Data Protection Compliance Specialist Grade Vii

Details of the offer

Job Title and Grade Data Protection Compliance Specialist – Grade VII
Department: National Data Protection
Taking up Appointment: A start date will be indicated at job offer stage.
Dublin 8. This job will be hybrid
Details of Service The HSE National Data Protection Office is one of the functions within the OPI division. The Data Protection Act 2018 (Act) (No 7 of 2018) was enacted on 24 May 2018 and established the Data Protection Commission and gave further effect to the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data. The Regulation is commonly known as the General Data Protection Regulation (GDPR). The holder of the post is the Designated Data Protection Officer (DPO) under legislation.
The HSE is both a Data Controller and a Data Processor under the Regulation. They will be the primary point of contact for HSE staff, service users and suppliers in relation to personal data and will take an independent view on all matters relating to data protection across the HSE.
In appointing a Data Protection Officer, the HSE must ensure that the data protection officer:
• Reports directly, in relation to functions under the Act to the highest level of management of the controller
• Does not receive any instructions regarding the exercise of such functions
• Involved in an appropriate and timely manner in all matters relating to the protection of personal data.
The HSE will support the Data Protection Officer in performing functions under the Act including by:
• Providing the resources required to perform those functions
• Ensuring access to processing operations carried out by the controller
• Assisting and maintain expert knowledge in the law and practice relating to the protection of personal data The DPO will act as the lead compliance advisor in the HSE in relation to protection and processing of personal data in order to protect the rights and freedoms of data subjects while meeting the duties and responsibilities of the data controller.
Reporting Relationship The post holder will report to appropriate designated Manager.
Key Working Relationships TheVII Data Protection Compliance Specialist will work closely and collaboratively with:
• HSE Services Nationally
• Members of the public and HSE staff who may contact the DPO office or Data Notification Service in relation to the May 2021 Cyber Attack and other data protection queries
• Other government departments and organisations who are working with the HSE on programmes of work who seek data protection advice
Purpose of the Post The Grade VII Operational Compliance and Improvement will be a key member of the DPO Team leading on assigned programmes, specifically the Data Notification Service which is dealing with responding to those individuals notified as a result of the May 2021 Cyber Attack on the HSE. The role holder will also take an active role in the implementation of Privacy Engine across the HSE and its affiliate organisations, whilst constantly seeking quality improvement across all HSE National Data Protection Office capabilities including but not limited to RoPA, DSARs and DPIA.
Principal Duties and Responsibilities
The position of Grade VII encompasses both managerial and administrative responsibilities which include the following:
Oversight/Monitoring and Assurance • Supporting and coordinating the full life cycle of Data Subject Access Requests (DSARS) for the Data Notification Service
• Work towards full compliance in line with HSE data protection policy and GDPR legislation in the management of all DSAR requests related to the May 2021 Cyber Attack
• Understanding, adhering to, and following all standard operating procedure relating to Data Notification Service
• Managing complex data protection queries and complaints related to the May 2021 Cyber Attack
• Produce reports and data updates on the work related to the Data Notification Service
• Support the delivery of Privacy Engine in the HSE. This service supports the management of SARs, Data Breach reporting as well as a repository for DPIAs, DSA and RoPAs
• Assist the DPO in the management and delivery of the Privacy Engine across the HSE including but not limited to; embedding and improving the processes and business unit understanding and engagement of Records of Processing Activities (RoPA), Data Privacy Impact Assessments (DPIAs), Data Sharing Agreements (DSAs), Breach Management, Data Subject Rights Requests e.g. SARs and Personal Data Inventory processes. • Provide SME input to review and challenge Records of Processing Activities completed and submitted by the various HSE organisations functions to ensure they meet appropriate quality guidelines.
• Provide SME input to review and challenge Data Privacy Impact Assessments completed and submitted by the various HSE organisations functions to ensure they meet appropriate quality guidelines.
