Data Protection Officer Vacancy

Salary: £35k – £41k


HEFESTIS is a not-for-profit Shared Service organisation, jointly owned by member institutions across the University and College sector. It provides shared services to institutions and where applicable to sector owned bodies. Our core vision is “to be the shared service partner of choice for sustainably delivering information and change management services across the UK Further and Higher Education sectors”.

HEFESTIS has established a successful Data Protection Officer (DPO) Shared Service, currently comprised of seven DPO’s who serve a large proportion of Further and Higher Education institutions across Scotland. Each DPO fulfils the statutory obligations of the role for one or more institutions and associated bodies. The DPO’s work virtually as a team, providing a peer network of support, with many years of experience from a variety of backgrounds. This allows individuals to grow professionally as well as providing an effective and resilient resource for our members.

The Role

We are looking to recruit a DPO for organisations in the north-east of Scotland. You will be the named DPO, with a reporting line to an appropriate member of the senior management team at each institution as well as to the HEFESTIS Head of Service. You will be expected to work a hybrid pattern of on-site and remote working as agreed with clients and in-line with government guidance and advice.

This role will provide the opportunity to guide institutions so that data protection is well-managed, supporting compliance and best practice to protect the privacy rights of data subjects. This role offers the independence and responsibility of a DPO as outlined under UKGDPR, with the benefits of being part of a knowledgeable, experienced, and well-respected team.

The key aspects of this role include but are not limited to:

  • Provide experience, expertise and guidance in data protection law including UK GDPR.
  • To review and periodically update each institution’s data protection policy and supporting procedures/guidance.
  • To have knowledge of case law and ICO regulatory action and disseminate this through recommending actions and issuing guidance.
  • To provide reports to senior management teams, compliance checks and audits.
  • To achieve a fundamental understanding of the sector, ensuring delivery of pragmatic, proportionate and workable guidance and support.
  • Participation in operational meetings and advising on the impact of regulations on institutions.
  • Raise awareness of data protection and provide training to institutional staff as required.
  • Tailor service delivery by considering each institution’s environment/circumstances.
  • Contextualise guidance in different functional areas within institutions, ensuring advice is consistent with that provided to other shared service members.
  • Support and develop data protection assessment tools and templates and share them across DPO-Share Service and/or utilise tools and templates developed by other DPOs in the Team to maximise efficiency across the service.
  • Undertake data security incident/breach investigations and report matters to senior management.
  • Cooperate with and act as a single point of contact for the ICO where appropriate.
  • Provide a central/single point of contact during an investigation (should an incident/breach impact more than one Member institution).
  • Available by phone for urgent enquiries (e.g. data breaches).
  • Use balanced judgement to prioritise and deal with competing demands.
  • Provide consistency of advice across institutions as part of the Service team.
The Person

The post holder must be able to work as part of the DPO Share Service team, engaging with and supporting the DPO team regularly. In addition to this, you must be able to cooperate and gain the trust and respect of staff at all levels within your institutions as well as other stakeholders.

As such, candidates will be required to demonstrate capability and experience in a significant number of the following areas:

Experience and Skills:
  • A detailed knowledge of data protection legislation, including UK GDPR and the Data Protection Act is essential.
  • A strong background in data protection, information governance, legislation and/or policy development is essential, preferably with a recognised qualification.
  • A genuine passion for data protection.
  • Experience of conducting compliance audits would be beneficial.
  • An understanding of the Higher and Further Education sector would be beneficial although not essential.
  • Experience of working in or with the public sector.
  • Excellent verbal and written communication and presentation skills.
  • Analytical background with attention to detail.
  • Openness, transparency, and the ability to engender trust.
  • Self-assured and capable.
  • Skills in negotiating and influencing, with the ability to identify common ground and solutions.
  • Demonstrable commitment to the Equality and Diversity in all aspects of the company’s operation.
  • Competitive Salary: £35k – £41k per annum pro-rata
  • Annual leave: 26 days annual leave plus 14 fixed/floating days per annum pro-rated for part-time hours.
  • Benefits:  Membership of the company pension scheme, access to the company benefits suite including cycle-to-work scheme, and gym discounts
How to Apply

Applications should be made by forwarding your CV (two pages maximum) with a one page covering letter outlining why you would like to work for HEFESTIS to   Interviews will be held virtually via Microsoft Teams.