Data Protection Officer

Research, design, and implement Data Protection Governance Frameworks and strategies to manage the use of personal data in compliance with the requisite standards and guidelines

The University of the Commonwealth Caribbean invites applications from suitably qualified and experienced persons to fill the position of:

JOB SUMMARY: 

• Provide rigid compliance with all relevant legislation, and oversee the correct use of data within the company on a daily basis.
• Research, design, and implement Data Protection Governance Frameworks and strategies to manage the use of personal data in compliance with the requisite standards and guidelines.
• Review and finalize the strategic framework and data protection action plan, train and sensitization for all constituents and update policies to ensure UCC remains compliant and all stakeholders and the institution are protected.
• Provide specialist advice and support to the President and the University’s executive leadership
• Work closely with key internal departments such as the, legal, information technology, registry, and marketing and communications and key external stakeholders.
• Understand and interpret the different categories of personal data being processed, including which users, processes and applications that interact or process the personal data.
• Willing to travel to other campuses to inspect operations regarding DPA

SPECIFIC DUTIES:

Compliance- Consult the Legal Office for detailed advice on UCC obligations under the act or request a Data Privacy Assessment to know the risk and gaps to ascertain there are adequate protection against breaches.

-          Adhere to the annual requirements of the data protection Act.

-          Manage day-to-day compliance monitoring, oversight and operational functions.

-          Assess new project‘s risks and impact on the processing of personal data

 Data Protection Plan- Chart a data protection and privacy roadmap at the enterprise level.

-  Institutional Forms- Update data collection forms in all departments.

Safeguards- Implement measures to address the risks, including safeguards, and security measures to ensure protection of data.

Access Levels- Set and monitor access levels on all platforms and monitor the Policy-IT Acceptable Use Policy.

▪    Work Drive- Organize the institution’s records within the Work Drive on the internal servers by the Records Classification Scheme, a functional scheme organised by core functions.   The local work drive is the main repository of the institution's records protected by user profile and Levels of Access.

▪    Google Drive- Sync Institutional records in institution's business Gmail account to the core record management system.

▪   Cloud Storage- Synchronize files stored across devices in the virtual cloud.

▪   Email Management- Email forwarding protocol to protect data privacy and avert data loss through change job titles, job rotations and promotion.

Data Retention- Finalise the records retention schedule in the Policy-Records Retention and Disposition Policy to guide records retention.

Backup, compressed and synchronized records uploaded and retained on UCC’s work servers.

 ▪  Digitised Records- Documents scanned and stored on varied devices.

▪   Manage scanned records from Database applications.

Including incoming softcopy students’ records on the SMS and documents received/prepared and added to Google docs platform as well as the work drive.

Data Protection Policies & Procedures- Review and update the comprehensive set of applicable national and international Data Protection regulations and related laws and standards to which UCC must adhere.

Training – Conduct training sessions with staff, students and stakeholders to ensure  awareness of their responsibilities under law.

Monitoring - Monitor business operations to ensure that the institution remains compliant with the regulations.

Coordinate and conduct periodic data privacy audits.

GENERAL DUTIES:

1. Develop and implement an action plan that supports the readiness of UCC to comply with the Data Protection Act and Cyber Crime Act.
2. Facilitate procedures for UCC to register with the Office of the Information Commissioner and maintain compliance.
3. Organising training courses for relevant stakeholders
4. Support the creation of policies and guidelines to promote proper data handling
5. Providing information when necessary to senior management, often involving highly sensitive data
6. Making sure all data is up to date, and that policies involving destruction of data are closely followed

 COMPETENCIES, SKILLS AND ABILITIES:

Experience in academia and records management.

 EXPERIENCE AND EDUCATIONAL QUALIFICATIONS:

▪      Masters in Management Information Systems / Information Security/ Law / Compliance/ Audit

▪      Records Management training/experience

▪      Hold at least one Data Protection and/or Privacy certification such as, CIPP, CIPT, CIPM .

▪      At least 3 years’ experience in developing policy and compliance training.

 WORKING CONDITIONS:

Position requires working in an office environment where there are a few physical discomforts such as dust, noise and the like. Ability to work off-hours and weekends as required.