Data Protection & Privacy
Data Protection & Information Governance Career Overview
A Data Protection and Information Governance practitioner will support the planning and organisation of information governance (IG), ethics, and data protection (DP) activities in their day-to-day work. Additionally, these types of professionals will assist the leadership team in creating operational and strategic information requirements while offering guidance and training on how to improve data management. This position calls for tasks to be completed within clearly defined, legal timescales (for example, data breaches must be reported within 72 hours).
The primary objective of this role is to provide technical and regulatory advice and guidance while assuring important stakeholders and regulators of compliance with the standards for IG and DP. For the confidentiality, availability, and integrity of their information assets, organisations must abide by information governance laws. The data protection and information governance practitioner will assist in the planning and organisation of IG, ethics, and DP activities as well as contribute to the yearly work plan.
DP and IG practitioners maintain knowledge, skills and a personal interest in these matters by keeping up with privacy and data protection advancements. With additional expertise, professionals of this pathway assume control of the data security and privacy team, aiding
their company in upholding privacy and security standards and guaranteeing adherence to the Data Protection Act and other pertinent laws.
What are the roles and responsibilities of a Data Protection and Information Governance Practitioner?
The goal of this field of study is to safeguard an organisation's most valuable asset—its information holdings—against theft or disclosure to the wrong parties, as well as to shield the organisation from the repercussions of breaking data protection laws and regulations.
The tasks likely included in this role as a practitioner are as follows:
- Facilitate the creation and documentation of the data privacy requirements.
- Assist the director of data protection and privacy with the creation and upkeep of data privacy controls and safeguards.
- Support the director of data protection and privacy handle data or privacy violations in accordance with policies and procedures.
- Notify the Information Commissioner's Office (ICO) of any data breaches in accordance with the Data Protection Act and the Privacy and Electronic Communications Regulations (PECR).
- Assist in the development and upkeep of mapping for all data flows.
- Make recommendations for enhancing protection, conduct audits of information security, data privacy, and risk compliance.
The tasks likely included in this role as a senior practitioner are as follows:
- Assist co-workers and suppliers in implementing appropriate data protection controls by contributing your subject matter expertise and advice.
- Play a key part in the organization's supply of incident response.
- Through general and specialised training, raise knowledge of data protection obligations and the associated risk throughout the organisation.
What is the salary of a Data Protection and Information Governance Practitioner?
As of September 2022, the median salary for a Data Protection & Information Governance Practitioner is £60,000, although salaries of £100,000 for senior practitioners have been reported. The majority of the higher salaries are based in the UK’s larger cities, so it is to be expected that roles elsewhere may offer lower wages.
Data has been taken from ITJobsWatch (IT Jobs Watch | Real-Time Digital & IT Job Market Trends & Actionable Insights), which calculates the median from job vacancies published online within the last 6 months.
What are the knowledge, skills, and behaviours required in Data Protection and Information Governance?
- Solid knowledge of methods for securing personal data, including communications, software, and inferences from databases and data processing, as well as other systems supporting online rights relating to censorship and circumvention, covertness, electronic elections, and privacy in payment and identity systems.
- Thorough understanding of international and domestic legal and statutory standards, compliance obligations, and security ethics, including data protection and evolving cyber warfare theories.
- Comprehensive understanding of all identity management and authentication technologies, as well as the structures and tools that support authorisation and accountability in both isolated and distributed systems.
- A firm awareness of organisational security controls, standards, and best practices, as well as methods for risk assessment and mitigation.
- Implementing and monitoring the Data Protection Act and pertinent laws in other countries where your organisation conducts business.
- Ability to put the Privacy and Electronic Communications Regulations (PECR) into practice and manage them inside your organisation, including reporting breaches to the regulator.
- Skilled in methodologies for risk assessment and information security audit, such as ISO 27001.
- Has the capacity to function both independently and in a group efficiently.
- Possesses analytical and problem-solving abilities.
- Has self-management skills and the ability to maintain confidentiality.
- Adept in understanding information and spotting cyber threats.
- Excellent attention to detail.
- Actively assesses the potential social, commercial, cultural, ethical, and environmental repercussions of an action.
What are the career paths in Data Protection and Information Governance?
Data protection and privacy teams are typically present in organisations that maintain vast volumes of data, particularly those in regulated industries like banking and healthcare. In such an organisation, there are often two levels of responsibility: practitioner and senior practitioner. Sometimes there could be a third, junior practitioner level.
The majority of organisations, however, only employ one or two individuals who are either responsible for data protection and privacy or who perform these duties as part of a larger data management position. The specialists will typically serve as senior practitioners in these organisations.
Data Protection & Information Governance Practitioner:
- Will aid the data protection team in all areas of privacy and data protection for the organisation and/or its clientele.
- Will acquire expertise in Data Protection & Privacy through gaining experience and understanding.
Data Protection & Information Governance Senior Practitioner:
- Will hold overall professional responsibility for the business's data protection and privacy policies/practises, including ensuring compliance with applicable laws and regulations in the UK and the relevant sector.
- Will be in charge of the overall data protection team if there is one.