Data Security & Compliance Trustee

Board Support & Representation

• Act as an ambassador for STRM, representing the charity at events, meetings, and community opportunities where appropriate.
• Support the promotion of STRM’s work, values, and impact.
• Build positive relationships with partners, stakeholders, and the wider community.

Hours: Approx. 4–6 hours per month

Contract Type: Voluntary (Unpaid)

Salary / Rate: Voluntary role (reasonable expenses may be reimbursed in line with STRM policies)

Benefits

• Opportunity to shape and influence a growing grassroots charity.
• Trustee governance experience.
• Training and development opportunities.
• Carer-friendly flexibility.
• Being part of a lived-experience, values-led organisation.
• Peer support and team connection.
• Mileage reimbursement for authorised travel.
• Access to Work support (equipment or adjustments where applicable).
• Discounted carers’ breaks.
• Team-building sessions and peer support.
• Discount schemes for charity workers.

About STRM

SEND the Right Message (STRM) is a “by parents, for parents” registered charity.

We aim to improve the lives of families across Southend, Castle Point, Rochford, and Essex where a child or young person (aged 0–25) has, or may have, special educational needs and/or disabilities (SEND).

Our vision is for parent carers, children, and young people with SEND to fulfil their potential — enabling families to live happier, healthier, longer lives. We are a neuro-affirming, family-led organisation guided by our GUIDE.

We are committed to maintaining a culture of inclusion, transparency, and trust where safeguarding, equality, and lived experience are at the heart of all we do.

What skills do I need?

Our GUIDE Values

G – Growth | Championing radical resilience and confidence in families and communities.
U – Understanding | Listening with kindness, empathy, and compassion.
I – Integrity | Acting with honesty, authenticity, and transparency — building trust in all we do.
D – Diversity | Valuing difference, welcoming everyone, and celebrating uniqueness.
E – Encouragement | Creating safe, nurturing spaces where families feel supported to thrive.

Role Summary

The Data Security & Compliance Trustee provides strategic oversight and Board-level assurance on data protection, information governance, cyber security, and regulatory compliance across STRM.

This is a governance role, focused on oversight and guidance rather than operational delivery. The Trustee supports the Board to ensure appropriate systems, policies, controls, and culture are in place to protect sensitive information, maintain trust, and ensure legal compliance.

Main Duties and Responsibilities

Governance, Compliance & Legal Frameworks

• Provide Board-level assurance that STRM complies with relevant legislation and regulatory requirements.
• Ensure alignment with key legal frameworks, including:
o UK GDPR
o Data Protection Act 2018
o Privacy and Electronic Communications Regulations (PECR)
o Charity Commission guidance
o Safeguarding legislation and statutory guidance
• Ensure alignment with trustee duties set out by the Charity Commission for England and Wales (including CC3 – The Essential Trustee).
• Ensure alignment with the Charity Governance Code.
• Oversee that data protection, information governance, and cyber security policies are compliant, up to date, and regularly reviewed.

Data Protection & Information Governance

• Provide strategic oversight of information governance and data protection arrangements.
• Ensure appropriate systems are in place for:
o Privacy notices
o Data retention schedules
o Data sharing agreements
o Consent management
o Records of Processing Activities (RoPA)
o Data Protection Impact Assessments (DPIAs)
• Ensure appropriate protections are in place for special category data, safeguarding information, and confidential records relating to children, young people, families, staff, and volunteers.
• Promote ethical, transparent, and accountable use of data across the organisation.

Cyber Security & Risk Management

• Oversee cyber security risks and controls across the charity.
• Ensure appropriate safeguards are in place including:
o Multi-factor authentication (MFA)
o Password management
o Access controls
o Secure storage and backup arrangements
o Device and cloud security
• Monitor risks relating to data breaches, cyber threats, phishing, and information security.
• Ensure lessons learned from incidents and near misses are reviewed and implemented.
• Support Board oversight of data-related risks within the charity Risk Register.

Digital Systems & Technology

• Provide oversight of digital systems used across STRM, including CRM platforms, cloud services, websites, email systems, and communication tools.
• Review the data protection implications of new systems and digital projects.
• Support the safe, ethical, and compliant use of artificial intelligence (AI) and emerging technologies.
• Ensure third-party suppliers and contractors handling personal data meet appropriate compliance standards.

Training, Culture & Awareness

• Promote a culture of confidentiality, cyber awareness, and responsible data handling.
• Ensure trustees, staff, and volunteers receive appropriate data protection and cyber security training.
• Support accessible and neurodiversity-friendly approaches to consent, privacy, and information sharing.
• Raise awareness of cyber risks, phishing, safe password practices, and secure information handling.

Key Working Relationships

• Chair of Trustees.
• Trustee Board.
• CEO.
• Business Manager.
• Secretary.
• Staff and volunteers handling personal information.
• External IT, CRM, and digital service providers.
• Local authority partners and commissioned services where appropriate.

Desirable

• Experience in data protection, compliance, cyber security, information governance, or risk management.
• Experience working in a charity, education, health, public sector, or community setting.
• Knowledge of safeguarding and handling sensitive family information.
• Familiarity with CRM systems, cloud platforms, and digital governance.
• Experience of policy development, auditing, or regulatory compliance.

All Trustees are expected to complete relevant training, including:

• Data protection and cyber security training.
• Governance responsibilities (as guided by the Charity Commission for England and Wales, including CC3 – The Essential Trustee).
• STRM mandatory training requirements.

Training and Development

STRM invests in its people. All trustees complete mandatory safeguarding, data protection, and equality training, with access to learning and reflection sessions for personal growth, reflective practice, and professional development aligned with our GUIDE Values.

Safeguarding Statement

STRM – SEND the Right Message Charity is committed to safeguarding and promoting the welfare of children, young people, adults at risk, and families.

Safe information handling is a vital part of this commitment, and all trustees, staff, and volunteers are expected to share this responsibility and uphold our GUIDE Values in every role.

All appointments are subject to appropriate checks, including references and an Enhanced DBS, in line with STRM’s Safeguarding and Safer Recruitment Policies.

Additional Information

• Confidentiality must be maintained in line with STRM policies.
• This role provides strategic oversight and is not intended to undertake the operational responsibilities of a Data Protection Officer (DPO).
• This job description may be reviewed as the role develops.

Person Specification

Communication & Teamwork

• Work collaboratively with the Chair, CEO, and Trustee Board.
• Provide constructive challenge and support at Board level.
• Maintain clear boundaries between governance and operational roles.

Monitoring & Reporting

• Deliver a strategic Data Security & Compliance report at each quarterly Trustee meeting (Saturday).
• Provide oversight of:
o Data protection risks and mitigation
o Compliance and governance matters
o Cyber security arrangements
o Policy updates and training compliance
• Contribute to Board-level decision-making

Location

This opportunity can be carried out whilst working from home.