The Data Protection Officer is a legally mandated role for organisations processing large volumes of health data such as Push Doctor. The DPO represents and advises the organisation in all data protection matters. This role can either be full time or part time.
- Maintain expert knowledge of data protection law and practices, as well as other professional qualities, to ensure that Push Doctor complies with the requirements of the EU GDPR and relevant UK data protection law(s) and regulations.
- Ensure that documentation to demonstrate compliance with the GDPR such as policies and procedures are kept up to date.
- Inform and advise all members of staff on their obligation to adhere to the EU GDPR and UK law(s) when dealing with personal data.
- Monitor compliance with the EU GDPR and UK law(s).
- Carry out data protection impact assessment (DPIA), including monitoring performance of DPIAs.
- Be the point of contact for the supervisory authority on issues relating to processing of personal data, and to consult with the supervisory authority, where necessary, on any other personal data matters.
- Contribute to the development and maintenance of all Push Doctor data protection policies, procedures and processes in relation to the protection of personal data.
- Advise management on the allocation of responsibilities internally to support ongoing compliance with the GDPR and UK law(s).
- Ensure training and awareness is available and delivered to all members of staff involved in processing operations relating to personal data.
- Regularly monitor compliance with the EU GDPR and UK data protection law(s) by conducting audits of processes relating to personal data, and report to the Leadership Team.
- Be the point of contact for data subjects with regard to the processing of their personal data.
- Monitor compliance with the Data Protection Policy throughout Push Doctor and to develop/advise on procedures for effective security.
- Advise senior management on the allocation of information security responsibilities.
- Develop/advise on formal procedures for reporting incidents (EU GDPR and information security-related) and investigations under Articles 33 and 34 of the GDPR.
- Contribute to the business continuity and disaster recovery planning process.
- Advise on and monitor the safeguarding of organisational record management.
- Work with information asset owners to ascertain the extent to which personal data is collected, held and/or used in Push Doctor, and that it is properly controlled and safeguarded from loss of confidentiality, integrity or availability from any cause.
- Ensure that records of the processing are kept by Push Doctor.
- Advise Push Doctor of its obligation to issue privacy notices to data subjects at the point of collection of their personal data.
- Review and appraise the soundness, adequacy and application of security and other controls for the protection of data.
- Identify and test the controls and, where appropriate, to suggest additional controls, which may be established to maintain the confidentiality, integrity and availability of personal data.
- Bring to the attention of the Leadership Team any matters which are potential risk factors to the proper safeguarding of personal data within Push Doctor.
- Ensure that information governance is regularly discussed in team/project or organisation meetings.
- Ensure the development of an IG Policy that sets out at a high level the team/project or organisation’s intended approach towards information governance.
- Ensure that an annual assessment of the team/project or organisation performance against the requirements in the IG Toolkit is completed.
- Ensure that an IG plan is in place for each IG Toolkit requirement to enable improvements to be made or maintained against the assessment.
- Liaise with third parties as appropriate including Push Doctor’s customers, partners and the NHS to ensure that we remain compliant and address any concerns of our partners.
- Ensure policy and procedures are reviewed on an annual basis and arrange for amendment as necessary.
- provide regular detailed reports about improvements that have been met, that will be met by years end, that cannot be achieved without further resource, (personnel or budgetary) and that have already missed the target date.
- Ensure that reports are presented in a complete and timely manner.
- Raise awareness of the importance of IG throughout the team/project or organisation and encourage all staff that hold, obtain, record, use and share information to participate in raising IG standards.
- Develop and implement a communications plan to make the public aware of their rights under the Data Protection Act, GDPR and the Freedom of Information Act 2000.
- Develop and implement an IG awareness and training programme for induction and on-going training.
- Maintain and update own knowledge of developments in information management and in national records management systems.
- Monitor the team/project or organisation’s information handling activities to ensure compliance with law and guidance.
- Expert knowledge of data protection law and practices, notably the GDPR
- Proven experience of implementing NHS DSP Toolkit desirable
- Experience in data protection roles with proven success in leading data protection programmes
- Recognised industry certifications in Privacy and Information Security, e.g. CISSP, GDPR-P, CIPP/E
- Strong appreciation of business strategy, marketing and using information systems to drive organisational growth
- Understanding and experience of the health sector
- High professional ethics and integrity, able to lead by example in fostering a culture of responsible data handling and respecting data subjects.
- Confident presenter able to promote challenging points-of-view and train personnel on data protection
The Data Protection Officer is authorised to have access to all Push Doctor’s systems relating to the collection, processing and storage of personal data for the purpose of assessing the use and security of personal data. The Data Protection Officer may expect the cooperation of all staff in carrying out these duties, including access to systems and records. In the event that cooperation is not being forthcoming, the Data Protection Officer will report to the Leadership Team accordingly.
Note that data protection compliance is a corporate responsibility of Push Doctor, not of the Data Protection Officer.
Push Doctor are working in partnership with NHS practices across the country to provide video appointments with NHS GPs to patients. Our partnership approach empowers patients and the NHS to leverage the benefits of our digital solution and our technology fully integrates with NHS clinical systems to ensure a continuity of patient safety and care.
Push Dr Values:
We are curious, caring and passionate. We have experienced healthcare ourselves and use research and insight to understand the aspects of healthcare we have yet to experience. Whenever empathy seems out of reach, we are proactive in bringing it into focus.
We carve the path for others to follow, setting industry standards and transforming healthcare for the better. We are anything but new to this and have so much to be proud of. Together, we are unstoppable.
Everything we do should add value to our service. We optimise and occasionally overhaul every aspect of the experience we provide, challenging expectations of what health can (and should) be. This isn’t something that happens overnight, so we need to be resilient and never lose faith.
- Competitive Salary
- In house gym
- Free snacks / food / drinks / fruit in the office
- Flexible working
- Life Insurance