance.

1.7.To act as the University’s key point of contact with the Information Commissioner’s Office (ICO), JISC and other supervisory authorities and to ensure that the University’s registration with the ICO is kept up to date.

Data Protection

2.1.To take day-to-day responsibility for the administration, consideration and timely processing of DPA Subject Access Requests (SAR).

2.2.To maintain an accurate record of SAR requests, including details of the request, disclosures, refusals, time taken and estimated costs.

2.3.To manage data protection breaches or incidents, liaising with relevant colleagues across the University, including senior managers, to deliver prompt resolutions.

2.4.To review and revise the University’s data protection arrangements in preparation for the implementation of the General Data Protection Regulations (GDPR) in 2018, including the delivery of training and guidance to relevant staff and the drafting of new policies and procedures.

Freedom of Information

3.1.To take day-to-day responsibility for the administration, consideration and timely processing of all FOI requests made to the University, liaising with schools and departments across the University to collect and agree information to be released, and with the Information Commissioner’s Office in respect of the use of exemptions or of compliance issues.

3.2.To maintain an accurate record of FOI requests, including details of the request, disclosures, refusals, time taken and estimated costs.

3.3.To regularly review and update the University’sPublication Scheme.

3.4.To ensure the recognition of the role as the primary point of contact for FOI requests, and to establish an internal network for the delivery of guidance on FOI procedures.

3.5.To deliver appropriate training and guidance material on FOI issues.

Records Management

4.1.To maintain a records management framework including Records Retention Schedules for all departments of the University in accordance with JISC guidance.

4.2.To develop and maintain an Information Asset Register, identifying Information AssetOwners and training them on their associated responsibilities.

4.3.To be the source of expert advice in relation to all aspects of records management including the appropriate retention of corporate records and the timelydestruction of records which are no longer required.

4.4.Work with the University’s Information Services Department to ensure an appropriatecorporate solution is in place and maintained to store, manage and archive electronic records.

4.5.Review and maintain processes for destroying records and recording evidence of their destructionon an ongoing basis, as appropriate.

4.6.To advise staff to ensure essential business records are stored appropriately or made accessiblee.g. in relation to leavers, movers or when functional business areas become obsolete; and workwith staff and Estates Services in advance of and during office moves and buildings disposals toensure that records are transferred and/or stored securely, as appropriate.

General responsibilities

5.1.To maintain an update knowledge of legislative requirements and sector best practice for data protection and FOI.

5.2.To produce regular management information reports on FOI and data protection compliance and to identify trends in FOI and SAR requests.

5.3.To liaise with Internal Audit on risk mitigation.

The followingresponsibilities are standard to all University of Brighton job descriptions.

5.4.To undertake other duties appropriate to the grade and character of work as may be reasonably required, including specific duties of a similar or lesser grade.

5.5.To adhere to the University’s Equality and Diversity Policy in all activities, and to actively promote equality of opportunity wherever possible.

5.6.To be responsible for your own health and safety and that of your colleagues, in accordance with the Health and Safety at Work Act.

5.7.To work in accordance with the Data Protection Act.

The person specification focuses on the knowledge, qualifications, experience and skills (both general and technical) required to undertake the role effectively. Please ensure that your application demonstrates how you meet the essential criteria. You will be assessed by your completed application form (A), at interview (I) and in some instances through an exercise (E).

Essential criteria / A, I, E
Knowledge /

Specialist knowledge of the application of the legislative requirements relating to DPA/FOI in the UK.
A good understanding of records management and effective administrative processes, including the use of electronic systems for supporting and enhancing efficiency and effectiveness of administration.

/ A, I, E
A, I
Qualifications /

First degree or equivalent qualification

/ A
Experience /

Extensive experience of dealing with DPA/FOI compliance issues and records management, preferably in the HE sector.
Experience of dealing with the Information Commissioner’s Office, and other relevant third parties.
Experience of identifying and mitigating risks on data protection and FOI issues.
Experience of business process review and improvement.
Experience of dealing regularly with FOI requests.
Experience of dealing with Subject Access Requests
Experience of providing training in DPA/FOI issues

/ A, I
A, I
A, I
A, I
Managing people /

Ability to work collaboratively and as part of a team.
Ability to work with and engage with staff at all levels of the organisation
Ability to advise on complex and sensitive matters at a senior level.

/ A, I
A, I
A, I
Technical/work based skills /

Excellent communication skills, both written and oral.
Good administrative skills including the ability to develop and implement accurate and up to date record systems.
Sound IT skills including the use of the Microsoft Office suite or similar.

/ A, I
A, I
A
Other requirements /

A commitment to continuous professional development.

/ A
Desirable /

A legal qualification
Experience of working in UK Higher Education.

/ A, I
A, I

Any appointment is generally made at the bottom of the salary range for the grade dependent upon experience and previous salary.
This is a full time post and is permanent.
Annual leave entitlements are shown in the table below and increase after 5 years’ service. In addition, to the eight Bank Holidays, there are university discretionary days between Christmas and New Year. All leave, including bank holidays and discretionary days, is pro-rated for part time employees.

Grades / Basic entitlement per year / Grades / After 5 years’ service
1-3 / 23 days / 1-3 / 28 days
4-7 / 25 days / 4-7 / 30 days
8-9 / 27 days / 8-9 / 30 days
Band 10 and above / 30 days / Band 10 and above / 30 days

More information about the department/school can be found hereProfessional Services Departmentsor hereAcademic departments (schools and colleges)
Read the University’s 2016 - 2021 Strategy
The University has an attractive range of benefits and you can find more information about them on our website

Date: March 2017