Data Protection Manager

129150

£35,898 - £43,737

Permanent

Knowledge and Information Management

Full-time, Job share, Part-time

1

East Midlands, Eastern, London, North East, North West, South East, South West, West Midlands, Yorkshire and the Humber

This post is based Nationally

The Marine Management Organisation (MMO) is an executive non-departmental public body of the Department for Environment, Food and Rural Affairs. We license and regulate marine activities in the seas around England and Wales so that they’re carried out in a sustainable way.

We’re responsible for:

• Managing and monitoring fishing fleet sizes and quotas for catches.
• Ensuring compliance with fisheries regulations, such as fishing vessel licences and quotas for fish and seafood
• Managing funding programmes for fisheries activities.
• Planning and licensing for marine construction, deposits and dredging that may have an environmental, economic or social impact.
• Making marine nature conservation byelaws.
• Dealing with marine pollution emergencies, including oil spills.
• Helping to prevent illegal, unregulated and unreported fishing worldwide.
• Producing marine plans to include all marine activities, including those we don’t directly regulate.

More information about our work is on the GOV.UK website.

This role sits within the Data, Technology and Innovation (DTI) Team in the Digital & Analysis (D&A).

The DTI Team supports the MMO Senior Information Risk Owner (Director of D&A) in discharging responsibilities for information risk and leads the MMO’s security, data protection, technology services, information management and business continuity functions.

The post-holder will undertake key activities to ensure MMO information assets are managed in accordance with the General Data Protection Regulation (GDPR), Law Enforcement Directive (LED) and Data Protection Act 2018 and wider organisational and Departmental policies on both data protection, record and information management.

This includes:

• providing expert knowledge on data protection within the MMO;
• developing strong MMO reporting and escalation mechanisms for information management related issues, including data protection breaches;
• supporting good governance and information architecture relating to information and records management.

This specialist role will work closely with information security assurance specialists and legal advisors within the
MMO and Defra group to ensure IT systems and business processes enable compliance.

MMO is responsible for diverse collection of information assets and operational delivery requires collection, processing and sharing of data with industry and partner organisations both across the UK and internationally.
New regulations and changing business needs require us to continually improve policies, procedures, protocols and agreements that enable us handle personal and operational data in a secure and compliant manner.

The post holder will therefore:

• play a key role in advising Information Asset Owners (IAOs) to ensure all MMO information assets are recorded and collated centrally;
• support MMO colleagues, senior stakeholders and the MMO SIRO in identifying, documenting and managing information risks;
• lead on the development of all guidance on data protection including relevant policies, training and communications;
• liaise with the Data Protection Officer to ensure MMO’s Data Protection practices and compliance;
• be expected to provide Data Protection advice and support its operational function within the MMO. Travel may be required to MMO’s Head Office in Newcastle upon Tyne for occasional team meetings/face-to-face contact, if Covid-safe.

The post holder will be supported in continuing their professional development and certification (where appropriate), especially in respect to data protection.

Required:

• experience of delivering data protection advice and assurance including data protection impact assessments, subject access requests, data sharing agreements and privacy notices and managing information and data security activities in a regulatory environment, ideally in public service;
• previous experience of and a working knowledge of the General Data Protection Regulation (GDPR), Law Enforcement Directive (LED), Data Protection Act 2018 and PECR (Privacy and Electronic Communications Regulations);
• good judgement, and to demonstrate the use of evidence and knowledge to inform their decisions or when providing opinions or advice to others;
• excellent communication skills and ability to influence at the most senior levels of management.

Desirable

• BCS: Data Practitioner Certificate or equivalent
• Demonstrate knowledge of Record and Information Management principles, and experience of information systems particularly GDPR and the Public Records Act;
• An understanding of cyber/IT security as relevant to data protection.
• Please read the attached Candidate Pack for other details.

Sift Stage

Applications will be sifted using replies from Experience to establish whether you meet the essential criteria.
Feedback will not be given at sift stage

Interview Stage:

We will assess you against these Civil Service behaviours during the selection process (please look up the Civil Service Behaviours of the Civil Service Success Profiles for SEO grade for a description of each):

• Changing and Improving
• Working Together
• Communicating and Influencing

We will assess you against these technical skills during the interview process:

• Data Protection

For the interview a brief 5-10 minute presentation about data protection will be requested (the exact topic TBC for those passing the sift stage), following by questions.

Responsibilities

Please refer to Job Description

We’ll assess you against these behaviours during the selection process:

• Changing and Improving
• Working Together
• Communicating and Influencing

We’ll assess you against these technical skills during the selection process:

• Data Protection