Data Protection Compliance Specialist Grade Vii

Job Title and Grade: Data Protection Compliance Specialist – Grade VII

Department: National Data Protection

Taking up Appointment: A start date will be indicated at job offer stage.

Dublin 8. This job will be hybrid.

Details of Service The HSE National Data Protection Office is one of the functions within the OPI division. The Data Protection Act 2018 (Act) (No 7 of 2018) was enacted on 24 May 2018 and established the Data Protection Commission and gave further effect to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data. The Regulation is commonly known as the General Data Protection Regulation (GDPR). The holder of the post is the Designated Data Protection Officer (DPO) under legislation.

The HSE is both a Data Controller and a Data Processor under the Regulation. They will be the primary point of contact for HSE staff, service users and suppliers in relation to personal data and will take an independent view on all matters relating to data protection across the HSE.

Key Working Relationships The VII Data Protection Compliance Specialist will work closely and collaboratively with:

HSE Services Nationally Members of the public and HSE staff who may contact the DPO office or Data Notification Service in relation to the May 2021 Cyber Attack and other data protection queries Other government departments and organisations who are working with the HSE on programmes of work who seek data protection advice Purpose of the Post The Grade VII Operational Compliance and Improvement will be a key member of the DPO Team leading on assigned programmes, specifically the Data Notification Service which is dealing with responding to those individuals notified as a result of the May 2021 Cyber Attack on the HSE. The role holder will also take an active role in the implementation of Privacy Engine across the HSE and its affiliate organisations, whilst constantly seeking quality improvement across all HSE National Data Protection Office capabilities including but not limited to RoPA, DSARs and DPIA.

Principal Duties and Responsibilities The position of Grade VII encompasses both managerial and administrative responsibilities which include the following:

Supporting and coordinating the full life cycle of Data Subject Access Requests (DSARS) for the Data Notification Service Work towards full compliance in line with HSE data protection policy and GDPR legislation in the management of all DSAR requests related to the May 2021 Cyber Attack Understanding, adhering to, and following all standard operating procedure relating to Data Notification Service Managing complex data protection queries and complaints related to the May 2021 Cyber Attack Produce reports and data updates on the work related to the Data Notification Service Support the delivery of Privacy Engine in the HSE. This service supports the management of SARs, Data Breach reporting as well as a repository for DPIAs, DSA and RoPAs Assist the DPO in the management and delivery of the Privacy Engine across the HSE including but not limited to; embedding and improving the processes and business unit understanding and engagement of Records of Processing Activities (RoPA), Data Privacy Impact Assessments (DPIAs), Data Sharing Agreements (DSAs), Breach Management, Data Subject Rights Requests e.g. SARs and Personal Data Inventory processes. Provide SME input to review and challenge Records of Processing Activities completed and submitted by the various HSE organisations functions to ensure they meet appropriate quality guidelines. Provide SME input to review and challenge Data Privacy Impact Assessments completed and submitted by the various HSE organisations functions to ensure they meet appropriate quality guidelines. Provide SME input to review and challenge Data Sharing Agreements completed and submitted by the various HSE organisations functions to ensure they meet appropriate quality guidelines. Eligibility Criteria Qualifications and/or experience Eligible applicants will be those who on the closing date for the competition:

Have satisfactory experience in an office under the HSE, TUSLA, other statutory health agencies, or a body which provides services on behalf of the HSE under Section 38 of the Health Act 2004 at a level not lower than that of Grade IV (or equivalent) Have not less than two years satisfactory experience either in that office or in an office at a level not lower than that of Clerical Officer in the HSE, TUSLA, other statutory health agencies, or a body which provides services on behalf of the HSE under Section 38 of the Health Act 2004 Possess the requisite knowledge and ability, including a high standard of suitability, for the proper discharge of the office. Health A candidate for and any person holding the office must be fully competent and capable of undertaking the duties attached to the office and be in a state of health such as would indicate a reasonable prospect of ability to render regular and efficient service.

Character Each candidate for and any person holding the office must be of good character.

Post Specific Requirements Working knowledge of the laws, regulations and the practice relating to the protection of personal data specified in Data Protection Acts and GDPR. At least 3 years' experience in a comparable role ideally within a regulatory or public sector organisation. Proven experience of staff management, including leadership of teams and prudent use of resources. Other requirements specific to the post Access to appropriate transport to fulfil the requirements of the role. Skills, competencies and/or knowledge Demonstrates knowledge and experience relevant to the role as per the duties & responsibilities, eligibility criteria and post specific requirements of the role Maximises the use of ICT, demonstrating excellent computer skills particularly Microsoft Office, Outlook etc. Demonstrate the ability to work in line with relevant policies and procedures Demonstrate commitment to developing own professional knowledge and expertise Commitment to a Quality Service Demonstrates evidence of practicing and promoting a strong focus on delivering high quality customer service for internal and external customers and an awareness and appreciation of the service user Ensure attention to detail and a consistent adherence to procedures and standards within area of responsibility Embraces and promotes the change agenda, supporting others through change Demonstrate flexibility and initiative during challenging times and an ability to persevere despite setbacks Communications & Interpersonal Skills Demonstrates excellent communication and interpersonal skills including the ability to present complex information in a clear, concise and confident manner (written & verbal). Strong presentation skills Demonstrate the ability to influence people and events and the ability to build and maintain relationships with a variety of stakeholders, working collaboratively within a multi stakeholder environment Demonstrate commitment to regular two-way communication across functions and levels, ensuring that messages are clearly understood Campaign Specific Selection Process A ranking and or shortlisting exercise may be carried out on the basis of information supplied in your application form. The criteria for ranking and or shortlisting are based on the requirements of the post as outlined in the eligibility criteria and skills, competencies and/or knowledge section of this job specification. Therefore, it is very important that you think about your experience in light of those requirements.

Failure to include information regarding these requirements may result in you not being called forward to the next stage of the selection process.

Those successful at the ranking stage of this process (where applied) will be placed on an order of merit and will be called to interview in 'bands' depending on the service needs of the organisation.

Code of Practice The Health Service Executive will run this campaign in compliance with the Code of Practice prepared by the Commission for Public Service Appointments (CPSA). The Code of Practice sets out how the core principles of probity, merit, equity and fairness might be applied on a principle basis. The Code also specifies the responsibilities placed on candidates, facilities for feedback to applicants on matters relating to their application when requested, and outlines procedures in relation to requests for a review of the recruitment and selection process and review in relation to allegations of a breach of the Code of Practice. Additional information on the HSE's review process is available in the document posted with each vacancy entitled "Code of Practice, Information for Candidates".

The reform programme outlined for the Health Services may impact on this role and as structures change the job specification may be reviewed.

This job specification is a guide to the general range of duties assigned to the post holder. It is intended to be neither definitive nor restrictive and is subject to periodic review with the employee concerned.

Should the role be of interest to you please apply in with your current CV.

#J-18808-Ljbffr