Data Protection Officer (GMG/SEG 3)

Job Purpose

Under the general supervision of the Permanent Secretary, the Data Protection Officer (DPO) is to advise and provide guidance to the MLGCD on a range of privacy, data protection and technology related regulatory and compliance matters. The DPO is responsible for monitoring internal compliance, informing and advising the MLGCD on data protection obligations, providing advice regarding Data Protection Impact Assessments (DPIAs) and acting as a contact point for data subjects and the Office of the Information Commissioner. The DPO will support the success of the MLGCD through assisting with the introduction and the implementation of its privacy programme. Both legal knowledge and technical fluency are highly desired, as this role will work closely with staff across all areas of the portfolio. 

Key Responsibilities

Management/Administrative: 

• Ensures that the MLGCD processes personal data in compliance with the data protection standards and in compliance with the Act and good practice; 
• Provides overall management for the research, development, and implementation of Data Protection policies and procedures for the Ministry; 
• Researches, designs and implements Data Protection Governance Frameworks and Strategies to manage the use of personal data in compliance with the requisite standards and guidelines; 
• Consults with the OIC to resolve any doubt about how the provisions of the Act and any regulations made under it are to be applied; 
• Ensures that any contravention of the data protection standards or any provisions of the Act by the MLGCD is dealt with; 
• Co-ordinates the efforts of the MLGCD in the implementation of essential elements of the applicable data protection regulation, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, security of processing, and notification and communication of data breaches; 
• Manages systems that ensure appropriate assignment of responsibilities in relation to the management of data and information and the processing and protection of personal data; 
• Provides strategic legal and regulatory guidance to senior management and other Divisions on privacy and data protection issues, law and trends; 
• Performs/oversees initial and periodic privacy impact assessment, risk analysis, mitigation and remediation; 
• Ensures that data controllers and data subjects are informed about their data protection rights, obligations and responsibilities and raises awareness about them; 
• Oversees the maintenance of records required to demonstrate data protection compliance; 
• Supports a programme of awareness-raising and training to deliver compliance and to foster a data privacy culture; 
• Gives advice and recommendations to the MLGCD about the interpretation or application of the data protection rules; 
• Handles queries or complaints on request by the Ministry, the data controller, other person(s), or on their own initiative; 
• Acts as a primary point of contact and co-operates with the OIC (responding to requests about investigations, complaint handling, inspections conducted by the OIC, etc.); 
• Draws the organization’s attention to any failure to comply with the applicable data protection rules and Policy; 
• Supports the data incident response and data breach notification procedures; 
• Prepares and submits routine and special reports, as required; 
• Provides expert advice and educates employees on important data compliance requirements; 
• Drafts new and amends existing internal data protection policies, guidelines and procedures, in consultation with key stakeholders; 
• Delivers training across all Divisions and Units to staff members who are involved in data handling or processing; 
• Participates in meetings, seminars, workshops and conferences as required. 

Technical/Professional: 

• Assists in conducting reviews of assigned organizational and functional activities in accordance with the instructions given by Supervisor and the prescribed audit programme;
• Retrieves and compiles a variety of statistical data from computer files, records, reports or from other sources; 
• Participates in Audits; 
• Provides support to Auditor in the preparation of audit observations and issuing of audit reports; 
• Prepares and organizes working papers and submits to Supervisor for review;
• Clears any queries on the working papers prepared; 
• Maintains administrative files; 
• Participates in the conduct of pre-audits and post-audits as assigned;
• Ensures that all required tools and equipment for the audit are present for each assignment; 
• Assists in verifying the adequacy and accuracy of financial records; 
• Assists in examining and appraising financial and accounting practices, systems and procedures; 
• Assists in conducting operational and financial audits; 
• Assists with the preparation of preliminary recommendations and draft of reports;
• Assists with the preparation of the current file; 
• Assists in the design and development of accounting control systems and procedures for more effective and efficient operations within various departments, as assigned;
• Assists with monitoring and compliance initiatives identified; 
• Assists in audit of Municipal Corporation inventory and asset control registers/systems;
• Assists in conducting investigations. 

Human Resource Management; 

• Manages team members’ performance; 
• Performs other related functions assigned from time to time by the Permanent Secretary/Head of the Unit. 

Required Knowledge, Skills, and Competencies

Core: 

• Excellent oral communication and written communication; 
• Good planning and organizing skills; 
• Good judgement and decision making skills; 
• Customer and quality-focused skills; 
• Analytical and problem-solving skills; 
• Compliance; 
• Initiative. 

Technical: 

• Knowledge of modern business practices and office procedures; 
• Understanding of research methods and techniques; 
• Proficiency in the use of computer applications; 
• Knowledge and understanding of the Data Protection Act and other relevant Jamaica laws and regulations; 
• Experience in managing data incidences and breaches; 
• Knowledge of cybersecurity risks and information security standards; 
• Knowledge of Corporate Governance Framework for Public Bodies in Jamaica;
• Knowledge of Research and Statistical Analysis. 

Minimum Required Qualification and Experience

• Bachelor’s Degree in Law, Compliance, Information Technology Security, Computer Science or Information Management from a registered tertiary institution;
• Three (3) years’ experience in law, data protection, privacy and ICT governance or similar capacity, audit and/or risk management, compliance, or equivalent experience;
• Demonstrable experience, knowledge and/or in-depth understanding of data privacy legislation (in particular GDPR); 
• Experience or specialized training in records and information management systems;
• At least one Data Protection and/or Privacy certification such as, CIPP, CIPT, ISEB, etc.(preferred); 
• Postgraduate degree or certification in any of the following would be an asset:
  • Data models, database design development, data mining and segmentation techniques; 
  • Information Privacy manager (CIPM) or Certified Information Privacy Professional (CIPP); 
  • Audit or risk management; 
  • Project management. 

Special Conditions Associated with the Job

• May be required to travel; 
• Twenty percent of the time spent traveling to conduct research, submit reports and file documents related to data compliance. 

Please note that only shortlisted applicants will be contacted.