Data Protection Officer (GMG/SEG 3) €“ Executive Office

Job Purpose

Under the general supervision of the Permanent Secretary, the Data Protection Officer (DPO) will advise and provide guidance to the MOJ on a range of privacy, data protection and technology related regulatory and compliance matters. The DPO is responsible for monitoring internal compliance, informing and advising the MOJ on data protection obligations, providing advice regarding Data Protection Impact Assessments (DPIAs) and acting as contact point for data subjects and the Office of the Information Commissioner. The DPO will support the success of the MOJ through assisting with the introduction and the implementation of its privacy programme. Both legal knowledge and technical fluency are highly desired as this role will work closely with staff across all areas of the portfolio. 

Key Responsibilities

Administrative/Technical: 

• Ensures that the MOJ processes personal data in compliance with the data protection standards and in compliance with the Act and good practice; 
• Provides overall management for the research, development and implementation of Data Protection policies and procedures for the Ministry; 
• Develops and maintains a security database; 
• Researches, designs and implements Data Protection Governance Frameworks and strategies to manage the use of personal data in compliance with the requisite standards and guidelines; 
• Evaluates data protection strategies and frameworks and identify areas requiring improvement or rectification; 
• Oversees data protection governance and strategies for new initiatives/projects/programmes; 
• Consults with the OIC to resolve any doubt about how the provisions of the Act and any regulations made under it are to be applied; 
• Ensures that any contravention of the data protection standards or any provisions of the Act by the MOJ is dealt with; 
• Highlights and identify high risks areas for exposure in relation to the data protection standards or any provisions of the Data Protection Act; 
• Monitors changes to local privacy/data protection regulations and make recommendations where necessary; 
• Co-ordinates the efforts of the MoJ in the implementation of essential elements of the applicable data protection regulation, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, security of processing, and notification and communication of data breaches; 
• Reports instances of failure to rectify breaches of the Data Protection Act within the prescribed timeframe; 
• Manages sensitive information and maintain records of all activities; 
• Manages systems that ensure appropriate assignment of responsibilities in relation to the management of data and information and the processing and protection of personal data;
• Provides strategic, legal and regulatory guidance to senior management and other divisions on privacy and data protection issues, law and trends; 
• Performs or oversees initial and periodic privacy impact assessment, risk analyses, mitigation and remediation; 
• Ensures that data controllers and data subjects are informed about their data protection rights, obligations and responsibilities and raises awareness about them; 
• Oversees the maintenance of records required to demonstrate data protection compliance; 
• Supports a programme of awareness-raising, training and other initiatives to deliver compliance and to foster a culture of data protection and privacy; 
• Gives advice and recommendations to the MOJ about the interpretation or application of data protection rules; 
• Handles queries or complaints on request by the Ministry, the data controller, other person(s), or on their own initiative; 
• Co-operates with the OIC (responding to requests about investigations, complaint handling, inspections conducted by the OIC, etc.); 
• Draws the Ministry’s attention to any failure to comply with the applicable data protection rules and Policy; 
• Supports the data incident response and data breach notification procedures;
• Prepares and submits routine and special reports, as required; 
• Provides expert advice and educates employees on important data compliance requirements; 
• Drafts new and amends existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders; 
• Delivers training across all Divisions and Units to staff members who are involved in data handling or processing; 
• Participates in meetings, seminars, workshops and conferences are required;
• Performs any other related duties that may be assigned from time to time. 

Required Knowledge, Skills and Competencies

Core: 

• Excellent oral and written communication skills; 
• Good planning and organizing skills; 
• Customer and quality focus skills; 
• Good judgement and decision-making skills; 
• Good analytical and problem-solving skills;
• Compliance. 

Technical: 

• Knowledge and understanding of the Data Protection Act and other relevant Jamaican Laws and Regulations; 
• Knowledge of modern business practices and office procedures; 
• Knowledge of cybersecurity risks and information security standards; 
• Proficiency in the use of computer application; 
• Understanding of research methods and techniques; 

Minimum Required Qualification and Experience

• Bachelor’s Degree in Law, Compliance, IT Security, Audit or similar areas;
• Three (3) years’ experience in law, audit and/or risk management, compliance, or related experience; 
• Demonstrable experience, knowledge and/or in-depth understanding of data privacy legislation (in particular GDPR); 
• Experience or specialized training in records and information management systems;
• At least one Data Protection and/or Privacy certification such as, CIPP, CIPT, ISEB, etc., (preferred). 

Specific Conditions Associated with the Job

• May be required to travel; 
• At least twenty percent (20%) of the time spent traveling to conduct research, submit reports and file documents related to data compliance. 

Please note that only shortlisted applicants will be contacted.