Data Protection Officer

The request was successful.

Dear Falkirk Council,

1. Could you let me know?

a. What position in the Council is designated as Senior Information Risk Owner (SIRO)?
b. The name of your Data Protection Officer (DPO)?
c. Job title of the DPO, if not just DPO?
d. If the DPO also has other duties, approximately how much of their time is spent on DPO work?
e. If the DPO has other responsibilities, has a risk assessment been carried out to ensure that any potential conflicts of interest as identified in the GDPR and the guidance from the European Data Protection Board are managed? If so, has this been reviewed in light of the recent decision of the Belgium Data Protection Authority (28 April 2020): https://edpo.com/news/dpo-and-conflict-o...
f. The line manager of the DPO – i.e. the post that the post holder reports to. Is it the SIRO?
g. Who the DPO reports to in their role as DPO if that differs from the line manager? Is it the SIRO?
h. At what spinal point is the DPO paid?
i. Key relevant qualifications that the DPO and SIRO hold or relevant training completed.

2. And could you provide the relevant extract of the Council’s Organisational Chart that shows the DPO, the DPO’s line manager, the post holder that the DPO reports to, the SIRO and Chief Executive?

Yours faithfully,

Caroline Smith

FOI, Falkirk Council

Good afternoon,

Freedom of Information (Scotland) Act 2002

We acknowledge receipt of your information request dated 17 August 2020 . The Reference Number for this is 102294.

In terms of the relevant legislation, we have 20 working days to deal with your request from the date that we received it. Where possible, we will respond sooner. However, as you might expect, Covid-19 is currently impacting on our ability to respond to requests. This may be because staff are working from home and are therefore unable to carry out full searches for information or because staff are working on delivering essential front-line services. The Scottish Information Commissioner (who oversees compliance with FOI legislation in Scotland) has the ability to recognise any unavoidable reasons for delay in considering any appeals for non-compliance with statutory timescales.

Please therefore bear with us at this difficult time. If you are able to narrow the scope of your request, that would be very helpful and may mean we can respond to you more quickly. Alternatively, please consider withdrawing your request and resubmitting it once normal service has resumed.

If you would like to know how we treat your personal information, you can read more on the Council’s privacy webpage - https://www.falkirk.gov.uk/privacy/.

On behalf of Falkirk Council
Lynn
Information Team

-----Original Message-----
From: Caroline Smith <[FOI #685178 email]>
Sent: 17 August 2020 17:20
To: FOI <[Falkirk Council request email]>
Subject: Freedom of Information request - Data Protection Officer

Dear Falkirk Council,

1.Could you let me know?

a.What position in the Council is designated as Senior Information Risk Owner (SIRO)?

b.The name of your Data Protection Officer (DPO)?

c.Job title of the DPO, if not just DPO?

d.If the DPO also has other duties, approximately how much of their time is spent on DPO work?

e.If the DPO has other responsibilities, has a risk assessment been carried out to ensure that any potential conflicts of interest as identified in the GDPR and the guidance from the European Data Protection Board are managed? If so, has this been reviewed in light of the recent decision of the Belgium Data Protection Authority (28 April 2020): https://edpo.com/news/dpo-and-conflict-o...

f.The line manager of the DPO – i.e. the post that the post holder reports to. Is it the SIRO?

g.Who the DPO reports to in their role as DPO if that differs from the line manager? Is it the SIRO?

h.At what spinal point is the DPO paid?

i.Key relevant qualifications that the DPO and SIRO hold or relevant training completed.

2.And could you provide the relevant extract of the Council’s Organisational Chart that shows the DPO, the DPO’s line manager, the post holder that the DPO reports to, the SIRO and Chief Executive?

Yours faithfully,

Caroline Smith

-------------------------------------------------------------------

Please use this email address for all replies to this request:

[FOI #685178 email]

Is [Falkirk Council request email] the wrong address for Freedom of Information requests to Falkirk Council? If so, please contact us using this form:

https://www.whatdotheyknow.com/change_re...

Disclaimer: This message and any reply that you make will be published on the internet. Our privacy and copyright policies:

https://www.whatdotheyknow.com/help/offi...

