Data Protection Officer
Devon House Developments Ltd.
- Kingston and St. Andrew
- Not disclosed
- Permanent full-time
- Updated 24/06/2024
- HRM
Data Protection Officer
JOB PURPOSE
Under the general supervision of the Executive Director, the Data Protection Officer (DPO) is to advise and provide guidance to Devon House Development Limited (DHDL) on a range of privacy, data protection and technology related regulatory and compliance matters.
The DPO is responsible for monitoring internal compliance, informing and advising the DHDL on data protection obligations, providing advice regarding Data Protection Impact Assessments (DPIAs) and acting as a contact point for data subjects and the Office of the Information Commissioner.
The DPO will support the success of the DHDL through assisting with the introduction and the implementation of its privacy programme. Both legal knowledge and technical fluency are highly desired as this role will work closely with staff across all areas of the portfolio.
KEY OUTPUTS
- DHDL’s Data Protection Policy and Guidelines are implemented and adhered to throughout the organization.
- Staff informed and educated on their data protection obligations and correct data use and compliance.
- Data compliance audits conducted.
- Mechanisms implemented to monitor DHSL’s ongoing ability to remain data compliant.
- Liaison between DHDL and Office of the Information Commissioner (OIC) maintained.
- Records of data processing activities maintained.
- Records managed based on data protection standards.
- Breaches of the Data Protection Act are addressed.
- Queries handled.
- Reports submitted.
KEY RESPONSIBILTY AREAS
Administrative and Technical Responsibilities
- Ensures that DHDL’s processes personal data in compliance with the data protection standards and in compliance with the Act and good practice.
- Provides overall management for the research, development, and implementation of Data Protection policies and procedures for DHDL.
- Researches, designs, and implements Data Protection Governance Frameworks and strategies to manage the use of personal data in compliance with the requisite standards and guidelines
- Consults with the OIC to resolve any doubt about how the provisions of the Act and any regulations made under it are to be applied.
- Ensures that any contravention of the data protection standards or any provisions of the Act by DHDL is dealt with.
- Co-ordinates the efforts of DHDL in the implementation of essential elements of the applicable data protection regulation, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, security of processing, and notification and communication of data breaches.
- Manages systems that ensure appropriate assignment of responsibilities in relation to the management of data and information and the processing and protection of personal data.
- Provides strategic legal and regulatory guidance to senior management and other divisions on privacy and data protection issues, law and trends.
- Performs or oversees initial and periodic privacy impact assessment, risk analyses, mitigation and remediation.
- Ensures that data controllers and data subjects are informed about their data protection rights, obligations and responsibilities and raises awareness about them.
- Oversees the maintenance of records required to demonstrate data protection compliance.
- Supports a programme of awareness-raising and training to deliver compliance and to foster a data privacy culture.
- Provides advice and recommendations to the DHDL about the interpretation or application of the data protection rules.
- Handles queries or complaints on request by DHDL, the data controller, other person(s), or on their own initiative.
- Cooperates with the OIC (responding to requests about investigations, complaint handling, inspections conducted by the OIC, etc.).
- Draws the organization’s attention to any failure to comply with the applicable data protection rules and Policy.
- Supports the data incident response and data breach notification procedures.
- Prepares and submits routine and special reports, as required.
- Provides expert advice and educates employees on important data compliance requirements.
- Drafts new and amends existing internal data protection policies, guidelines, and procedures, in consultation with key stakeholders.
- Delivers training across all Divisions and Units to staff members who are involved in data handling or processing.
- Participates in meetings, seminars, workshops and conferences as required.
- Performs any other related duties that may be assigned from time to time.
