Operation
Data protection (DPRO)
The development and implementation of policies, procedures, working practices and training to comply with the requirements of legislation regulating the holding, use and disclosure of personal information such as, in the UK, the Data Protection Act, Computer Misuse Act, Freedom of Information Act.
Level 5 Creates and maintains an inventory of data that is subject to data protection legislation. Prepares and reviews notification of registration details and submits to the data protection authorities. Drafts and maintains the policy, standards and procedures for complying with data protection legislation. Reviews information systems for compliance with data protection legislation and specifies any required changes. Ensures that access requests and complaints are dealt with according to approved procedures.
Level 6 Develops strategies for complying with data protection legislation. Ensures that the policy and standards for compliance with data protection legislation are fit for purpose, current and correctly implemented. Reviews new business proposals and provides specialist advice on data protection compliance issues. Acts as the organisation’s contact for the data protection authorities.