Data Protection Officer (GMG/SEG 3)

Job Purpose

Under the general direction of the Chief Personnel Officer, the Data Protection Officer (DPO) is to advise and provide guidance to the Office of the Services Commissions (Central Government) on a range of privacy, data protection and technology related regulatory and compliance matters.

The DPO is responsible for monitoring internal compliance, informing and advising the OSC on data protection obligations, providing advice regarding Data Protection Impact Assessments (DPIAs) and acting as a contact point for data subjects and the Office of the Information Commissioner. 

The DPO will support the success of the OSC through assisting with the introduction and the implementation of its privacy programme. Both legal knowledge and technical fluency are highly desired as this role will work closely with staff across all areas of the portfolio. 

Key Responsibilities

Administrative: 

• Aligns the Section’s Corporate/Operational Plans and Budget with the Office’s strategic objectives and priority programmes; 
• Maintains mechanisms to effectively co-ordinate the alignment of plans, programmes and projects of the Section to ensure a cohesive and complimentary execution of policy and programme initiatives; 
• Develops Individual Work Plans based on alignment with the Plan for the Section;
• Participates in and co-ordinates the development of the strategic direction of the Office.
• Prepares and submits performance and other reports relating to the achievement of targets for the Office, as required and ensures timely submission of all documents/information requested from the Section; 
• Participates in meetings, seminars, workshops, and conferences, as required;
• Maintains customer service principles, standards, and measurements;
• Identifies and incorporates the interests and needs of customers in business processes designed. 

Technical: 

• Ensures that the OSC processes personal data in compliance with the Data Protection standards and in compliance with the Act and good practice; 
• Provides overall management for the research, development and implementation of Data Protection policies and procedures for the Office; 
• Researches, designs, and implements Data Protection Governance Frameworks and strategies to manage the use of personal data in compliance with the requisite standards and guidelines; 
• Consults with the OIC to resolve any doubts about how the provisions of the Act and any regulations made under it, are to be applied; 
• Ensures that any contravention of the data protection standards or any provisions of the Act by the OSC is dealt with; 
• Co-ordinates the efforts of the OSC in the implementation of essential elements of the applicable data protection regulation, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, security of processing, and notification and communication of data breaches; 
• Manages systems that ensure appropriate assignment of responsibilities in relation to the management of data and information, and the processing and protection of personal data;
• Provides strategic legal and regulatory guidance to Senior Management and other Divisions on privacy and data protection issues, law, and trends; 
• Performs or oversees initial and periodic privacy impact assessment, risk analyses, mitigation, and remediation; 
• Ensures that data controllers and data subjects are informed about their data protection rights, obligations and responsibilities and raises awareness about them. 
• Oversees the maintenance of records required to demonstrate data protection compliance; 
• Supports a programme of awareness-raising and training to deliver compliance and to foster a data privacy culture; 
• Gives advice and recommendations to the OSC about the interpretation or application of the data protection rules; 
• Handles queries or complaints on request by the Office, the Data Controller, other person(s), or on their own initiative; 
• Co-operates with the OIC (responding to requests about investigations, complaint handling, inspections conducted by the OIC, etc.). 
• Draws the Organization’s attention to any failure to comply with the applicable data protection rules and policy; 
• Supports the data incident response and data breach notification procedures;
• Prepares and submits routine and special reports, as required; 
• Provides expert advice and educates employees on important data compliance requirements; 
• Drafts new and amends existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders; 
• Delivers training across all Divisions and Units to staff members who are involved in data handling or processing; 
• Performs any other related duties that may be assigned from time to time. 

Required Knowledge, Skills and Competencies

Core: 

• Excellent oral and written communication skills 
• Good planning and organizing skills 
• Good judgement and decision-making skills 
• Customer and quality-focused skills 
• Analytical and problem-solving skills 
• Compliance 
• Integrity 
• Adaptability 
• Ability to use own initiative 

Technical/Functional: 

• Knowledge of modern business practices and office procedures 
• Understanding of research methods and techniques 
• Proficiency in the use of computer applications 
• Knowledge and understanding of the Data Protection Act 
• Experience in managing data incidences and breaches 
• Knowledge of cybersecurity risks and information standards 
• Good report-writing skills 
• Excellent priority-setting skills 
• Ability to manage internal and external partners and relationships 

Minimum Required Qualification and Experience

• Bachelor of Law Degree in Compliance, IT Security, Audit, or similar background;
• Three (3) years of experience in law, audit and/or risk management, compliance, or equivalent experience; 
• Demonstrable experience, knowledge and/or in-depth understanding of data privacy legislation (GDPR); 
• Experience or specialized training in records and information management systems;
• At least one Data Protection and/or Privacy certification such as, CIPP, CIPT, ISEB, etc. (preferred). 

Working Environment

• Work will be conducted in an office equipped with standard office equipment and specialized software; 
• Required to travel in the execution of official duties; 
• Job entails working in the field; 
• The environment is fast paced with ongoing interactions with critical stakeholders and meeting tight deadlines which will result in high degrees of pressure, on occasions. 

Special Condition Associated with the Job

Specifically, the Data Protection Officer must: 

• Handle queries or complaints on request by the Ministry, the Controller, other persons, or on his/her initiative; 
• Ensure that any other tasks or duties assigned to the DPO, do not result in a conflict of interest with his/her role as a DPO.

Please note that only short-listed applicants will be contacted.