Data Protection Officer

Caroline Smith made this Freedom of Information request to Falkirk Council

Automatic anti-spam measures are in place for this older request. Please let us know if a further response is expected or if you are having trouble responding.

The request was successful.

Dear Falkirk Council,

1. Could you let me know?

a. What position in the Council is designated as Senior Information Risk Owner (SIRO)?
b. The name of your Data Protection Officer (DPO)?
c. Job title of the DPO, if not just DPO?
d. If the DPO also has other duties, approximately how much of their time is spent on DPO work?
e. If the DPO has other responsibilities, has a risk assessment been carried out to ensure that any potential conflicts of interest as identified in the GDPR and the guidance from the European Data Protection Board are managed? If so, has this been reviewed in light of the recent decision of the Belgium Data Protection Authority (28 April 2020): https://edpo.com/news/dpo-and-conflict-o...
f. The line manager of the DPO – i.e. the post that the post holder reports to. Is it the SIRO?
g. Who the DPO reports to in their role as DPO if that differs from the line manager? Is it the SIRO?
h. At what spinal point is the DPO paid?
i. Key relevant qualifications that the DPO and SIRO hold or relevant training completed.

2. And could you provide the relevant extract of the Council’s Organisational Chart that shows the DPO, the DPO’s line manager, the post holder that the DPO reports to, the SIRO and Chief Executive?

Yours faithfully,

Caroline Smith

FOI, Falkirk Council

Good afternoon,

Freedom of Information (Scotland) Act 2002

We acknowledge receipt of your information request dated 17 August 2020 . The Reference Number for this is 102294.

In terms of the relevant legislation, we have 20 working days to deal with your request from the date that we received it. Where possible, we will respond sooner. However, as you might expect, Covid-19 is currently impacting on our ability to respond to requests. This may be because staff are working from home and are therefore unable to carry out full searches for information or because staff are working on delivering essential front-line services. The Scottish Information Commissioner (who oversees compliance with FOI legislation in Scotland) has the ability to recognise any unavoidable reasons for delay in considering any appeals for non-compliance with statutory timescales.

Please therefore bear with us at this difficult time. If you are able to narrow the scope of your request, that would be very helpful and may mean we can respond to you more quickly. Alternatively, please consider withdrawing your request and resubmitting it once normal service has resumed.

If you would like to know how we treat your personal information, you can read more on the Council’s privacy webpage - https://www.falkirk.gov.uk/privacy/.

On behalf of Falkirk Council
Lynn
Information Team

show quoted sections

Kris Sodden, Falkirk Council

4 Attachments

Dear Ms Smith,

 

Freedom of Information (Scotland) Act 2002

Falkirk Council - Data Protection Officer

 

We refer to your e-mail dated 17th August 2020.  This has been dealt with
as an information request under the above Act.

 

I can respond to your request as follows:

 

1(a)  What position in the Council is designated as Senior Information
Risk Owner (SIRO)?  Director of Corporate & Housing Services.

 

1(b)  The name of your Data Protection Officer (DPO)?  Wendy Barber.

 

1(c)  Job title of the DPO, if not just DPO?  Information Governance
Manager.

 

1(d)  If the DPO also has other duties, approximately how much of their
time is spent on DPO work?  We do not hold any recorded information on
this.  However, for your information, the DPO also manages the information
governance team, which includes the registration team.  In an average week
about 75% of time is spent on DPO/information governance work and about
25% on management work.

 

1(e)  If the DPO has other responsibilities, has a risk assessment been
carried out to ensure that any potential conflicts of interest as
identified in the GDPR and the guidance from the European Data Protection
Board are managed? If so, has this been reviewed in light of the recent
decision of the Belgium Data Protection Authority (28 April 2020):
[1]https://edpo.com/news/dpo-and-conflict-o...
We do not hold any recorded information on this.  However, for your
information, we have not carried out a risk assessment on any potential
conflicts of interest.

 

1(f)  The line manager of the DPO – i.e. the post that the post holder
reports to. Is it the SIRO?  Chief Governance Officer.

 

1(g)  Who the DPO reports to in their role as DPO if that differs from the
line manager? Is it the SIRO?  SIRO.

 

1(h)  At what spinal point is the DPO paid?  The DPO’s role is graded at
Grade M, £51,972-£56,853.  We do not release details of spinal points
under FOI as this is the personal data of the post-holder.

 

1(i)  Key relevant qualifications that the DPO and SIRO hold or relevant
training completed.  The DPO is a qualified solicitor.  The SIRO is a
qualified accountant and Director of Corporate and Housing Services.

 

2.  Could you provide the relevant extract of the Council’s Organisational
Chart that shows the DPO, the DPO’s line manager, the post holder that the
DPO reports to, the SIRO and Chief Executive?  We do not hold any recorded
information on this.  However, the structure would look like this:

 

 

Please refer to the enclosed leaflet which explains your right to complain
about the handling of your case and/or the decision made.

 

If you would like to know how we treat your personal information, you can
read more on the Council’s privacy webpage -
[2]https://www.falkirk.gov.uk/privacy/.

 

Yours sincerely,

Kris

 

Kris Sodden | Service Records Administrator | Information Governance
Division | 01324 506385

 

 

 

show quoted sections