Data Protection Officer (GMG/SEG 2)

 Back to listing
Organisation
South East Regional Health Authority
Reference
VAC-58329
Contract Type
Full-Time
Industries
Information & Communication Technology
Location
Kingston
Salary & Benefits
Date Posted
27/06/2025
Expiry Date
09/07/2025
The incumbent ensures data protection compliance, develops policies, advises on data matters, and safeguards the South East Regional Health Authority’s data assets, reporting directly to the Regional Director.

 

STRATEGIC OBJECTIVES OF THE ENTITY/DEPT/DIVISION

The South East Regional Health Authority (SERHA) operates under the Data Protection Act 2018 ("the Act"), governing personal data. Enacted in 2020, the legislation enhances safeguards for Jamaicans' personal information, transforming how the Region manages data, from collection to disposal. The Data Protection Officer is responsible for monitoring independently to ensure the region’s compliance with the provisions of the Data Protection Act. 

 

JOB PURPOSE

Under the general supervision of the Regional Director, the Data Protection Officer (DPO) is responsible for overseeing the protection and management of all data within the South East Regional Health Authority. The DPO will ensure compliance with data protection laws and regulations, implement data protection policies and procedures, and advise the relevant parties on all data protection matters. Reporting to the Regional Director, the DPO will play a key role in safeguarding the region's data assets. 

 

KEY OUTPUTS

  • The Region's data protection policies and procedures implemented.
  • Ensure compliance with data protection laws and regulations. 
  • Regular audits and risk assessments to identify potential data privacy risks conducted. 
  • Advice provided on the privacy implications of new projects, policies, and procedures. 
  • Data protection impact assessments (DPIAs) for high-risk processing activities conducted. 
  • Data protection training and awareness programmes developed and delivered.
  • Data protection practices monitored. 
  • Recommendations for improvement provided. 
  • Data protection incidents and breaches investigated and response supplied.
  • Up-to-date knowledge of data protection laws and regulations maintained.
  • Act as the main point of contact for data protection-related queries.
  • Liaison services provided with external stakeholders, such as regulators and data subjects, regarding data protection matters. 
  • Reports on data protection activities to senior management prepared and presented. 
  • Individual Work Plan developed.

 

KEY RESPONSIBILITY AREAS

Technical/Professional Responsibilities 

  • Review and update the region's data protection policies, ensuring alignment with current laws and regulations. 
  • Develop and maintain a data inventory to capture all personal data held by the South East Regional Health Authority. 
  • Carry out privacy impact assessments for all new projects involving the processing of personal data. 
  • Develop and implement procedures for the secure collection, storage, and disposal of personal data. 
  • Conduct regular reviews of data protection policies and practices to identify areas for improvement. 
  • Create and deliver data protection training programs to educate staff on their responsibilities and obligations. 
  • Monitor and assess the effectiveness of data protection controls and make recommendations for enhancements. 
  • Develop and maintain a data breach response plan, including clear procedures for notifying affected individuals and authorities. 
  • Collaborate with IT and other relevant departments to ensure data protection measures are integrated into systems and processes. 
  • Conduct regular audits to ensure compliance with data protection laws and regulations, including data subject rights. 
  • Respond to data subject requests within the required timeframes, including access, rectification, and erasure requests. 
  • Monitor and review data processor agreements to ensure compliance with data protection rules. 
  • Stay updated on emerging data protection trends, legal developments, and best practices. 
  • Provide advice and guidance on cross-border data transfers and cloud-based service providers. 
  • Develop and implement privacy-by-design principles in the region’s data processing activities. 
  • Conduct privacy impact assessments for international data transfers.
  • Liaise with external legal counsel as needed to address complex data protection matters. 
  • Develop and maintain records of data protection activities, including data processing agreements and data breach incidents. 
  • Collaborate with stakeholders to develop data protection requirements for new IT systems and applications. 
  • Regularly review and update consent forms and privacy notices to ensure compliance with applicable regulations. 
  • Assist in the development and implementation of data retention and deletion policies. 
  • Conduct periodic privacy audits to identify potential gaps and risks in data protection practices.
  • Assist in developing incident response procedures and conduct post-incident reviews. 
  • Provide data protection-related advice and support to other business units within the region. 
  • Ensure that the region's data protection practices align with industry standards and best practices. 

Management/Administrative Responsibilities 

  • Participates in the development and implementation of annual operational plans in keeping with the Strategic Business Plan. 
  • Participates in the development of the annual budget and ensures that expenditure is kept within budget. 
  • Reviews and recommends amendments to policies and strategies based on the impact of implementation and ensures their alignment with the region’s strategic objectives and best practices. 
  • Implements appropriate communication mechanisms for the dissemination of policy to all relevant stakeholders. 
  • Ensures that the work of the unit is documented 
  • Develops individual Work Plan. 
  • Prepares and submits activity reports as required. 

Human Resources Responsibilities 

  • Maintains a system that fosters a culture of teamwork, employee empowerment and commitment to the region’s goals. 
  • Fosters an atmosphere of trust and high ethical and confidential standards. 

Other Responsibilities 

  • Performs all other related duties and functions as may be required from time to time.