KEY INTERFACES
Internal | Purpose | |
Executive Director | Receive directives & work assignments. Requests for information and dissemination of information pertinent mainly to ensuring ongoing compliance with policies, guidelines and the Act. | |
Head of Public Bodies, Divisional Heads, Managers and Supervisors
| Requests for information and dissemination of information pertinent mainly to ensuring ongoing compliance with policies, guidelines and the Act. |
General Staff | Requests for information and dissemination of information pertinent mainly to ensuring ongoing compliance with policies, guidelines and the Act. |
Chief Information Officer and ICT personnel | Technical support ( as the need arise) |
External | Purpose |
Office of the Information Commissioner | Obtain and share information relating to the administration of the act. |
Auditors, Clients, Shareholders, Consultants etc. | Requests for information, responses, compiled and dispatched |
Regional/International partners, regulators, technical compliance trainers. | Participation in any local, regional and international conferences, specialized training and knowledge sharing fora. |
PERFORMANCE STANDARDS
- Sound and timely advice provided.
- Queries/information requests processed in agreed standards and timeframes.
- Records of all data processing activities are maintained in accordance with established standards.
- DHDL’s Data Protection Policy is implemented and adhered to throughout the Ministry.
- Guidelines and Policy for all members of staff are created and adhered to.
- Staff are educated and informed of their data protection obligations and correct data use and compliance in the required timeline.
- Legislative advice on all matters relating to the Data Protection and privacy provided is grounded in legal research and delivered in a timely manner.
- Data compliance audits are conducted regularly to maximize data safety, ensure compliance, and address potential issues.
- Mechanisms to ensure DHDL remains data compliant are implemented monitored consistently.
- The Government’s monitoring, evaluation and reporting framework is well supported.
- Policy recommendations and briefs or position papers on technical matters are appropriately prepared and submitted within the required timeframe.
- Reports are comprehensive, accurate and submitted within the required timeframe.
- Systems and standards are developed in a timely manner and adequate controls and tracking systems are in place to monitor their effectiveness.
- Operational policies and procedures are documented, kept current and accessible to all who are required to be apprised.
- Confidentiality, integrity, and professionalism displayed in the delivery of duties and interaction with staff.
- Mutual respect is displayed in the work environment at all time.
REQUIRED COMPETENCIES
Core | Level | Technical/Functional | Level |
Oral communication | 4 | Initiative | 4 |
Written communication | 4 | Knowledge of modern business practices and office procedures | 4 |
Planning and Organizing Skills | 3 | Understanding of research methods and techniques | 3 |
Good Judgement and Decision-Making Skills | 3 | Proficiency in the use of computer applications | 4 |
Customer and Quality-focused skills | 4 | Knowledge and understanding of the Data Protection Act | 4 |
Analytical and problem-solving skills | 4 | Experience in managing data incidences and breaches | 4 |
Compliance | 4 | Knowledge of cybersecurity risks and information security standards | 4 |
Integrity | 4 |
|
|
Adaptability | 3 |
|
|
MINIMUM REQUIRED EDUCATION AND EXPERIENCE
- Bachelor of Law Degree, IT Security, Audit or similar background.
- Minimum three (3) years’ experience in law, audit and/or risk management, compliance, or equivalent experience.
- Demonstrable experience, knowledge and/or in-depth understanding of data privacy legislation (in particular General Data Protection Regulations (GDPR).
- Experience or specialized training in records and information management systems.
- At least one Data Protection and/or Privacy certification such as, Certified Information Privacy Professional (CIPP), Certified Information Privacy Technologist (CIPT), Information Systems Examinations Board ISEB, etc., (preferred).
WORKING ENVIRONMENT
- Twenty percent of the time spent traveling to conduct research, submit reports and file documents related to data compliance.
AUTHORITY
The DPO has the authority to investigate and have immediate access to all personal data and data processing operations and to perform his/her duties independently.
Specifically, the Data Protection Officer must:
- Handle queries or complaints on request by DHDL, the controller, other persons, or on his/her initiative.
- Ensures that any other tasks or duties assigned to the DPO do not result in a conflict of interest with his/her role as a DPO.
ACCOUNTABILITY
In your position of Data Protection Officer, you are accountable to your direct supervisor who has the authority to delegate duties and responsibilities to you in accordance with the policies and procedures of DHDL.
