Applications are invited from suitably qualified candidates for the following post: Grade VII Data Protection Officer /Information Governance Officer Part-time, Fixed-term contract (5 years), 0.50WTE/17.50 hours per week The Data Protection Officer (DPO) will be responsible for overseeing the hospitals data protection strategy and ensuring compliance with applicable data protection laws and regulations, including the General Data Protection Regulations (GDPR). The DPO will work closely with all departments to safeguard the privacy and security of personal data across the hospital and ensure that all data processing activities meet legal and ethical standards. In addition, the role includes Freedom of Information responsibilities and duties for the hospital. The is a senior role reporting to the Chief Operations Officer, with a dotted line reporting to the Authorised Officer and Council of the hospital. Experience/knowledge Experience of working in a data protection role (minimum 2 years) at a senior level Experience of data governance and of translating regulatory requirements into practical operational solutions Experience of managing Subject Access Requests and Freedom of Information requests within a large-scale organisation Knowledge of National and European data protection laws and practices including an in depth understanding of General Data Protection Regulations Knowledge of Freedom of Information legislation including an in-depth understanding of compliance and processes Qualifications Essential: Degree qualification (a minimum of Level 8 on the national framework in an area relevant to the role AND At a minimum a certification in Data Protection such as CIPP/E or similar Desirable: A level 9 post graduate qualification in Data Protection Duties/Responsibilities: Acting as DPO for the RVEEH including Taking a leadership role in developing and implementing a Data Governance Framework Reviewing and advising on existing data processing operations Ensuring a best practice strategy to comply with General Data Protection Regulations Managing the effective implementation of GDPR policy and procedure in the RVEEH taking full account of regulatory and legislative requirements and feedback from relevant stakeholders Managing the hospitals compliance programme across all hospital areas and disciplines Co-ordinating and managing the delivery of Subject Access Requests in line with service user and employee rights under GDPR Informing, guiding and advising hospital staff on data protection compliance related activities whilst demonstrating strong organisational skills Providing expert advice and support to all staff across the hospital in respect of data protection issues Taking responsibility for data management incidents and acting as adviser to staff to ensure corrective action where necessary Organising and delivering staff training on the requirements of Data Protection. Developing and updating all relevant GDPR manuals and materials on an ongoing basis to ensure they remain relevant and compliant Leading out on the data protection requirements in respect of all RVEEH data driven projects and undertaking Data Protection Impact Assessments as required Reviewing and amending all third-party contracts to ensure they are compliant with relevant data protection legislation and regulations Taking responsibility for administration and processing of requests, including research and retrieval of records and copying of records within the statutory timeframe Playing a primary role in driving efficient record management systems Overseeing any investigations arising from the Office of the Data Protection Commissioner Monitoring, investigating and reporting data breaches to the Hospital Management Group, Council and to the Data Protection Commissioners Office as required Advising on GDPR aspects of contracts and agreements throughout the organisation Membership of hospital Committees and other Working Groups as required Developing risk mitigation strategies Maintaining comprehensive records of all data processing activities conducted by the company including the purpose of all processing activities Interfacing with data subjects to inform them how their data is being used, their rights to have their personal data erased and what measures the company has put in place to protect their personal information Performing data protection audits and reporting any findings to Council Producing statistical data in respect of GDPR activities if and when required Managing the hospitals Freedom of Information (FOI) requirements and obligations including To manage the hospitals requests under the Freedom of Information Act and other relevant information queries promptly and correctly To develop/maintain tracking systems to ensure that FOI requests are registered, tracked and responded to within designated time periods. To manage all aspects of FOI request administration to ensure compliance with the Freedom of Information Act 2014 and related provisions including development, implementation and enforcement of suitable and relevant Freedom of Information operating procedures, e.g. receiving, logging and responding to requests for information, providing advice and assistance, FOI complaints procedure etc To co-ordinate Freedom of Information activities with clinical staff to ensure appropriate information is collected for consideration for release to requestors within required deadlines. To liaise with Patient Services Management to ensure the corporate healthcare records management strategy supports Freedom of Information requirements. To prepare regular detailed Freedom of Information reports about FOI requests, deadline breaches, risks, themes and trends for review To prepare quarterly reports for the Office of Information Commissioner and act as the lead contact point with the Office of the Information Commissioner on all matters related to FOI requests and appeals. To review relevant hospital policy and procedures and update and submit for re-approval as necessary in line with hospital policy and any changes in legislation. To act as the hospital point of contact for FOI queries and develop and implement a Freedom of Information awareness and training programme for all staff and ensure training is made available to staff with on-going responsibility for Freedom of Information issues. To maintain and update own knowledge of developments in information management and legislation. To ensure a record is maintained of requests for access to information and the outcome, i.e. a decision log to include whether the information was supplied or if the request was refused on what basis the decision was reached. To manage investigations into complaints about breaches of the FOI Act and appeals against refusal of request decisions and undertake reporting/remedial action as required. Maintain a log of any incidents and remedial recommendations and actions To provide expert advice to both Clinical and non-Clinical staff within the organisation on Freedom of Information issues and act as a consultant to other projects, advising on matters relating to Freedom of Information provisions. To liaise and collaborate with members of the Hospital Management Group or Heads of Departments as required to ensure a coordinated response on behalf of the Hospital Applications should be submitted including a detailed Curriculum Vitae via irishjobs .ie Closingdate:12noon,14th April 2026 All candidates should note that, in order to maintain a timely process, the closing date and time for receipt of applications will be strictly adhered to. THE ROYAL VICTORIA EYE AND EAR HOSPITAL IS AN EQUAL OPPORTUNITIES EMPLOYER Skills: DPO FOI SAR CIPP/E data governance National and European data protection laws