• Provide SME input to review and challenge Data Sharing Agreements completed and submitted by the various HSE organisations functions to ensure they meet appropriate quality guidelines
Administration • Ensure the efficient management and administration of area of responsibility
• Execute assignments in accordance with agreed plans, budgets and deadlines
• Ensure deadlines are met and that service levels are maintained
• Prepare regular reports on the progress of work against the operational plan
• Provide accurate information to management in a timely manner, ensuring that administrative and financial records are readily available
• Inform management of ideas / solutions to maximise effective use of resources / improve service delivery
• Advise, promote and participate in the implementation of innovations in service delivery
• Participate in and lead project working groups, represent the HSE on committees as required
• Build and maintain relationships with key stakeholders to gather support for new initiatives
• Make decisions and solve problems in a timely manner and inform others of decisions that have implications for them, making sure team knows how to action them
• Gather information from a variety of sources to ensure decisions are in line local and national agreements
• Ensure regular two-way communication happens between line management and senior management
• Provide administrative support for meetings and attend as required
• Maximise the use of technology to advance the quality and efficiency of service provision
Human Resources / Supervision of Staff
• Supervise and enable other team members to carry out their responsibilities, ensuring appropriate delegation of responsibility and authority
• Review the conduct and completion of assignments of staff in accordance with the operational plan and expected quality standards
• Keep in touch with workloads of staff members to gauge levels of wellbeing and morale in the team
• Manage the performance of staff, dealing with underperformance in a timely and constructive manner
• Conduct regular staff meetings to keep staff informed and to hear views
• Create and promote a positive working environment among staff members, which contributes to maintaining and enhancing effective working relationships with other teams and disciplines
• Solve problems and ensure decisions are in line with local and national agreements
• Identify and agree training and development needs of team and design plan to meet needs
• Pursue and promote continuous professional development in order to develop leadership and management expertise and professional knowledge
Customer Service • Promote and maintain a customer focused environment by ensuring service users are treated with dignity and respect
• Seek feedback from service users / colleagues to evaluate service and implement change
• Deal with escalated service user issues and queries as appropriate, providing them with expert knowledge and resolutions in a timely manner
Human Resources / Supervision of Staff • Supervise and enable other team members to carry out their responsibilities, ensuring appropriate delegation of responsibility and authority
• Manage the performance of staff, dealing with underperformance in a timely and constructive manner
• Ensure an even distribution of workload amongst the team, taking into account absence due to annual leave, sick leave etc.
• Supervise and ensure the wellbeing of staff within own remit
• Conduct regular staff meetings to keep staff informed and to hear views
• Create and promote a positive working environment among staff members, which contributes to maintaining and enhancing effective working relationships with other teams and disciplines
• Identify and agree training and development needs of team and design plan to meet needs
• Pursue and promote continuous professional development in order to develop leadership and management expertise and professional knowledge
Service Delivery and Service Improvement • Promote and participate in the implementation and management of change
• Proactively identify inequities / inefficiencies in service administration and implement solutions to improve service delivery, in line with legislation and benchmarking against best practice structures
• Maintain a good understanding of internal and external factors that can affect service delivery including awareness of local and national issues that impact on own area of work
• Embrace change and adapt local work practices accordingly by finding practical ways to make policies work, ensuring team knows how to action changes
• Encourage and support staff through change processes
Frameworks and Policies
• Monitor the implementation of all relevant Data Protection Policy and Guidelines in relation to Privacy Risk.
• Review the effectiveness of relevant privacy risk management frameworks, policies, systems, processes and tools on an annual basis and embedding of these effectively with key stakeholders across the HSE.
• Ensure the above Frameworks and Tools facilitate the timely risk identification, assessment, mitigation, monitoring and reporting of Privacy Risk.
• Ensure that the Privacy Risk priorities are delivered in accordance with Risk Appetite.
• Provide insight into and support resolutions to existing and emerging privacy risks.
• Design and develop the Data Protection Policy, establishing business-wide principles and guidelines designed to mitigate privacy risks.
The above Job Specification is not intended to be a comprehensive list of all duties involved and consequently, the post holder may be required to perform other duties as appropriate to the post which may be assigned to him / her from time to time and to contribute to the development of the post while in office. Eligibility Criteria Qualifications and/ or experience Eligible applicants will be those who on the closing date for the competition: (a) Have satisfactory experience in an office under the HSE, TUSLA, other statutory health agencies, or a body which provides services on behalf of the HSE under Section 38 of the Health Act 2004 at a level not lower than that of Grade IV (or equivalent)
and
Have not less than two years satisfactory experience either in that office or in an office at a level not lower than that of Clerical Officer in the HSE, TUSLA, other statutory health agencies, or a body which provides services on behalf of the HSE under Section 38 of the Health Act 2004
and
(b) Candidates must possess the requisite knowledge and ability, including a high standard of suitability, for the proper discharge of the office.
Health A candidate for and any person holding the office must be fully competent and capable of undertaking the duties attached to the office and be in a state of health such as would indicate a reasonable prospect of ability to render regular and efficient service.
Character Each candidate for and any person holding the office must be of good character.
