Location
Salary
£79,504 - £91,609 Per Anum
Grade
Band 8
Deadline
19 Jul 2026
Contract Type
Permanent
Posted Date
03 Jul 2026
Medical Protection — the side of locally employed doctors from £83

Job overview

The Head of Information Governance / Data Protection Officer provides corporate strategic leadership, statutory accountability, and professional authority for Information Governance, data protection, and data security across the Norfolk and Waveney Acute Hospitals Collaborative.

The postholder is the organisation’s designated Data Protection Officer (DPO) under UK GDPR and the Data Protection Act 2018 and operates independently in this statutory capacity. The role holds corporate responsibility for ensuring the lawful, fair, and transparent processing of personal data, including highly sensitive health information, across multiple Acute Trusts.

The postholder provides authoritative advice and assurance to Trust Boards, Executive Directors, Caldicott Guardians, Senior Information Risk Owners (SIROs), and system partners, ensuring that robust governance frameworks are embedded across digital transformation, clinical services, research activity, and corporate functions.

The role carries significant corporate accountability for safeguarding patient, staff, and organisational information assets. Misinterpretation, governance failure, or non-compliance at this level could result in regulatory enforcement action, substantial financial penalties, service disruption, reputational damage, loss of public trust, and patient harm.

Main duties of the job

Lead the development and implementation of the Collaborative’s Information Governance and Data Protection Strategy, ensuring alignment with NHS policy, national legislation, ICS objectives, and digital transformation priorities.

Act as the statutory Data Protection Officer, providing independent oversight and advice regarding compliance with UK GDPR, Data Protection Act 2018, PECR, Caldicott Principles, and NHS information governance standards.

Provide authoritative and independent advice on complex data protection matters, including lawful basis for processing, special category data, information sharing agreements, cross-border data transfers, research governance, and system-level data integration.

Detailed job description and main responsibilities

Lead and assure high-risk Data Protection Impact Assessments (DPIAs), ensuring that privacy risks are identified, mitigated, and documented appropriately.

Oversee statutory information rights processes, including Freedom of Information (FOI), Subject Access Requests (SARs), and data subject rights compliance.

Interpret highly complex and evolving legislation, regulatory guidance, case law, and national directives, translating these into clear organisational frameworks and operational controls.

Exercise expert professional judgement in situations involving ambiguous legal interpretation, sensitive data disclosures, research data access, whistleblowing, and safeguarding concerns.

Communicate highly complex, sensitive, and potentially contentious legal and governance matters to Boards, Non-Executive Directors, Executive Teams, senior clinicians, and system partners.

Person specification

Skills

Essential

  • Expert knowledge of UK GDPR, Data Protection Act 2018, Caldicott Principles, Freedom of Information legislation, Records Management standards, NHS DSPT requirements, and wider NHS regulatory frameworks

Attitude

Essential

  • Demonstrates the highest standards of professional integrity, confidentiality, and ethical conduct, recognising the sensitive and often emotive nature of information governance work.

Experience

Essential

  • Substantial senior leadership experience in Information Governance, Data Protection, or Information Risk Management within a large, complex NHS or public sector organisation, operating across multiple services and stakeholder groups.
  • Proven track record of acting as a statutory Data Protection Officer or equivalent senior IG lead, providing independent oversight and advice to Boards, Audit Committees, SIROs, Caldicott Guardians, and executive teams.

Qualifications

Essential

  • Educated to Master’s degree level (or equivalent depth of specialist knowledge developed through extensive senior experience) in Information Governance, Data Protection Law, Information Security, Public Sector Governance, or a related discipline, demonstrating highly specialised theoretical and practical knowledge across legal, regulatory, and digital domains (AfC Knowledge Level 7–8 equivalent).
  • Recognised professional qualification in data protection or information governance (e.g., CIPP/E, CIPM, ISEB Data Protection, BCS Practitioner Certificate in Data Protection), evidencing expert-level understanding of UK GDPR, Data Protection Act 2018, Caldicott Principles, Freedom of Information Act, Records Management Code of Practice, and associated NHS regulatory frameworks.

WhatsApp job alerts

Get instant WhatsApp alerts for Band 8 roles in Norwich

Create your Job Clerk account first. We'll collect your alert preferences during onboarding and help you turn on WhatsApp notifications for matching healthcare roles.

Sign up for WhatsApp alerts

Applying for this NHS job

This advert is for Head of Information Governance with Norfolk and Norwich University Hospitals NHS Foundation Trust in Norwich, East of England, England. It is listed as a Band 8 role. The advertised salary is £79,504 - £91,609 Per Anum. The contract type is Permanent. The application deadline is 19 Jul 2026.

Before you apply, compare the job description with the person specification and mirror the employer's essential criteria in your supporting information. Use the vacancy title, employer, location, salary, contract type, closing date and posted date (03 Jul 2026) to decide whether this role fits your current NHS job search. If the employer can close applications early, prepare the application before the stated deadline rather than waiting for the final day.

For more context, review related Job Clerk pages for the same profession, band or location where they exist, then use the application-support guides to tailor your statement and prepare for interview.