Privacy Officer

General:

You will join a multidisciplinary team of professionals in a challenging but friendly environment. The school community is international, which means both the educational programme and all business communication are done in English. Hotelschool The Hague has developed an excellent reputation over 90 years; the result of the structured & innovative educational programme and the experience and quality of our staff, instructors, and lecturers.

Department:

Within Hotelschool The Hague (HTH), the Privacy, Safety and Information Security team provides support in the areas of Privacy, Security and integral safety. Organisational, the team is part of the Facility and Real Estate department, where facility security/BHV is organized.

The Privacy Officer, like the Chief Information Security Officer (CISO), Information Security Officer (ISO) and manager of Integral Security, is part of this team and reports to the manager of Facility and Real Estate. The functional reporting line is to a member of the Board of Directors (BoD).

Job description:

The privacy officer is the ‘spider in the web’ in ensuring privacy within HTH and fulfils an important role from the second line in further developing and strengthening privacy-aware actions within education, research and support services. The privacy officer contributes to achieving the objectives of HTH’s privacy policy. Where the Data Protection Officer (FG – Functionaris Gegevensbescherming) ensures that HTH handles personal data processed by the school lawfully and carefully, the Privacy Officer develops privacy policy and further translates it into supporting guidelines, processes, communication, and information provision. The Privacy Officer advises on the implementation of the tasks required for GDPR (AVG) and the resulting measures. The Privacy Officer does this in close cooperation with the FG and the CISO, responsible for information security.

Core responsibilities:

• Develops privacy policy and is key contact person for it and further translates it into supporting guidelines, internal processes, communication, and information provision.
• Describes processes and procedures such as Data Protection Impact Assessment (DPIA), protocol (mandatory notification) data breaches, Privacy by Design, Rights of Data Subjects and the creation of Processor Agreements.
• Manages the Processing Register based on personal data processing operations within its own organisational unit inventoried by the managers and monitors the quality of the register, monitors, and periodically reports privacy risks to the BoD and advises management on privacy issues, solicited and unsolicited.

Tasks supervision and control:

• Is the central point of contact within HTH for privacy-related issues.
• Handles questions, reports, complaints, or incidents regarding the use of personal data. Is point of contact for members of the Management Team, research and support services and directs/coordinates the tools and communication to be deployed and monitors the effective fulfilment of the role and the quality of the advice.
• Advises on privacy issues.
• Advises on and assists in conducting DPIAs.
• Analyses privacy incidents in cooperation with the FG and CISO, coordinates, advises, and informs data subjects on data breaches and maintains the data breach register.
• Handles requests from data subjects in the context of exercising data subjects’ rights (right to inspection, correction, deletion, data transfer and restriction).
• Advises on and assesses the drafting of (model) processor agreements, privacy declarations and other privacy-related documents.
• Takes care of the PDCA cycle from the Privacy management system.
• Analyses the PDCA cycle and functionally reports to BoD and the FG about the progress and effectiveness.
• Takes care of (substantive) organisation, steering and monitoring of policy processes (in cooperation with stakeholders) and monitors the progress of such processes; in this context, monitors progress, identifies problems/bottlenecks, takes care of solutions, and acts as a contact person.
• Advises on and makes improvement proposals arising from the PDCA cycle.
• Together with the FG, takes care of the development and implementation of awareness programmes.
• Identifies developments and trends in the field of privacy.
• Forms a team with the CISO, ISO and manager integral security and works together from one shared structure/tool and approach.
• Participates in various specific consultation structures and communities for the purpose of knowledge exchange and mutual coordination with privacy officers (e.g., SURF, SCIPR, HBO-FGs/POs).
• Directs Roadmap (implementation of the (Surf) Privacy assessment framework) with the objective of achieving privacy maturity level 3.
• Maintains the privacy framework.
• Distributes work within the project and oversees implementation.
• Monitors progress of the Privacy assessment framework Plan of Approach, coordinates with stakeholders and ensures communication.
• Prepares (progress) reports for the BoD.