For more detailed guidance on safely disclosing information, read the latest advice from the ICO:

https://www.whatdotheyknow.com/help/ico-...

Please note that in some cases publication of requests and responses will be delayed.

If you find this service useful as an FOI officer, please ask your web manager to link to us from your organisation's FOI page.

-------------------------------------------------------------------

________________________________

*********************************************************************************************
The information contained in this e-mail is confidential and is intended only for the named recipient(s). If you are not the intended recipient, you must not copy, distribute or take any action or reliance on it. If you have received this e-mail in error, please notify the sender. Any unauthorised disclosure of the information contained in this e-mail is strictly prohibited.

The views and opinions expressed in this e-mail are the senders own and do not necessarily represent the views and opinions of Falkirk Council.
*********************************************************************************************

hide quoted sections

Kris Sodden, Falkirk Council

4 Attachments

Dear Ms Smith,

 

Freedom of Information (Scotland) Act 2002

Falkirk Council - Data Protection Officer

 

We refer to your e-mail dated 17th August 2020.  This has been dealt with
as an information request under the above Act.

 

I can respond to your request as follows:

 

1(a)  What position in the Council is designated as Senior Information
Risk Owner (SIRO)?  Director of Corporate & Housing Services.

 

1(b)  The name of your Data Protection Officer (DPO)?  Wendy Barber.

 

1(c)  Job title of the DPO, if not just DPO?  Information Governance
Manager.

 

1(d)  If the DPO also has other duties, approximately how much of their
time is spent on DPO work?  We do not hold any recorded information on
this.  However, for your information, the DPO also manages the information
governance team, which includes the registration team.  In an average week
about 75% of time is spent on DPO/information governance work and about
25% on management work.

 

1(e)  If the DPO has other responsibilities, has a risk assessment been
carried out to ensure that any potential conflicts of interest as
identified in the GDPR and the guidance from the European Data Protection
Board are managed? If so, has this been reviewed in light of the recent
decision of the Belgium Data Protection Authority (28 April 2020):
[1]https://edpo.com/news/dpo-and-conflict-o...
We do not hold any recorded information on this.  However, for your
information, we have not carried out a risk assessment on any potential
conflicts of interest.

 

1(f)  The line manager of the DPO – i.e. the post that the post holder
reports to. Is it the SIRO?  Chief Governance Officer.

 

1(g)  Who the DPO reports to in their role as DPO if that differs from the
line manager? Is it the SIRO?  SIRO.

 

1(h)  At what spinal point is the DPO paid?  The DPO’s role is graded at
Grade M, £51,972-£56,853.  We do not release details of spinal points
under FOI as this is the personal data of the post-holder.

 

1(i)  Key relevant qualifications that the DPO and SIRO hold or relevant
training completed.  The DPO is a qualified solicitor.  The SIRO is a
qualified accountant and Director of Corporate and Housing Services.

 

2.  Could you provide the relevant extract of the Council’s Organisational
Chart that shows the DPO, the DPO’s line manager, the post holder that the
DPO reports to, the SIRO and Chief Executive?  We do not hold any recorded
information on this.  However, the structure would look like this:

 

 

Please refer to the enclosed leaflet which explains your right to complain
about the handling of your case and/or the decision made.

 

If you would like to know how we treat your personal information, you can
read more on the Council’s privacy webpage -
[2]https://www.falkirk.gov.uk/privacy/.

 

Yours sincerely,

Kris

 

Kris Sodden | Service Records Administrator | Information Governance
Division | 01324 506385

 

 

 

--------------------------------------------------------------------------

*********************************************************************************************
The information contained in this e-mail is confidential and is intended
only for the named recipient(s). If you are not the intended recipient,
you must not copy, distribute or take any action or reliance on it. If you
have received this e-mail in error, please notify the sender. Any
unauthorised disclosure of the information contained in this e-mail is
strictly prohibited.

The views and opinions expressed in this e-mail are the senders own and do
not necessarily represent the views and opinions of Falkirk Council.
*********************************************************************************************

References

Visible links
1. https://edpo.com/news/dpo-and-conflict-o...
2. https://www.falkirk.gov.uk/privacy/

hide quoted sections