GDPR - Data Protection Officer

Robb Stark made this Rhyddid Gwybodaeth request to Cheshire West and Chester Council

This request has been closed to new correspondence from the public body. Contact us if you think it ought be re-opened.

Roedd y cais yn llwyddiannus.

Dear Cheshire West and Chester Council,

With reference to the forthcoming GDPR, please provide the following information.

1) Have you appointed a Data Protection Officer?

2) What pay scale do they work at?

3) What level do they rank within the organisation? Do they report directly to Board Level?

4) What qualifications do they hold in Data Protection? If any.

5) Please detail the job title and responsibilities of the Data Protection Officer's line manager. What Information Governance, Security or Data Protection qualifications and experience do they have?

5) Please detail the process for appointing the Data Protection Officer, if one is in post.

Yours faithfully,

Robb Stark

Cheshire West and Chester Council

RE: Your request under the Freedom of Information Act 2000

Case Reference: 101004799923

Dear Mr Stark

Thank you for your email.

It will be treated as a request within the meaning of the Act: this means that we will send you a full response within 20 working days, either supplying you with the information which you want, or explaining to you why we cannot supply it.

If we need any further clarification or there is any problem we will be in touch.

In the meantime if you wish to discuss this further please contact FOI West. It would be helpful if you could quote the log number.

Yours sincerely

FOI Unit

dangos adrannau a ddyfynnir

FOI West, Cheshire West and Chester Council

Dear Mr Stark

 

Thank you for your request for information of 16th January 2018 which has
been logged as 4799923 and has been dealt with under the Freedom of
Information Act 2000. We confirm that Cheshire West and Chester Council
holds information relating to your request.

 

For the purpose of clarity your request has been reproduced below:

 

With reference to the forthcoming GDPR, please provide the following
information.

 

1) Have you appointed a Data Protection Officer?

 

Yes, a designated Data Protection Officer has been in post since April
2009

 

2) What pay scale do they work at?

 

The post is a Grade 12 Post, the scale for a grade 12 post is
£44,239-£50,753

 

3) What level do they rank within the organisation? Do they report
directly to Board Level?

 

This is a Tier 5 Management post that reports directly to an Information
Governance Strategy Group, Chief Executive and Senior Information Risk
Officer and all associated boards.

 

4) What qualifications do they hold in Data Protection? If any.

 

The post holder is a DP/ GDPR Practitioner

 

5) Please detail the job title and responsibilities of the Data Protection
Officer's line manager. What Information Governance, Security or Data
Protection qualifications and experience do they have? 

 

The Job Title of the DPO's line manager is Customer Relations and
Information Manager / Deputy Senior Information Risk Officer, they are
responsible for Information Risk, Records Management, Information
Disclosures such as FOI, Subject Access Requests, EIR, MP Correspondence,
Complaints, Information Security, Compliance and Data Protection.

 

5) Please detail the process for appointing the Data Protection Officer,
if one is in post.

 

All vacancies are appointed using our Council's vacancy management process

 

We trust this answers your query.

 

The Council considers that your request has been answered in full by
either confirming that information is not held, providing you with the
information requested, or explaining why any information has been withheld
and the reasons for any redaction. Where applicable, the Council has also
told you the reasons for the delay in responding to your request.

 

If you are unhappy with the way your request for information has been
handled you can request a review by writing to the Information Disclosures
Team within 40 working days from the date of the Council’s response.

 

You are entitled to a review by the Council if:

•You are dissatisfied with the Council’s explanation of why the
application was not dealt with within the 20 working day time limit.

•All the information requested is not being disclosed and you have not
received an explanation why some information is not being disclosed.

•A reason for the disclosures under the request being refused is not
received.

•You consider that exemptions have been wrongly applied, and/or

•You consider that a fee has been wrongly applied.

 

Please set out your grounds for seeking a review together with what
specific part of your request those grounds apply to and the outcome you
are seeking. The Council reserves the right to ask you for clarification
of the grounds for your review request if the grounds are not clear, and
to delay commencing the review if such grounds are not provided.

 

The Information Disclosures Team can be contacted by email via:
[Cheshire West and Chester Council request email] or at the following address:

 

Information Governance

Cheshire West and Chester Council

HQ

58 Nicholas Street

Chester

CH1 2NP

 

The Information Disclosures Team will acknowledge a request for an
internal review within 5 working days and complete the review as soon as
possible and no later than 40 working days from receipt of the request.

 

More information about the Council’s internal review process can be found
via:

 

http://www.cheshirewestandchester.gov.uk...

 

If you remain dissatisfied following the outcome of your review, you have
a right of appeal to the Information Commissioner at:

 

The Information Commissioner's Office

Wycliffe House

Water Lane

Wilmslow

Cheshire SK9 5AF

 

Telephone: 08456 30 60 60 or 01625 54 57 45

Website: www.ico.org.uk

 

There is no charge for making an appeal.

 

Yours sincerely

 

Information Governance

Cheshire West and Chester Council

 

 

FD

 

 

 

dangos adrannau a ddyfynnir

Dear FOI West,

Thank you for the response. Just a quick follow-up question.

If your DPO has been in post since 2009, how can you be sure that the appointment process and successful applicant are sufficient for the stricter criteria set out in the GDPR?

Has there been, or will there be, any review of the post to bring it into line with GDPR requirements?

Yours sincerely,

Robb Stark

FOI West, Cheshire West and Chester Council

Rob

As a public authority we have had a Data Protection Officer in post since its inception in April 2009, the current Data Protection Officer came into post in August 2014 as the draft legislation was being written.

From September 2016 - January 2017 the structure of the Data Protection Team was reviewed to align to GDPR and the new structure was implemented in April 2017.

The Data Protection Officer undertook GDPR practitioner training with an external supplier in January 2017 and became a qualified GDPR practitioner in June 2017.

Throughout 2017 and the start of 2018, the DPO and his team has undertaken external GDPR and Data Protection Bill Training to ensure their skills align to changes in legislation. In addition, the DPO, SIRO and Caldicott Guardian and Information Asset Owners also attend yearly refresher training to ensure all tasks and functions align to any changes in legislation.

Please also be aware that in October 2014 and June 2015, the Authority undertook a voluntary audit with the ICO to ensure our policies and processes aligned to current and future legislation.

As an public authority all our job descriptions and tasks are frequently reviewed and updated to ensure tasks and functions align to changes in legislation.

Regards

Phil Orchard
Data Protection Officer (DPO)
Cheshire West and Chester Council

Tel: 01244 9(72624)
Email: [email address]
Location: 2nd floor, HQ, 58 Nicholas Street, Chester, CH1 2NP
Visit: cheshirewestandchester.gov.uk

dangos adrannau a ddyfynnir

Dear Phil,

Thank you for such a thorough and prompt response. This is exactly the response I was after to my request as you are the only authority I have spoken to that has had a Data Protection Officer for a significant period of time.

Yours sincerely,

Robert