# Head of Information Governance

> NHS job listing from Job Clerk for Norfolk and Norwich University Hospitals NHS Foundation Trust.

## Canonical URLs

- **HTML:** https://www.jobclerk.com/job/head-of-information-governance/35216e5d-3bd1-4fc6-ba1b-fefe4e696b62
- **Markdown:** https://www.jobclerk.com/job/head-of-information-governance/35216e5d-3bd1-4fc6-ba1b-fefe4e696b62.md

## Summary

- **Status:** Live
- **Employer:** Norfolk and Norwich University Hospitals NHS Foundation Trust
- **Town:** Norwich
- **Region:** East of England
- **Country:** England
- **Grade:** Band 8
- **Salary:** £79,504 - £91,609 Per Anum
- **Contract type:** Permanent
- **Employment type:** Full time - 37.5 hours per week
- **Closing date:** 2026-07-19T23:59:00.000Z
- **Posted:** 2026-07-03T14:30:25.588Z
- **Source information URL:** https://www.healthjobsuk.com/job/UK/Norfolk/Norwich/Norfolk_Norwich_University_Hospitals_NHS_Foundation_Trust/Digital_Health/Digital_Health-v8131472
- **Application URL:** https://apps.trac.jobs/job-advert/8131472?ShowJobAdvert=&feedid=9002
- **Employer website:** https://www.nnuh.nhs.uk

## Job Content

### Job overview

The Head of Information Governance / Data Protection Officer provides corporate strategic leadership, statutory accountability, and professional authority for Information Governance, data protection, and data security across the Norfolk and Waveney Acute Hospitals Collaborative.

The postholder is the organisation’s designated Data Protection Officer (DPO) under UK GDPR and the Data Protection Act 2018 and operates independently in this statutory capacity. The role holds corporate responsibility for ensuring the lawful, fair, and transparent processing of personal data, including highly sensitive health information, across multiple Acute Trusts.

The postholder provides authoritative advice and assurance to Trust Boards, Executive Directors, Caldicott Guardians, Senior Information Risk Owners (SIROs), and system partners, ensuring that robust governance frameworks are embedded across digital transformation, clinical services, research activity, and corporate functions.

The role carries significant corporate accountability for safeguarding patient, staff, and organisational information assets. Misinterpretation, governance failure, or non-compliance at this level could result in regulatory enforcement action, substantial financial penalties, service disruption, reputational damage, loss of public trust, and patient harm.

### Main duties of the job

Lead the development and implementation of the Collaborative’s Information Governance and Data Protection Strategy, ensuring alignment with NHS policy, national legislation, ICS objectives, and digital transformation priorities.

Act as the statutory Data Protection Officer, providing independent oversight and advice regarding compliance with UK GDPR, Data Protection Act 2018, PECR, Caldicott Principles, and NHS information governance standards.

Provide authoritative and independent advice on complex data protection matters, including lawful basis for processing, special category data, information sharing agreements, cross-border data transfers, research governance, and system-level data integration.

### Detailed job description and main responsibilities

Lead and assure high-risk Data Protection Impact Assessments (DPIAs), ensuring that privacy risks are identified, mitigated, and documented appropriately.

Oversee statutory information rights processes, including Freedom of Information (FOI), Subject Access Requests (SARs), and data subject rights compliance.

Interpret highly complex and evolving legislation, regulatory guidance, case law, and national directives, translating these into clear organisational frameworks and operational controls.

Exercise expert professional judgement in situations involving ambiguous legal interpretation, sensitive data disclosures, research data access, whistleblowing, and safeguarding concerns.

Communicate highly complex, sensitive, and potentially contentious legal and governance matters to Boards, Non-Executive Directors, Executive Teams, senior clinicians, and system partners.

## Person Specification

### Skills

**Essential**

- Expert knowledge of UK GDPR, Data Protection Act 2018, Caldicott Principles, Freedom of Information legislation, Records Management standards, NHS DSPT requirements, and wider NHS regulatory frameworks

### Attitude

**Essential**

- Demonstrates the highest standards of professional integrity, confidentiality, and ethical conduct, recognising the sensitive and often emotive nature of information governance work.

### Experience

**Essential**

- Substantial senior leadership experience in Information Governance, Data Protection, or Information Risk Management within a large, complex NHS or public sector organisation, operating across multiple services and stakeholder groups.
- Proven track record of acting as a statutory Data Protection Officer or equivalent senior IG lead, providing independent oversight and advice to Boards, Audit Committees, SIROs, Caldicott Guardians, and executive teams.

### Qualifications

**Essential**

- Educated to Master’s degree level (or equivalent depth of specialist knowledge developed through extensive senior experience) in Information Governance, Data Protection Law, Information Security, Public Sector Governance, or a related discipline, demonstrating highly specialised theoretical and practical knowledge across legal, regulatory, and digital domains (AfC Knowledge Level 7–8 equivalent).
- Recognised professional qualification in data protection or information governance (e.g., CIPP/E, CIPM, ISEB Data Protection, BCS Practitioner Certificate in Data Protection), evidencing expert-level understanding of UK GDPR, Data Protection Act 2018, Caldicott Principles, Freedom of Information Act, Records Management Code of Practice, and associated NHS regulatory frameworks.

## Documents

- [useful links (pdf, 184.6kb)](https://www.healthjobsuk.com/documents?edoc=2809)
- [staff benefits (pdf, 674.5kb)](https://www.healthjobsuk.com/documents?edoc=901)
- [job description (pdf, 952.3kb)](https://www.healthjobsuk.com/documents?vdoc=10428807)
- [our nnuh lgbt+ staff network (pdf, 675.0kb)](https://www.healthjobsuk.com/documents?edoc=2367)
- [our nnuh women's staff network (pdf, 103.1kb)](https://www.healthjobsuk.com/documents?edoc=2473)
- [our nnuh together staff network (pdf, 370.4kb)](https://www.healthjobsuk.com/documents?edoc=2166)
- [our nnuh diverse ability staff network (pdf, 607.0kb)](https://www.healthjobsuk.com/documents?edoc=2424)

## Agent Notes

- This Markdown page is generated from the same Job Clerk job record as the HTML job detail page.
- Use the canonical HTML URL for user-facing references.
- Use the application URL when the user wants to apply on the source NHS site.
