Data Protection Officer (GMG/SEG 2) - National Parenting Support Commission

Job Purpose

Under the general direction of the Chief Executive Officer, the Data Protection Officer is responsible for the ensuring the Agency operates in accordance with the Data Protection Act 2020. The incumbent is also responsible for providing technical advice and co-ordinating all aspects relating to data privacy. The incumbent will play a critical role in safeguarding the privacy rights of individuals for whom data is held or processed by the NPSC and will ensure that sensitive data is protected in accordance with the law. 

Key Responsibilities

Technical/Professional: 

• Implements measures and a privacy governance framework to manage data use in compliance with the Data Protection Act, including developing templates for data collection, and assisting with data mapping; 
• Ensures that the National Parenting Support Commission (NPSC) processes personal data in compliance with the data protection standards and the Data Protection Act and good practice; 
• Consults with the Office of the Information Commissioner (OIC) to resolve any doubt about how the provisions of the Data Protection Act and any Regulations made thereunder are to be applied; 
• Ensures that any contravention of the data protection standards or any provisions of the Data Protection Act by the NPSC is dealt with in accordance with the provisions of the Data Protection Act; 
• Keeps abreast of Jamaica Data Protection laws and regulations, and industry best practices and international laws, including the European Union’s General Data Protection Regulations (GDPR), Electronic Privacy Act and other international data protection laws; 
• Notifies, the Data Controller, in writing of any contravention of the data protection standards or any provisions of the Data Protection Act; 
• Investigates and responds to data security breaches or security incidents promptly, ensuring appropriate notices are provided to the regulatory authorities, affected individuals, and other relevant parties as required by law. 
• Reports any contravention by NPSC of the data protection standards or any provisions of the Data Protection Act to the OIC, if the contravention is not rectified within reasonable time after the notification; 
• Assists data subjects in the exercise of their rights under the Data Protection Act, in relation to the NPSC; 
• Develops internal policies and procedures related to the processing of personal data;
• Makes recommendations for the appropriate organisational and technical measures to ensure the security of personal data; 
• Serves as the primary contact for the OIC on issues relating to the processing of data, and to consult, where appropriate, with regard to any other matter; 
• Develops and implements Standard Operating Procedures (SOPs) for addressing all complaints pertaining to the NPSC’s privacy policies and procedures; 
• Provides advice/information to the NPSC and its employees on their obligations under the Data Protection Act and state data protection provisions; 
• Manages and conducts ongoing reviews of the NPSC’s Data Protection Framework;
• Disseminates current information on policies, procedures and legislation for the Ministry’s staff to be aware of as well as to promote the quality culture; 
• Develops and implements approved certification mechanisms to exhibit compliance;
• Monitors and evaluates recommendations implemented for addressing weaknesses and deficiencies in relation to the processing of personal data; 
• Prepares reports and presentations on analysis and findings; 
• Conducts a data protection Impact Assessment in respect of all personal data in the custody or control of the NPSC; 
• Conducts periodic assessments to identify potential risks, gaps, or breaches in data protection, and develops strategies to mitigate these risks; 
• Conducts sensitization sessions for staff on the components of the Data Protection Act, Regulations and policies; 
• Collaborates with the Ministry’s ICT Division in the maintenance of a data security incident management plan, to ensure timely remediation of incidents, including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests; 
• Collaborates with the relevant officers from the Internal Audit Unit, Legal Services Unit and other key stakeholders to monitor, implement and analyse compliance programmes;
• Monitors to ensure that the NPSC’s ICT systems and procedures conform with the relevant data privacy and protection law, regulation and policy; 
• Participates in the collection of data analysis and reports on key performance measures;
• Provides responses to comments and queries from data subjects in relation to the processing of personal data; 
• Provides regular reporting to the Chief Executive Director and the Management Team of the NPSC on data protection activities, compliance status and emerging privacy risks;
• Monitors changes to local privacy laws and makes recommendations, where necessary;
• Performs any other duty as assigned by the Chief Executive Officer.

Required Knowledge, Skills and Competencies

Core: 

• Excellent oral and written communication skills 
• Excellent presentation skills 
• Excellent analytical, judgment, decision making and problem solving skills
• Excellent planning and organizing skills 
• Excellent interpersonal skills to foster harmonious working environment
• Strong customer service and quality focus skills 
• High level of integrity and confidentiality 

Technical: 

• Sound knowledge of applicable laws, policies, regulation and procedures
• Good knowledge of auditing techniques and practices 
• Good knowledge of risk management techniques and strategies 
• Knowledge of Corporate Governance Framework for Public Bodies in Jamaica.
• Good knowledge and understanding of GOJ policies and programmes and the machinery of government 
• Understanding of data management and information security principles, including encryption, access controls and risk management 
• Good critical reasoning, quantitative and qualitative analysis skills 
• Knowledge of change management principles and practices 
• Strong environmental scanning, analysis and interpretive skills 
• Strong negotiating and persuasive presentation skills 
• Experience in conducting data protection impact assessments and developing privacy policies, procedures, and guidelines 
• Experience with handling data breaches, incidents, and interactions with the Office of the Information Commissioner 
• Proficiency in the use of the relevant computer applications 

Minimum Required Qualification and Experience

• Bachelors’ Degree in Computer Science, Audit or equivalent qualification from recognized tertiary institution 
• Certification in Information Security, Data Protection and/or Privacy Certification such as CIPP, CIPT, ISEB, etc. (preferred) 
• Exposure to legal training would be an asset 
• Sound knowledge of the Data Protection Act and other applicable data protection policies.
• One (1) year related work experience 

Specific Condition Associated with the Job:

• May be required to work beyond normal work hours in order to meet deadlines.
• May be required to work on public holidays/weekends 
• Possession of a valid Drivers’ Licence and a reliable motor vehicle. 

Please note that only shortlisted applicants will be contacted.