Data Protection Officer

The Data Protection Officer (DPO) in keeping with Section 20 of the Data Protection Act is responsible for ensuring that the organization complies with data protection laws and regulations

Job Scope

The Data Protection Officer (DPO) in keeping with Section 20 of the Data Protection Act is responsible for ensuring that the organization complies with data protection laws and regulations. The DPO is the primary point of contact for all internal and external data protection activities, including monitoring compliance, providing advice and guidance on data protection matters, and conducting audits and assessments.

Key Responsibilities

The incumbent is expected to perform duties that are necessary to effectively carry out their role.  These include but are not limited to the following:

• Develop and ensure the implementation of measures, policies, guidelines, and a privacy governance framework to manage data use in compliance with the Data Protection Act and Regulations (DPAR), including developing templates for data collection, assisting with data mapping, and vendor management reviews.
• Ensure that the rights of the data subject are maintained in accordance with the Data Protection Act and Regulations,
• Work with key internal stakeholders in the review of projects and related data to ensure compliance with local data privacy laws, and where necessary, complete and advise on privacy impact assessments.
• Manage and conduct ongoing reviews of JAMPRO’s privacy governance framework [including Binding Corporate Rules (BCR)]
• Serve as the primary point of contact and liaison for the President and other Data Protection Authorities including the Data Protection Commissioner’s Office on all data protection related matters under the DPAR.
• Serve as the company’s representative when collaborating with international agencies, GOJ officials, MDAs local or international stakeholders. Attends meetings, overseas missions, conferences, seminars, committees, and public awareness activities in relation to the functions of the Data Protection Officer,
• Develop and propose the best internal and external best practices to the Executive and Board of Directors to provide the highest quality of data protection guidance available,
• Report any breach of personal data to the Chief Executive Officer and or any authorized person so designated
• Report any breach of personal data to the Office of the Information Commissioner,
• Review vendor contracts (including Model Clauses) and consents needed to implement projects in partnership with the Corporation’s relevant internal personnel and ensuring filing requirements with local regulators are achieved.
• Participate in any Data Privacy / Information Governance committee or working group set up by the Data Protection Commission’s office.
• Monitor changes to local privacy laws and make recommendations to the Data Protection Commissioner’s Office when appropriate.
• Set standards and review global policies and procedures that meet the requirements under the DPAR and determine how they may apply
• Coordinate and conduct data privacy audits and impact assessments to ensure compliance with data protection requirements.
• Develop strategies and initiatives to ensure engagement with key internal and external stakeholders.
• Develop and deliver relevant data protection training to staff in various business functions/ divisions and collaborate with the relevant internal personnel to raise employee awareness of data privacy and security issues and providing training on the subject matter.
• Collaborate with the relevant internal personnel to maintain records of all data assets and exports and maintaining a data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and
• Respond to data protection-related inquiries and requests, both internally and externally.
• Act as the point of contact for data protection authorities and handle any inquiries or investigations.
• Provide advice and guidance to internal stakeholders on data protection issues.
• Work closely with the IT department to ensure the implementation of appropriate technical and organizational measures to protect personal data.
• Collaborate with external partners and vendors to ensure compliance with data protection requirements.
• Keep up to date with developments in global data protection laws and regulations and provide recommendations for necessary changes.
• Prepare and submit regular reports on data protection activities, including compliance status and any incidents or breaches.

Qualifications, Experience and Key Competencies

• Bachelor's degree in a relevant field, such as Law, Information Technology, Audit, Data Management or a similar background
• Previous experience as a Data Protection Officer or in a similar role.
• In-depth knowledge of data protection laws and regulations, including General Data Protection Regulations (GDPR) and local data protection laws.
• Strong understanding of IT systems and security measures.
• Certification in at least one Data Protection and/or Privacy certification such as CIPP, CIPT, ISEB, etc., (preferred).
• Sound Understanding of Data Protection Act
• Excellent leadership and coordination skills
• Ability to develop and maintain excellent rapport with team members and clients and inspire confidence and trust.
• Good project management and time management skills
• Sound and logical approach to problem-solving and task analysis
• Excellent oral and written communication and interpersonal skills, with the ability to liaise with both technical and non-technical stakeholders
• Good networking skills
• Sound understanding of the Jamaican economy and key socio-economic indicators
• High attention to detail and strong analytical skills.
• Ability to work independently and make decisions in a fast-paced environment.

Qualified applicants are invited to submit letter and résumé by May 7, 2024 addressed to:

Manager, Human Resources