Data Protection Officer
Runnymede Borough Council
Role
Job Description
- POST DETAILS Service Area: Law and Governance Division: Data Protection Post Number: D0014 Working Hours: 20 Grade: MMB
Work Base:
Agile/fixed/mobile:
Civic Offices
Agile Prepared/Agreed by: Mario Leo- Corporate Head of Law and Governance Date: 07/01/25
-
ORGANISATIONAL RELATIONSHIPS Reports to: Corporate Head of Law and Governance Deputising Responsibility: None Directly Supervises: Nil Indirectly Supervises: Information Governance Officer
-
JOB AIM AND PURPOSE (What is the job trying to do?)
The post holder will be the Council Officer responsible for overseeing data protection compliance within the Council. The post holder will be key to moving forward the Council’s data protection and information governance agenda. The post holder will report to senior management on data breaches and will be the point of contact for the Information Commissioner’s Office in respect of such issues.
- MAIN OBJECTIVES
To provide direction, support and advice to the Council, its senior management team and all teams across the Council’s services in relation to their data protection obligations. To provide leadership across the council on data protection compliance.
- MAIN DUTIES AND RESPONSILBITIES OF THE POST
To take the lead in providing expert data protection advice to Council officers and Councillors relating to all aspects of data protection.
To provide expert advice and input where requested regarding the drafting and sign off of data protection impact assessment.
To have oversight of the progress and status of DPIAs prepared by the council.
To cooperate with the Information Commissioner’s Office in all matters relating to information governance; and to investigate regulatory complaints in accordance with relevant regulatory requirements.
To act as the principal contact point for the Information Commissioner’s Office on issues relating to data processing, including the prior consultation, and to consult, where appropriate, with regard to any other matter relating to information governance.
To promote data protection compliance and best practice by setting and maintaining standards and procedures, ensuring the Council’s data protection policies are up-to-date and disseminate any changes in relevant legislation to key members of staff.
To advise on all elements of collecting and processing personal data and on the requirements and implications of data protection legislation.
To provide expert advice to the Council and where appropriate draft privacy notices, and any other data protection documentation in order to ensure that individuals are aware of our intentions to process their data and ensuring that the Council is processing personal data in a fair and lawful manner in line with the individual’s rights.
To investigate and report on any processing, blocking, erasure, destruction and the right to be forgotten notices issued by individuals in accordance with relevant legislation, ensuring that the purposes of the processing are compatible with the conditions for processing in accordance with that legislation and to respond to individuals accordingly.
To participate in data protection audits and reviews across all Council services that are processing personal data in order to ensure that the Council is compliant with relevant legislation.
To investigate breaches and incidents of data protection, establishing any potential weaknesses in Council policies and inform the Corporate Leadership Team accordingly. Formally report all compliance issues relating to information governance, including any complaints and breaches of the legislative framework to the Corporate Head of Law and Governance (SIRO) and senior management.
To provide advice and assist with all data protection queries relating to projects, programmes and data sharing initiatives.
To report on data protection matters to the highest management level within the Council.
To deal with internal data protection queries from colleagues across the Council.
To support corporate projects across the Council, and to be an active member of associated project groups where required.
To develop and provide a staff data protection training at appropriate intervals during each year.
To lead the Information Governance Group and ensure actions are attributed to specific officers.
To work with external partners and organisations on data sharing initiatives and agreements.
To draft policies, procedures and documentation relating to data protection and information governance matters.
General The above is a record of the main duties and responsibilities of this post at a given date. The job may naturally change to meet the requirements of the service. If the changes are more significant your manager will discuss this with you.
The delivery of this job description should be read in conjunction with the council’s competency framework.