 

PERFORMANCE STANDARDS

  • Develop and maintain a data protection policy framework to ensure compliance with applicable laws and regulations. 
  • Conduct regular audits and risk assessments to identify and address data protection issues. 
  • Provide training and awareness programs to staff on data protection policies, procedures, and best practices in a timely manner. 
  • Respond promptly and accurately to data subject and supervise requests and inquiries promptly. 
  • Monitor and evaluate data protection practices to identify areas of improvement and implement corrective actions as necessary. 
  • Develop and maintain data breach response plans and ensure effective implementation across the organization in keeping with data protection practices.
  • Collaborate with internal stakeholders to ensure data protection requirements are considered in all relevant projects and initiatives. 
  • Conduct privacy impact assessments for new systems, processes, or technologies to identify potential risks and develop mitigating strategies. 
  • Regularly review and update data protection policies and procedures in alignment with changing legal and organizational requirements. 
  • Monitor and assess third-party data processors' compliance with data protection obligations. 
  • Foster a culture of data protection awareness and accountability across the organization. 
  • Stay updated with emerging trends, laws, and regulations related to data protection to provide informed guidance and strategic advice. 
  • Reports prepared are accurate and produced within an agreed timeframe.
  • Confidentiality and integrity are exercised at all times. 

 

AUTHORITY

  • To advise on Data Protection Laws. 
  • To monitor the organization's data processing activities to ensure compliance with relevant data protection laws. 
  • To manage data subject requests, such as access, rectification, and erasure requests. 

 

REQUIRED COMPETENCIES

Core 

  • Knowledge of data protection laws, regulations, and best practices.
  • Excellent verbal and written communication skills, with the ability to effectively communicate complex information to stakeholders at all levels. 
  • Strong analytical and problem-solving skills to identify and address data protection risks and gaps. 
  • Ability to work independently and collaboratively as part of cross-functional teams.
  • Strong organizational and time management skills to manage multiple projects and priorities simultaneously. 
  • Attention to detail and a high level of accuracy in evaluating and interpreting data protection requirements. 
  • Strong ethical standards and ability to handle sensitive and confidential information with discretion. 
  • Proactive and adaptable approach to keep up with evolving data protection landscape. 
  • Ability to build and maintain positive relationships with stakeholders, both internal and external. 
  • Continuous learning mindset to stay updated with changing data protection practices and technologies. 
  • Strong customer service orientation, with the ability to act as a trusted advisor to employees and management. 
  • Problem-solving skills with the ability to provide strategic advice and guidance on complex data protection issues. 

Technical 

  • Knowledge of data protection frameworks. 
  • Familiarity with information security principles and practices. 
  • Understanding of data privacy impact assessments and their application.
  • Experience in developing and implementing data protection policies and procedures. 
  • Knowledge of technology-related aspects of data protection, such as data encryption and anonymization. 
  • Understanding of incident response and data breach management protocols.
  • Proficiency in data management systems and tools. 
  • Familiarity with data protection training and awareness programs.
  • Experience in conducting data protection audits and assessments.
  • Understanding of the legal and regulatory environment about data protection in the Health Sector. 
  • Knowledge of data governance principles and practices. 
  • Proficiency in data protection risk assessment and management techniques. 

 

MINIMUM REQUIRED EDUCATION AND EXPERIENCE

  • Bachelor's degree in business administration, law, IT, or cybersecurity or a related field. 
  • Three (3) years of relevant work experience in data protection or a similar role

 

SPECIAL CONDITIONS ASSOCIATED WITH THE JOB

  • Work will be conducted in an office outfitted with standard office equipment and specialized software - in addition to undertaking duties within environments that may contain dust, noise, and other hazards. The environment is fast-paced with ongoing interactions with critical stakeholders and meeting tight deadlines which will result in high degrees of pressure, on occasions.
  • May be required to travel locally and internationally to attend conferences, seminars and meetings.

 

 

We thank all applicants for their interest. However, only those shortlisted will be contacted.

South East Regional Health Authority
Visit Website
    • Register and Apply
    Log In and Apply

    Please fill in the form, upload your CV to complete your application. You will also register during this process to enable you to log in track your application and setup Job Alerts.
    By submitting this form you agree to our terms of use
    Register & Apply

    You may also be interested in...
    Educational Media Assistant - Nassau
    Posted Today Posted by Lyford Cay International School
    Lyford Cay International School is now hiring an Educational Media Assistant
    Salary & Benefits: Town/City: Nassau
    View Details
    School Monitor - Nassau
    Posted Today Posted by Lyford Cay International School
    Lyford Cay International School is now hiring a School Monitor
    Salary & Benefits: Town/City: Nassau
    View Details
    Math and Physics Teacher - Nassau
    Posted Today Posted by Lyford Cay International School
    Lyford Cay International School is now hiring a Math and Physics Teacher.
    Salary & Benefits: Town/City: Nassau
    View Details
    Money Laundering Reporting Officer Supervisor - Aruba
    Posted Today Posted by The St. Regis Aruba Resort
    Monitors casino AML compliance, ensures accurate FIU reporting, addresses compliance exceptions, liaises with auditors and regulators, and supports oversight by the MLCO and Compliance Committee.
    Salary & Benefits: Town/City: Aruba
    View Details
    Executive Pastry Chef - Aruba
    Posted Today Posted by The St. Regis Aruba Resort
    Leads daily pastry operations, ensuring quality, creativity, staff development, and budget adherence while upholding food safety and guest satisfaction across all pastry preparation areas.
    Salary & Benefits: Town/City: Aruba
    View Details