Data Protection Officer (GMG/SEG 3)

Job Purpose

The Data Protection Officer (DPO) is responsible for monitoring the Ministry’s data practices, ensuring that all functions carried out by the Ministry are in accordance with the provisions of the Data Protection Act (2020). Under the general direction of the Permanent Secretary, the DPO will be accountable for monitoring internal compliance and providing guidance to the Ministry of Economic Growth and Job Creation on data protection obligations. Additionally, the DPO will serve as a primary point of contact for supervisory authorities, such as the Office of the Information Commissioner and individuals whose data is processed by the Ministry. 

Key Responsibilities

Technical/Professional: 

• Designs and implements a comprehensive Data Privacy Governance Framework and strategies to effectively manage the use of personal data in accordance with the provisions of the Data Protection Act; 
• Establishes and maintains appropriate systems and internal control mechanisms that align with the prescribed standards of the Data Protection Act; 
• Ensures that the Ministry and its operational processes pertaining to data processing adhere to the established data protection standards and regulations; 
• Implements strategies to enhance operational processes and ensures processes are in compliance with regulatory requirements; 
• Designs and implements Data Protection policies and procedures within the Ministry; 
• Ensures that breaches of the Data Protection standards or violations of the provisions outlined in the Data Protection Act are addressed promptly; 
• Reviews and updates the Data Protection Plan regularly to ensure it aligns with any changes in laws, regulations and policies; 
• Ensures the timely collection of data, analysis and reporting of data on key performance measures; 
• Maintains a robust system to address and respond to queries and complaints; 
• Ensures proper management and maintenance of personal data records, in compliance with data protection standards; 
• Sensitizes and trains staff on the components of relevant Acts, Regulations and Policies related to data; 
• Informs data controllers and data subjects about their rights, obligations and responsibilities regarding data protection; 
• Provides advice and recommendations to the Permanent Secretary and staff regarding the interpretation and application of data protection rules; 
• Collaborates with the Information and Communication Technology (ICT) Branch to ensure compliance with the Data Protection Act in the Ministry’s ICT System; 
• Collaborates with the Information and Communication Technology (ICT) Branch to manage data security incidents and ensures timely resolution of issues such as security breaches, complaints or subject access requests; 
• Provides legislative advice and guidance to the Permanent Secretary regarding any gaps identified from the outcome of the Data Protection and Privacy Impact Assessment; 
• Liaises with the Office of the Information Commissioner to address data protection matters and clarifies or resolves any doubts regarding the application of the Act’s provisions; 
• Collaborates with the Enterprise Risk Management Unit, Internal Audit Division, Legal Services Division and other key stakeholders to monitor, implement and analyze compliance programmes; 
• Prepares and submits routine and special reports, as required; 
• Attends and participates in meetings, seminars, workshops and conferences, as required.
• Performs any other related duties that may be assigned periodically. 

Required Knowledge, Skills, and Competencies

Core: 

• Excellent critical reasoning, quantitative and qualitative analysis skills; Strong environmental scanning, analysis and interpretive skills; 
• Strong negotiating and persuasive presentation skills; 
• Strong leadership skills; 
• Good planning and organizing skills; 
• Good problem solving and analysis skills; 
• Good oral and written communication skills; 
• Ability to use own initiative and judgment; 
• Integrity/Ethics; 
• Good interpersonal skills; 
• Priority management; 
• Good teamwork. 

Technical: 

• Expert knowledge of the Data Protection Law and Practices; 
• Proficiency in the use of the relevant computer applications; 
• Knowledge of change management principles and practices; 
• Expert knowledge of auditing techniques and practices; 
• Good knowledge of risk management techniques and strategies; 
• Sound knowledge and understanding of GOJ policies and programmes and the machinery of Government; 
• Sound knowledge of applicable laws, policies, regulation and procedures. 

Minimum Required Qualification and Experience

• Bachelor’s Degree in Law, Computer Science, Audit or equivalent qualification from a recognized tertiary institution; 
• Experience or knowledge in data privacy legislation (in particular GDPR);
• Experience or specialized training in Records and Information Management systems;
• Certification in Information Security, Data Protection and/or Privacy Certification such as CIPP, CIPT, ISEB, etc. (preferred); 
• Exposure to legal training; 
• Three (3) years’ related work experience. 

Please note that only shortlisted applicants will be contacted.