Data Protection and Privacy Specialist

<!–

Description

–>

The incumbent will work closely with a data protection specialist for legal and governance matters and a data protection specialist working at the intersection of data protection, technology, and cybersecurity. The data protection programme is overseen by the Data Protection and Privacy Manager (Data Protection Programme Lead).

Together, this group will, in addition to the design and roll-out of the data protection programme, provide technical support to offices and divisions with respect to all data protection matters raised by country office colleagues. Engagement with UNICEF country and regional offices is a core component of this role, including alignment with other relevant HQ functions providing support to the field.

The incumbent will be supported by the wider Data Governance and Strategy unit, working on data capacity building, a data strategy and data governance for UNICEF, and advocacy for data governance fit for children in our work with partners and beyond including in the cross-sectoral integration of country administrative data and information management systems.

The data protection specialist will have the following key functions, tasks and accountabilities:

• Support the global mapping of personal data processing activities in the so-called Record of Processing Activities (ROPA) with the goal to give COs and senior management an overview over data processing activities, incl. high-risk, improving Heads of Offices’ compliance, risk-management, and decision-making, and allowing CDO to target their support. This will involve
• the integration of the ROPA with existing business processes,
• the review and improvement, if necessary, of the training and guidance produced for the field to implement the ROPA and how to use it,
• to set-up ad hoc implementation support to the field, if necessary, and
• the analysis of the outcomes from the ROPA.
• Develops capacity building initiatives, including training, awareness-raising and community building with the goal to ensure a cultural transformation in UNICEF on the handling of personal data and individuals’ privacy rights. This will involve, in close collaboration with DAPM and the other CDO team members,
• the set-up of specialized training for the data protection network
• the development of mandatory training for all staff
• the development of an awareness and communications strategy to ensure a cultural transformation with data privacy at its heart
• Support the development of procedures, guidance and tools by the CDO from a field perspective and support the roll-out to the field. This will involve, inter alia,
• the review of procedures and guidance on data protection impact assessments, on third party risk assessments, and on personal data retention, and others
• the review and roll-out of the data protection handbook,
• guidance notes on frequent support requests, as privacy by design and default, secure sharing/anonymization/destruction of personal data, AI and privacy, and other as identified through interactions with the field and with the data protection network (see under 6).
• Integrate data protection into UNICEF’s regulatory framework and relevant guidance relating to children and other beneficiaries, with the goal to ensure a smooth integration of data protection into existing processes, such as
• the programme implementation procedure and manual, and
• the emergency procedure and manual,
• sector-specific policies, procedures and guidelines,
• technology architecture review processes, such as the PPM.
• and support the roll-out of those documents to the field, including with relevant guidance material and training.
• Support data protection risk-management in the field, with the goal to ensure that data processing risks are clearly outlined, categorized, understood, and managed namely
• review/improve risk management training and guidance materials,
• support and monitor the roll-out of risk management platforms,
• set-up additional support structures, if needed, and
• ensure that country offices learn from/can make use of DPIAs/vendor risk assessments of (digitally enabled) programmes conducted in other offices/regions.
• Coordinate the set-up and collaboration with the data protection network with the goal to create a reliable, effective and enthusiastic support system for the field, namely
• review current TOR and agenda, improve/specify current approach, organize kick off-meeting
• coordinate recurrent meetings with a goal to structure recurring questions and provide efficient and effective support.
• Together with the data protection network and other stakeholders as applicable, provide technical support to offices and divisions, including through the Evidence Help Desk, such as relating to
• Responsible data sharing
• Privacy compliance of projects, incl. digitally enabled projects,
• Data protection impact assessments
• Requests from data subjects, etc.

To qualify as an advocate for every child you will have…

Education: 

• Master’s degree in international relations and/or development, international law, data protection and privacy law, or other related field
• Data protection certifications are an asset
• A first level university degree combined with an additional two years of professional experience may be accepted in lieu of an advanced university degree.

Work Experience:

• At least 5 years of working experience in personal data protection and privacy with a strong expertise in data protection field matters, including in digitally enabled programmes, risk management, training and global data mapping / record of processing activities
• Prior experience working with a multilateral or UN organization, and in particular in/with country offices and beneficiaries
• Good understanding of national and international data protection laws, such as GDPR
• Good understanding of the privacy challenges of technologies, including novel technologies such as artificial intelligence, big data and data protection and privacy and trends in reconciling them
• Good understanding of the data protection challenges of humanitarian and development operations
• Proficiency in developing practical and easily understandable and implementable advice on complex technical matters to field audiences.
• Competent in advanced Excel, Word, data analytics and data visualization, including digital data flow.
• Demonstrated strong writing and presentation skills, particularly for country office audiences.
• Strong analytical skills, attention to detail.
• Advanced communication skills, including ability to translate business needs into technical requirements and translate complex concepts in a simple manner for a non-technical audience is highly desirable.
• Project management skills including task prioritization, workflow coordination, and results-driven strategies is desirable.
• Excellent organizational skills and ability to prioritize and manage multiple tasks.
• Experience developing learning initiatives and guidance, managing and engaging communities/networks

Skills:

• A strong team player with the ability to engage and motivate stakeholders.
• A good listener and excellent communicator, written and verbal communication, with a keen interest in bringing along others with diverse backgrounds and interests.
• Ability to connect with and mobilize support across levels, from leadership to specialists.
• Curiosity, resilience, and optimism

Language Requirements:

• Fluency in English is required. Knowledge of another UN language is an asset.

Source: https://jobs.unicef.org/cw/en-us/job/574252

<!—

<!–

–>