Data Protection Officer

The DPO is also responsible for monitoring in an independent manner, internal compliance with the provision of the Data Protection Act, informing and advising the Agency on data protection obligations and providing advice regarding Data Protection Impact Assessments (DPIAs).

CAREER OPPORTUNITY 

An Agency of the Office of the Cabinet, Government of Jamaica

Building Capability for Public Service Excellence

  The MIND seeks to identify a suitably qualified and competent 

DATA PROTECTION OFFICER   ( Grade 7) 

TOTAL Compensation : J$4,266,270  per annum

The Management Institute for National Development (MIND) is the Government of Jamaica’s training institute, with the mandate “to provide effective leadership development and management training appropriate to all levels, and in line with the demands of a modern and competitive public service”.

Job Purpose 

Under the general supervision of the Chief Executive officer, the Data Protection Officer (DPO) is to advise and provide guidance to MIND on a range of privacy, data protection and related regulatory and compliance matters. The DPO will develop, implement, and oversee policies, processes, and training programmes to promote data privacy and ensure the secure handling of personal information within the Agency.  This individual will act as liaison between MIND and the Office of the Information Commissioner, as well as stakeholders whose data is processed by MIND. The DPO will ensure the Agency’s compliance with the Data Protection Act (DPA), 2020 and other applicable data protection regulations.

The DPO is also responsible for monitoring in an independent manner, internal compliance with the provision of the Data Protection Act, informing and advising the Agency on data protection obligations and providing advice regarding Data Protection Impact Assessments (DPIAs).

The DPO will support the success of the Agency through assisting with the introduction and the implementation of its privacy programme.

RESPONSIBILITIES

1.1             Compliance and Oversight

• Monitor the Agency’s compliance with the Data Protection Act, 2020 and other data protection regulations.
• Conduct regular audits to assess and improve data protection practices.
• Develop and maintain policies, procedures and standards for data protection and privacy.
• Ensure that the Agency processes personal data in compliance with the Data protection standards and in compliance with the Data Protection Act and good practice.
• Ensure that any contravention of the data protection standards or any provisions of the Data Protection Act, 2020 by the Agency is dealt with in accordance with the provisions of the Data Protection Act.
• Notify the Agency of any contravention of the data protection standards or any provisions of the Data Protection Act.
• Monitor changes to local privacy laws and make recommendations where necessary.
• Conduct Data Protection Impact Assessments (DPIAs) for new projects and initiatives involving personal data.

 1.2             Training and Awareness

• Develop and deliver training programmes to ensure staff awareness and understanding of data protection obligations.
• Promote a culture of data protection compliance throughout the organization.
• Make recommendations for the appropriate organizational and technical measures to ensure the security of personal data.

 1.3             Policy Development and Implementation

• Develop data protection policies, procedures and privacy notices.
• Develop protocols for managing personal data breaches and ensuring timely reporting to the Office of the Information Commissioner.
• Assist the Agency with the development of internal policies and procedures related to the processing of personal data.

 1.4             Advisory and Liaison

• Serve as the point of contact for the Office of the Information Commissioner and other regulatory authorities.
• Provide advice and guidance to management on data protection risks and obligations.
• Respond to inquiries and complaints regarding data protection from stakeholders and the public.
• Consult with the Office of the Information Commission (OIC) to resolve any doubt about the provisions of the Data Protection Act and any regulations made thereunder that are to be applied.
• Report any contravention of the data protection standards or any provisions of the Data Protection Act to the Office of the Information Commissioner.
• Assist data subjects in the exercise of their rights under the Data Protection Act, in relation to the Agency.
• Act as the primary contact point for the Office of the Information Commissioner on issues relating to the processing of data, and to consult, where appropriate, with regard to any other matters.

 1.5             Risk Management

• Facilitate and encourage transparent discussions of risks among employees as a part of the values, behaviours and norms that define the culture of the Agency;
• Identify and assess risks to the achievement of performance objectives in line with the Agency’s Risk Management Policy and related procedures and capture in an annual Branch Risk Register;
• Identify and implement strategies to mitigate risks related to data processing activities.
• Own and manage risks and controls on a day-to-day basis, by monitoring ongoing risk exposure through continual environmental scanning and monitoring of effectiveness of controls;
• Identify, monitor and escalate high priority issues, including emerging risks, to Executive Management and update Branch’s Risk Register accordingly; and
• Report on risk management policies, standards and processes that are not consistent with the entity’s needs.

 1.6             Record Keeping and Reporting

• Maintain records of data processing activities in accordance with legal requirements.
• Prepare reports and recommendations for management on data protection and compliance.

Minimum Qualifications and Experience

• Undergraduate Degree in Law, Compliance, IT Security, Audit or similar background.
• At least one Data Protection and/or Privacy certification such as, CIPP, CIPT, ISEB, etc., (preferred).
• At least 3 years’ experience in law, audit and/or risk management, compliance, or equivalent experience.
• Sound knowledge of the Data Protection Act and other applicable data protection policies

  Special Skills Requirements

• Knowledge of the Data Protection Act, and all other applicable Acts/ Legislation and policies that govern data protection and the operation of the Agency and the discharge of the Agency’s mandates
• Proven ability to work in a high pressure environment with multiple tasks, changing priorities, and changing resources.

 Interested applicants are invited to submit their resume via the CJ PORTAL addressed to :

Director, Finance-HRM Admin 

We thank all interested applicants, however only shortlisted canddiates will be acknowledged