Ceridwen Lee is a qualified Data Protection Practitioner and Information Governance professional, with almost a decade of experience in the public and third sector. She currently works as a Compliance Officer for a well-known charity, based in London, and consults for a number of other well-known organisations.

What is an Information Governance Professional?

Information Governance is a wide discipline that covers every aspect of how an organisation handles information. It involves considering a range of regulatory issues, as well as risk and operational requirements.

An Information Governance Professional must be qualified to advise on:

  • Data Protection Act 1998 (and now the General Data Protection Regulation)
  • Freedom of Information Act 2000
  • Privacy & Electronic Communications Regulation
  • Environmental Information Regulations 2004
  • The Coroners (Inquest) Rules 2013
  • Public Records Act 1967
  • Data Protection Bill 2017

They must also have qualifications and experience in records management, audit techniques, and risk management, and may hold an IT or technology qualification. It’s usual for an Information Governance Professional to hold a degree in a related subject, and the NHS often requires that senior professionals also have (or are working towards) a Master’s Degree.

What is a Data Protection Practitioner?

A Data Protection Practitioner is someone who holds a Practitioner Certificate in Data Protection accredited by the Law Society and Bar Council.

The course is taught by specialists in the field of information law, and aimed at those already working in a role with data protection responsibilities. It takes around a year to complete, and is concluded by a three-hour examination. If you pass the examination, you are entered onto a national register of qualified professionals and entitled to letters after your name.