Data Protection Manager

The Head of Data Governance, Risk and Assurance is a senior role responsible for developing and maintaining systems and operating frameworks to monitor and manage our regulatory risk, compliance with regulatory requirements and internal policies, taking a data-led approach. This is a new role within the charity which runs Westminster School and Westminster Under School, supporting their expansion and setting the foundations for a new Data Governance, Risk and Assurance Department.

They will develop and prepare regular assurance and compliance reporting to the Senior Management and Board Committees to provide assurance on the management of risks and compliance with policies and procedures, as well as developing the incident management and business continuity frameworks and reporting. Additionally, they will lead the management of insurance, licensing arrangements and UK Visas and Immigration for staff and pupils.

The role holder line manages the new role of Health and Safety Manager and, as the charity’s Data Protection lead, they are the primary source of advice and training for staff to ensure compliance with data management legislation.

Responsible to the Bursar and Chief Operating Officer the key duties and responsibilities of the role holder are detailed below. This list is not intended to be exhaustive and will be reviewed periodically in line with school and business requirements. The role holder will also work closely with the Under Master at Westminster School and the Deputy Master at Westminster Under School who maintain the policy suite and have oversight of compliance with the requirements of the Independent Schools Inspectorate (ISI).

They will also liaise directly with other key stakeholders within the charity, including the Clerk to the Governors, wider leadership teams and Admissions across both schools as well as the Chair of the Audit, Risk & Compliance Committee.

Risk Management

• Further develop the charity’s risk management framework and policy for the schools and activities across the charity, including the risk appetite.
• Create a proactive and preventative approach to risk management, effectively communicating and championing risk management across the charity and supporting colleagues to embed the agreed approach in their ways of working and decision making.
• Constructively challenge assessment of risk on the risk registers and monitor the effectiveness of the risk mitigations and identification of emerging risks.
• Liaise with Senior Management and Governors to manage and maintain the central Risk Register and associated assurance framework for the charity, updating, monitoring and reporting on organisational risks to the leadership teams and Governors.
• Develop a rolling schedule of auditing school, fundraising, commercial and operational procedures, practices, and documents to identify possible weaknesses or risks and work with managers and departments to manage those risks.
• Manage the Health and Safety Manager in their day-to-day activities and support them to embed a culture of excellent Health and Safety practice and compliance throughout the organisation.

Compliance and Assurance

• Evaluate business activities to assess regulatory or policy compliance risk and ensure the appropriate escalation, recording, reporting and remediation of issues.
• Create and maintain a charity wide process for monitoring compliance with policies, procedures and guidance and providing assurance on this.
• Work with Senior Management to ensure that appropriate and effective policies, procedures and associated training is in place and undertaken to manage the risks on the risk register. Monitor completion of regulatory training and implement effective communication and reporting to ensure mandatory training is undertaken.
• Create, maintain, and update compliance related policies and procedures and training for the areas under the remit of the role.
• Conduct or direct the internal investigation of compliance issues and related incidents as appropriate. 
• Oversight as appropriate of external “internal audits” conducted, reviewing findings with the leaders of the areas being reviewed and monitoring completion of action plans to address the findings.

Business Continuity, Incident Management

• Lead the charity’s Business Continuity framework, collaborating with other teams to ensure effective plans are in place to manage a crisis or compliance violation and to ensure appropriate improvement activity is identified.
• Develop and oversee the Incident Management and reporting framework.
• Develop an organisation wide Incident Management Policy and Procedures, including incident reporting and monitoring processes and reviews to capture lessons learned and enable any required changes in process to be identified. Ensure this is embedded across the organisation and operating effectively.

Data Governance and Protection

• Continue to develop, integrate and implement the Charity’s Data Governance strategy, framework and reporting procedures to ensure compliance with Data Protection regulation.
• Monitor compliance with the framework to enable the Charity to meet its legal, contractual and statutory obligations while reducing the information risk exposure.
• Responsibility for continuously raising levels of knowledge and awareness of data governance and compliance with information policies and procedures across all staff as an important contributor towards safe and high-quality delivery of education and engagement with pupils, parents donors and other customers.
• Act as the school’s Data Protection lead, supporting and advising colleagues across the organisation with specialist advice and practical guidance on the implementation of privacy management policies and procedures.
• Manage Subject Access Requests (SAR’s), liaising with Senior Management and others across the charity, and its legal advisors as required.
• Lead in the recording, monitoring, and reporting of risks associated with data processing activities and identify actions that can be taken to mitigate risk.
• Manage reporting to the Information Commission Office, after due engagement with the Bursar & Chief Operating Officer, the Head Master and Master and the Chair of the Audit, Risk & Compliance Committee.
• Lead a regular review of all privacy management and records management policies and procedures in line with legislative changes and organisational requirements.
• Plan for legislative changes and their impact on schools and wider fundraising and commercial activities, identifying risk associated with the changes and working with managers to address such changes.
• Work with the Digital & Operations and the HR Departments to support the delivery of training in Data Protection and cyber security.
• Work with the Director of Digital and Operations to process data subject rights requests, including Subject Access Requests, Erasure Requests and Objections to Processing, in line with the legislative timescales.

Insurance

• Manage the annual insurance renewal and provide oversight and leadership of the administrative work conducted by staff on the management of ongoing insurance matters and insurance claims, ensuring good processes are in place and operated.
• Work with Senior Management to ensure compliance with insurance requirements and coordinating with external insurance partners as required.

Legal Affairs

• Develop and implement a tender process to create a panel of lawyers with an agreed pricing structure to provide required professional advice, ensuring value for money and fair pricing.
• Oversee use of lawyers, maintaining a record of use, fee arrangements and management of legal budget.
• Act as a central point of contact with the school’s legal advisors for general advice as required, supporting the leadership across the charity to obtain the legal advice needed.

Other

• Staff Conflicts of Interest – oversee the system for recording, monitoring and management of staff compliance, including responding to matters notified and reporting as required. Ensure the relevant policy and procedures are kept up to date.
• Fraud, Bribery & Anti-Money Laundering – oversee the framework and assurance reporting for managing these risks, maintaining clear policies and procedures.
• Sanctions – Ensure an appropriate framework is in place with required policies and processes are kept up to date. Provide advice and tools to stakeholders for managing compliance and provide reporting to aide assurance that the policies are being complied with.
• UK Visas and Immigration for staff and pupils – act as the Schools’ authorising officer and provide oversight and leadership of the administrative work conducted across the Schools to ensure UKVI compliance as a Sponsor for staff and pupils, including Child Student Visas. Liaise with UKVI and other agencies as required to ensure compliance.
• Licenses – work with the Senior Management and operations teams to identify required licenses for performances, events and premises licences, including management of commercial activities. Provide oversight and leadership on setting up the applications and managing renewal processes as required.
• Conduct investigations into any compliance breaches that fall within the remit of this role, reporting as appropriate.
• Develop, own, and present the Data, Assurance and Compliance reports to the Senior Management and the Audit, Risk and Compliance Committee.
• Any other duties as deemed reasonable and necessary by the Bursar and Chief Operating Officer.

Additional benefits:

• 25 days annual leave plus bank holidays and discretionary Christmas stand-down period. Leave should be taken when convenient with the workload and deadlines
• Pension – Contributory Defined Contribution Scheme
• Free school lunch is provided
• Use of School gym (restricted hours)

This role may accommodate hybrid working with a minimum of 3 days a week in the office.