Gareth Webb Email and Phone Number

Provider of Data Protection and Security, Compliance, Project Management, Risk Management and Health and Safety Specialist Services

Ensuring data protection by design by default across the Welsh Ambulance Services. Reviewing internal data protection & information governance procedures and processes. Ensuring delivery of Information specific documentation e.g. DPIAs, data sharing and processing agreements and Privacy Notices. One of my key achievements included leading as Data Protection Manager for the hugely successful implementation of the replacement Welsh National NHS 111 Clinical Assessment Service.

Project Management: Review, identify and input IG specifics into the Discovery Phase, Transaction and Post Transaction Programme Provide regular updates and reports on progress against plan and highlight potential risks Input into a programme-level risks, actions, issues and dependencies logCompletion of Data Flow mapping / Register of Processing Activities for all Transacted Clinical Services.Delivery of IG specific documentation such as DPIAs, Information Asset Programme DSA, Data Processor agreements, Contracts, plus others where required.Information Asset System Programme – includes IAO and IAA training which details roles and responsibilities. Develop comms for patients and staff in relation to IG e.g. privacy notices and DPIAsEnsure DSA, DPA, Contracts database work as scoped from data flow mapping exercise reflect UK GDPR requirements.Ensure all Transacted Clinical Services IG documentation as stated above is compliant with the NHS National Data Security and Protection Toolkit and security assurance to ISO27001 level.

Completion, review, approval of DPIAs and associated documentation.

Leading on delivering the Trust’s risk management strategy and risk management policies and processes to ensure that patient safety and quality improvement is embedded throughout the Trust to reduce patient harm.Ensuring that progress against the risk management strategy and policies are reviewed and updated and that progress on these is reported to the Executive, the Trust Board and their committees and sub-groups. Ensuring the Trust is up to date with evidence-based thinking on patient safety and risk management and develop external links and relationships with the patient safety leads.Working closely with clinical and non-clinical staff to further develop and embed effective local governance and risk management processes and supporting them in translating learning into service improvement.

Participate in the improvement programme for Information Governance.To support the evidence gathering and documentation to support the DSPT submission.Assist with the completion, review, approval of DPIAS and associated documentation for DPIAs.To review, validate and update the ROPA.Provide support to the handling and responses of SAR & FOI.To assist with the update of the IG framework and associated policies, codes of practice, IG templates.To audit and update IG registers and other documentation to support the DPA principle of Accountability.

Compliance with the NHS National Data Security and Protection Toolkit meeting 106 mandatory data security and protection requirements and security assurance to ISO27001.Responsible for developing, updating and overseeing the implementation of the General Data Protection Regulation (GDPR) / Data Protection Act (DPA) 2018 policies, guidelines, procedures, Data Sharing Agreements, Data Protection Impact Assessments and legitimate interest assessments; maintaining Record of Processing Activities (ROPA) and consent records. Meet with internal auditors following review and implement recommendations.Ensured information breaches / near misses are investigated, managed and reported appropriately and act as the primary contact point for the Information Commissioner’s Office (ICO) Providing professional advice and guidance to the DPO and SIRO and Information Asset owners in relation to all aspects of law which affect how information is handled including Freedom of Information, Subject Access Requests and Environmental Information.Act as primary contact point for the Information Commissioner’s Office (ICO)

Support 10 Clinical Commissioning Groups across Cheshire and Mersey to meet their Data Security and Protection Requirements and toolkit submission.To interpret and provide complex legislative advice and guidance in relation to all aspects of law which affect how information is handled.To provide advice and guidance on the practical implementation of Information Governance.Working with our customers to support the annual internal audit of the DSP Toolkit. To meet with the internal auditors following the review and implement the findings/recommendations of the audit as appropriate.To ensure the successful completion of the DSP Toolkit on an annual basis.

