Data Protection Officer

Roedd y cais yn llwyddiannus.

Dear North Lanarkshire Council,

1. Could you let me know?

a. What position in the Council is designated as Senior Information Risk Owner (SIRO)?
b. The name of your Data Protection Officer (DPO)?
c. Job title of the DPO, if not just DPO?
d. If the DPO also has other duties, approximately how much of their time is spent on DPO work?
e. If the DPO has other responsibilities, has a risk assessment been carried out to ensure that any potential conflicts of interest as identified in the GDPR and the guidance from the European Data Protection Board are managed? If so, has this been reviewed in light of the recent decision of the Belgium Data Protection Authority (28 April 2020): https://edpo.com/news/dpo-and-conflict-o...
f. The line manager of the DPO – i.e. the post that the post holder reports to. Is it the SIRO?
g. Who the DPO reports to in their role as DPO if that differs from the line manager? Is it the SIRO?
h. At what spinal point is the DPO paid?
i. Key relevant qualifications that the DPO and SIRO hold or relevant training completed.

2. And could you provide the relevant extract of the Council’s Organisational Chart that shows the DPO, the DPO’s line manager, the post holder that the DPO reports to, the SIRO and Chief Executive?

Yours faithfully,

Caroline Smith

Kirkpatrick Angelene, North Lanarkshire Council

Dear Ms Smith

I acknowledge receipt of your request which is receiving attention.

I shall contact you again when I am in a position to respond more fully to your request.

Yours sincerely

Angelene Kirkpatrick
For Freedom of Information Co-ordinator
North Lanarkshire Council
Civic Centre
Windmillhill Street
Motherwell
ML1 1AB

Working from home
Please contact via email

dangos adrannau a ddyfynnir

Kirkpatrick Angelene, North Lanarkshire Council

1 Atodiad

Dear
Ms
Smith

Request for Information

 

I refer again to your e‑mail of 17 August 2020 seeking information in
relation to the Data Protection Officer.

 

In the first instance, I should acknowledge that this response falls
outwith the statutory deadline outlined in the Freedom of Information
Legislation and for this I apologise.

 

Having investigated, my response to your enquiry is as follows:-

 

(1)           

 

(a)          Head of Business Solutions

 

(b)          Archie Aitken

 

(c)          Head of Legal and Democratic Solutions

 

(d)          I regret to advise you that the information sought is not held and
in terms of Section 17 of the Freedom of Information (Scotland) Act 2002 I must
advise you of this.

 

(e)          No formal risk assessment has been undertaken.  A Data Protection
Officer will necessarily require to exercise their judgement whilst acting in
the capacity of DPO in relation to conflicts where they arise.  As a Council
Officer and Practising Solicitor, the DPO is bound by the Law Society of
Scotland's Rules on conflict of interest and internally by the Chief Officer's
Code of Conduct and Register of Interest.  In a situation where a conflict
arose, the decision would be made by another Officer of the Council.

 

(f)           No, it is the Chief Executive.

 

(g)          In the role of DPO, no other officer has the authority to direct
the DPO in the carrying out of these responsibilities.

 

(h)         HOS4 scale point 36.

 

(i)           The DPO is a qualified Solicitor of 34 years standing and holds a
Practising Certificate from the Law Society of Scotland, the DPO has the
technical expertise to carry out the role and is supported by a team of
Solicitors, including a Solicitor (Data Protection), and a Solicitor
(Information and Standards).  As a Solicitor, the DPO requires to undertaken at
least 20 hours of continuing progressional development in each practising year. 
Training has included internal and external training on Data Protection and
private study.

 

The SIRO is a qualified Accountant of 30 years standing and holds a
Fellowship Certificate from CIPFA.  The SIRO possess two qualifications
which contain subjects covering information, risk and strategy as well as
the corporate knowledge, skills and competencies required of the Senior
Management post.  Training has included GDPR – covering obligations placed
on the Council, its partnerships and delivery vehicles following
implementation of EU General Data Protection Regulations – and information
and risk management.

 

(2)          Please find attached organisational chart.

 

I can advise that North Lanarkshire Council, having regard to the
provisions of Section 21 of the Freedom of Information (Scotland) Act
2002, has established a procedure whereby any person who has requested
information and is in any way dissatisfied with the decision on that
request, can within forty working days require a review of that decision
by writing to the Head of Legal and Democratic Solutions, Civic Centre,
Windmillhill Street, Motherwell ML1 1AB.  Accordingly, if you are
dissatisfied with this decision and seek such review please write to the
Head of Legal and Democratic Solutions.

 

I would advise, also, that in terms of Section 47 of the Act a person who
is dissatisfied with a notice given by the local authority under Section
21 of the Act - ie. a notice following a review of a decision by a local
authority, or by the failure of a local authority to give such a notice -
may make application to the Scottish Information Commissioner for a
decision as to whether, in any respect specified in that application, the
request for information to which the requirement relates has been dealt
with in accordance with the Act.  Such an application must be made within
six months of the review decision and be in writing or in another form
which, by reason of it having some permanency is capable of being used for
subsequent reference. The application must state the name of the
applicant, and provide an address for correspondence. The application must
also specify the request for information to which the requirement for
review relates, the matter which gave rise to the applicant’s
dissatisfaction with the original decision of the local authority and the
matter which gives rise to the applicant’s dissatisfaction with the
decision on review by the local authority or the failure of the local
authority to issue such a decision.  The Scottish Information Commissioner
can be contacted as follows:-

 

Scottish Information Commissioner

Kinburn Castle

Doubledykes Road

St. Andrews

KY16  9DS

email: [1][email address]

 

Appeals to the Scottish Information Commissioner can also be made online
via the following link: -

 

[2]www.itspublicknowledge.info/Appeal

 

I hope this information is sufficient for your purpose.  If, however, you
require further information – or I can assist in any other way – please
let me know.

 

Yours sincerely

 

Angelene Kirkpatrick

For Freedom of Information Co-ordinator

North Lanarkshire Council

Civic Centre

Windmillhill Street

Motherwell

ML1 1AB

 

Working from home

Please contact via email

 

 

 

dangos adrannau a ddyfynnir