Information Governance

Three key roles exist at Dimensions to protect personal information. These are our ‘Caldicott Guardian’, our Senior Information Risk Officer, and our Data Protection Officer.

Caldicott Guardian

Rhoda Iranloye is our ‘Caldicott Guardian’

The Caldicott Guardian for the Dimensions Group is Rhoda Iranloye

She is responsible for making sure that Dimensions uses information about people legally and appropriately, and that we maintain confidentiality.

This includes personal information about people we support, their relatives and people who work for us.

As well as making sure that any systems and processes we use to store information about people are secure, the Caldicott Guardian also helps to ensure that the right arrangements are in place if we need to share information with other organisations, such as those responsible for social care and safeguarding.

The reason this role is called a ‘Caldicott Guardian’ is because the person who wrote a report about how health and related organisations should use personal information is called Dame Fiona Caldicott.

Rhoda helps to decide when confidential information might be used, and when it should not, by following what are called the seven ‘Caldicott Principles’. These are:

  • Justify the purpose of using or transferring personal information
  • Don’t use personal confidential information unless absolutely necessary
  • Use the minimum necessary personal confidential information
  • Access to personal confidential information should be on a need to know basis
  • Everyone with access to personal confidential information should be aware of their responsibilities
  • Comply with the law
  • The duty to share information can be as important as the duty to protect confidentiality

Senior Information Risk Officer

Ben Sutton is our Senior Information Risk Officer(SIRO), which is a role created under the General Data Protection Regulations (GDPR).

Ben Sutton is our Senior Information Risk Officer(SIRO)

Ben puts in place polices, frameworks and procedures to minimise risks to data. His responsibilities can be summarised as follows:

  • Leading and fostering a culture that values, protects and uses information for the success of the organisation and benefit of its customers
  • Owning the organisation’s overall information risk policy and risk assessment processes and ensuring they are implemented consistently
  • Advising the Chief Executive or relevant accounting officer on the information risk aspects of his/her statement on internal controls
  • Owning the organisation’s information incident management framework.

Data Protection Officer

John Clarke is our Data Protection Officer (DPO). He makes sure that the Group protects data and fixes any data protection issues. John is responsible for liaising with the Information Commissioner about any serious data incidents.

It is a requirement of GDPR that the Dimensions Group appoint a DPO.

John’s duties as DPO include:

  • Monitoring and analysing compliance with the GDPR, other relevant data protection regulations and Dimensions policies, reporting the findings and providing advice and recommendations
  • Informing the Dimensions’ Group and staff who process personal data of their obligations, and advising on training programmes and awareness raising initiatives
  • Providing advice on data protection impact assessments and for monitoring these assessments
  • Cooperating with the Information Commissioner’s Office,  and acting as our contact point on issues related to the processing of personal data
  • Checking that we meet our legal obligations where individuals wish to exercise their rights over any data we hold about them

If you have any queries please contact