Data Protection Officer

<!–

Description

–>

• Guide and recommend actions to UNHCR’s Personal Data Controllers and Data Protection Focal points in regional bureaux and country operations, and counterparts in states, partners and other relevant stakeholders, on a wide range of data protection issues, in accordance with UNHCR personal data protection and privacy framework.
• Provide expert advice to country operations in monitoring the development of domestic data protection legal frameworks that may impact UNHCR operations and contribute to the development of situation- or country-specific guidance.
• Advise and guide sections and divisions of headquarters on data protection requirements, in particular in the context of implementing enterprise systems (e.g. proGres, BIMS, etc.) and innovation projects with potential implications for the protection of data of people forced to flee and stateless persons.
• Draft legal positions on data protection matters, in collaboration with Legal Affairs Service (LAS).
• Develop advisories, formal opinions and interpretations on personal data protection and privacy.
• Undertake expert review and clearance of data sharing arrangements.  
• Examine incidences of non-compliance with UNHCR’s personal data protection and privacy framework and relay these to the appropriate oversight mechanism(s).  
• Consolidate and promote best practices across UNHCR by sharing these examples in data protection groups, training fora.
• Develop and provide training to UNHCR staff and partners on UNHCR’s data protection frameworks, as well as its Operational Guidelines.
• Maintain inventories of information provided by Data Controllers and Data Protection Focal Points, including Data Transfer Agreements, specific instances of data sharing with third parties, Data Protection Impact Assessments, data breach notifications, and complaints by data subjects.
• Draft internal and external reports with concluding observations on the Organization’s compliance with its personal data protection and privacy framework.
• Stay updated on data protection trends, laws, and industry standards.
• Foster a positive and inclusive work environment and create an environment of trust, respect, and open communication.
• Support the identification and management of risks and seek to seize opportunities impacting objectives in the area of responsibility. Ensure decision making in risk based in the functional area of work. Raise risks, issues and concerns to a supervisor or to relevant functional colleague(s).
• Perform other related duties as required.

• Years of Experience / Degree Level
• For P3/NOC – 6 years relevant experience with Undergraduate degree; or 5 years relevant experience with Graduate degree; or 4 years relevant experience with Doctorate degree

• Law;                 Human Rights;            International Law;
• Political Science;         Social Science;               or other relevant field.

• ECPC-HA Professional DPO in Humanitarian Action
• Certified Information Privacy Practitioner (CIPP)
• Certified Information Privacy Manager (CIPM)

• Experience working on data protection and/or privacy issues in the humanitarian or other sectors. Demonstrated experience with data sharing scenarios and agreements, data protection impact assessments, and development of data protection guidance.  Experience in the process of embedding data protection requirements into development of systems or processes. Experience in presenting/discussing data protection matters in data protection conferences/forums. Field experience. Experience in planning, programming, strategic planning, project development, budgeting and resource mobilization. Demonstrated experience in leadership position(s) in the context of partnership building and consensual decision-making. Experience in working with partners, including host and donor governments, humanitarian, and development partners.

• LE-Legal advisory for operations and divisions related to data protection; 
• LE-Assessment and application of principles of data protection law; 
• LE-Data protection implications assessment for policies and operations; 
• LE-Data protection laws and mechanisms at the national or regional level (e.g. EU GDPR); 
• LE-Drafting & development of data protection policies & guidelines based on best practices; 
• MG-Policy Compliance Monitoring; 
• DM-Data security management

• For International Professional and Field Service jobs: Knowledge of English and UN working language of the duty station if not English.

<!—

<!–

–>