Develop and execute a project plan for the implementation of GDPR requirements across the authority before they come into force.Ensure all information governance objectives and required outcomes are understood and actioned to ensure completion.Engage with Senior Managers at the earliest stage to deploy strategic approaches that shape compliance with GDPR. To ensure project risk exposure is understood by key stakeholders and is proactively managed.Introduce Data Protection by Design and Default including processes and procedures to ensure Data Protection Impact Assessments are carried out when necessary and actions implemented to ensure appropriate technical and organisational safeguards are in place to meet GDPR Principles and fulfil individual’s rights.Ensure that Council Marketing and Advertising complies with the Privacy and Electronic Communications Regulations (PECR 2016)Produce and maintain project & programme documentation (including relevant reports) to agreed standards for delivery to the IGDG, the Council’s Audit and Risk Management Committee, the Executive, Council’s Corporate Governance Group and Senior Leadership Team (SLT).Support negotiations with third party suppliers to control the effective delivery of third party solutions to the Council and to influence third party suppliers to ensure solutions are tailored to meet the GDPR requirements.

Developing the CCGs project management response to the impending changes for GDPRStaff training and working with our contractors to make sure they are aware and implementing appropriately their new duties of care under the legislation.  Provide advice to the Governing Body to ensure compliance with relevant statutory and regulatory requirements, including the CCG’s terms of authorisation and Constitution. Lead and manage the implementation of the Datix Incident Management SystemLead and manage the corporate governance team and ensure team members retain up to date skills to enable them to provide a comprehensive service to the organisation across all aspects of corporate governance. Ensure compliance with legal & statutory duties and national policy. Manage and lead the Business Support Unit to ensure effective administrative support to the executive functions of the organisation

Documenting and implementing Governance Systems. Documentary evidence support to the £20m Electronic Patient Record Implementation Project.

- Manage the functions of the Board meetings - Ensuring that the Clinical Commissioning Group complies with its standing orders and drafting and incorporating amendments in accordance with correct procedures. - Manage the Regulatory requirements- Establishing and monitoring procedures to ensure that the Clinical Commissioning Group complies with all national requirements and duties.- Ensuring all regulatory submissions are accurate and timely - Acting as initial point of contact between the Clinical Commissioning Group and NHS regulators. - Maintaining Statutory registers.- Filing Statutory returns- Prepare the Annual report including accounts - Maintaining Stakeholder relations- Continually reviewing developments in corporate governance- Management and development of the non-executive directors and their appropriate integration and interaction with the Clinical Commissioning Group, including appropriate organisational development - Arranging additional training and other support for all directors, as required.- Manage the Clinical Commissioning Group seal and Corporate Identity- Manage the implementation of the Organisational Development Plan and Educational and Development Plan- Maintain the Clinical Commissioning Group risk Register reporting corporate risks to the board- Manage the Central Support Unit SLA for areas of responsibility and act as conduit for general Central Support Unit liaison- Lead for Patient engagement through the Central Support Unit .- Ensure compliance with Equality Duties and the Human Rights Act through the Central Support Unit .- Co-ordinating Research & Development initiatives for the Clinical Commissioning Group through regroup, delegating as appropriate.

To deliver a comprehensive system of Corporate Governance across the PCT, which complies with all relevant legislation and supports the delivery of the organisation’s strategic objectives.To be responsible for achieving excellence in external requirements for corporate governance and CQC standards. This will include NHSLA accreditation, CQC standards, relevant aspects of ALE and Fitness for Purpose requirements. To ensure that there are robust systems in place for Board Assurance and Risk Management which serve the whole PCT. To provide legal and procedural advice to the Board, senior managers and employees as appropriate to ensure that the PCT acts within its statutory, regulatory and constitutional obligations and ensure that appropriate specialist cost effective legal advice is sourced.To manage legal and compensation claims within the organisation, liaising with the appropriate solicitors as required.To manage the PCTs Individual Funding Request Review process, liaising with patients and the public to ensure that the PCT meets the IFR Policy commissioning requirements.