Data Protection Officer and Information Governance Lead
Apply your skills in a space that matters
Push Doctor is a multi-award-winning digital health company that enables you to have a video consultation with a GP on any device. We’re growing at a phenomenal pace and we’re looking for amazing people to join us on our game-changing adventure to make millions of people healthier and happier.
Push Doctor Values
We are curious, caring and passionate. We have experienced healthcare ourselves and use research and insight to understand the aspects of healthcare we have yet to experience. Whenever empathy seems out of reach, we are proactive in bringing it into focus.
We carve the path for others to follow, setting industry standards and transforming healthcare for the better. We are anything but new to this and have so much to be proud of. Together, we are unstoppable.
Everything we do should add value to our service. We optimise and occasionally overhaul every aspect of the experience we provide, challenging expectations of what health can (and should) be. This isn’t something that happens overnight, so we need to be resilient and never lose faith.
- To inform and advise Push Doctor and its employees on their obligations to comply with the GDPR, DPA 2018 and Health and Social Care Information Governance and Confidentiality requirements.
- The Data Protection Officer will also be the Information Governance Lead and shall be responsible for completion of the NHS Data Security and Protection Toolkit
- The ability to coach and lead colleagues at all levels firm wide, to successfully educate and embed our processes and approaches
- To monitor compliance with the GDPR and other data protection laws, including managing internal data protection policies and activities including assigning responsibilities. This includes:
- Collecting information to identifying processing activities;
- Analysing and advising on the compliance of processing activities;
- Informing, advising and issuing recommendations to Push Doctor’s Leadership Te
- To develop and deliver a comprehensive data protection awareness and training programme for employees, including role-based training as required by the NHS Data Security and Protection Toolkit
- To conduct internal audits.
- To foster a data protection culture within the organisation and help to implement essential elements of the GDPR, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, security of processing and notification and communication of data breaches.
- To provide advice on Privacy Impact Assessments (PIA) and monitor whether processing is performed in accordance with PIAs undertaken. This will include:
- advising on whether or not to carry out a PIA;
- controls required to mitigate any risks;
- whether or not the PIA has been correctly carried out and whether its conclusions are in compliance with relevant legal obligations
- To have overall responsibility for dealing with personal data breaches, including any reporting requirements.
- To have overall responsibility for dealing with requests for:
- access to personal data;
- rectification of inaccurate personal data;
- erasure of personal data;
- restriction of processing of personal data;
- data portability;together with overall responsibility for complying with the data subject notification requirements where data is rectified and/or erased and/or where processing of personal data is restricted. To act as the point of contact for the Information Commissioner’s Office (“ICO”) and any other relevant supervisory or regulatory authorities on issues relating to processing and any other data protection matters
- To identify and manage risks related to data protection and escalate data protection risks and issues to Push Doctor’s Leadership Team as appropriate.
- To provide comprehensive reports to the Director of Risk and Governance on the organisation’s compliance with data protection legislation.
- To maintain the organisation’s Article 30 Record of Processing
KeySkills, Knowledge & Experience
- Expert knowledge of data protection law and practices
- Expert knowledge of Information Governance and Confidentiality
- Experience of, or familiarity with implementing NHS Data Security and Protection (IG) Toolkit
- Recognised industry certifications in Privacy e.g. CIPP/E, CIPM
- Detailed understanding of the health sector
- A demonstratable track record of translating regulatory requirements into practice.
- High professional ethics and integrity, able to lead by example in fostering a culture of responsible data handling and respecting data subjects
- Confident presenter able to promote challenging points-of-view and train personnel on data protection
- Excellent time management skills and ability to multi-task and prioritise work
- Attention to detail and problem-solving skills
- Excellent written and verbal communication skills
- Strong organisational and planning skills in a fast-paced environment
- Proven ability to execute and deliver results.
- Ability to work in a fast-paced environment with multiple deliverables.
- Excellent communication skills and the ability to instil a culture of responsible compliance
- Experience of building, maintaining and influencing relationships with a range of internal and external stakeholders
- Proactive engagement with stakeholders.
- Strong attention to detail.
- Ability to summarise issues succinctly to senior stakeholders and to be flexible and pragmatic with advice.
- Curiosity and breadth of thinking; spotting issues around the corner.
- Strong analytical skills with the ability to deconstruct complex issues and advise the business in a clear and concise manner.
- Result-oriented and assertive
- Competitive Salary
- Free Push Doctor for you and your family
- In house gym
- Free snacks / food / drinks / fruit in the office
- Flexible working
- Life Insurance
All Push Doctor roles are subject to a DBS check in line with safer recruitment standards