Post Specific Requirements (i) Working knowledge of the laws, regulations and the practice relating to the protection of personal data specified in Data Protection Acts and GDPR.
(ii) At least 3 years' experience in a comparable role ideally within a regulatory or public sector organisation.
(iii) Proven experience of staff management, including leadership of teams and prudent use of resources.
Other requirements specific to the post • Access to appropriate transport to fulfil the requirements of the role
Skills, competencies and/or knowledge Professional Knowledge & Experience For example:
• Demonstrates knowledge and experience relevant to the role as per the duties & responsibilities, eligibility criteria and post specific requirements of the role
• Maximises the use of ICT, demonstrating excellent computer skills particularly Microsoft Office, Outlook etc.
• Demonstrate the ability to work in line with relevant policies and procedures
• Demonstrate commitment to developing own professional knowledge and expertise
Planning and Managing Resources
For example:
• Demonstrate the ability to effectively plan and manage resources, effectively handle multiple projects concurrently, structuring and organising own workload and that of others effectively
• Demonstrate responsibility and accountability for the timely delivery of agreed objectives
• Challenges processes to improve efficiencies where appropriate, is committed to attaining value for money
Commitment to a Quality Service For example:
• Demonstrates evidence of practicing and promoting a strong focus on delivering high quality customer service for internal and external customers and an awareness and appreciation of the service user
• Ensure attention to detail and a consistent adherence to procedures and standards within area of responsibility
• Embraces and promotes the change agenda, supporting others through change
• Demonstrate flexibility and initiative during challenging times and an ability to persevere despite setbacks
Evaluating Information, Problem Solving & Decision Making For example:
• Demonstrate numeracy skills, an ability to analyse and evaluate information, considering a range of critical and complex factors in making effective decisions. Recognises when it is appropriate to refer decisions to a higher level of management
• Demonstrate initiative in the resolution of complex issues / problem solving and proactively develop new proposals and recommend solutions
• Ability to confidently explain the rationale behind decisions when faced with opposition
Team Working
For example:
• The ability to work both independently and collaboratively within a dynamic team and multi stakeholder environment
• Demonstrate an ability to work as part of the team in establishing a shared sense of purpose and unity across a number of teams delivering on different projects
• Demonstrate leadership; creating team spirit; leading by example, coaching and supporting individuals to facilitate high performance and staff development
• Demonstrate a commitment to promoting a culture of involvement and consultation within the team, welcoming contributions from others
Communications & Interpersonal Skills For example:
• Demonstrates excellent communication and interpersonal skills including the ability to present complex information in a clear, concise and confident manner (written & verbal). Strong presentation skills
• Demonstrate the ability to influence people and events and the ability to build and maintain relationships with a variety of stakeholders, working collaboratively within a multi stakeholder environment
• Demonstrate commitment to regular two-way communication across functions and levels, ensuring that messages are clearly understood
Campaign Specific Selection Process Ranking/Shortlisting / Interview A ranking and or shortlisting exercise may be carried out on the basis of information supplied in your application form.The criteria for ranking and or shortlisting are based on the requirements of the post as outlined in the eligibility criteria and skills, competencies and/or knowledge section of this job specification.Therefore, it is very important that you think about your experience in light of those requirements.
Failure to include information regarding these requirements may result in you not being called forward to the next stage of the selection process.
Those successful at the ranking stage of this process (where applied) will be placed on an order of merit and will be called to interview in 'bands' depending on the service needs of the organisation.
Code of Practice The Health Service Executive will run this campaign in compliance with the Code of Practice prepared by the Commission for Public Service Appointments (CPSA). The Code of Practice sets out how the core principles of probity, merit, equity and fairness might be applied on a principle basis. The Code also specifies the responsibilities placed on candidates, facilities for feedback to applicants on matters relating to their application when requested, and outlines procedures in relation to requests for a review of the recruitment and selection process and review in relation to allegations of a breach of the Code of Practice.Additional information on the HSE's review process is available in the document posted with each vacancy entitled "Code of Practice, Information for Candidates".
Codes of practice are published by the CPSA and are available on https://www.hse.ie/eng/staff/jobs in the document posted with each vacancy entitled "Code of Practice, Information for Candidates" or on https://www.cpsa.ie/.
The reform programme outlined for the Health Services may impact on this role and as structures change the job specification may be reviewed.
This job specification is a guide to the general range of duties assigned to the post holder. It is intended to be neither definitive nor restrictive and is subject to periodic review with the employee concerned.
Should the role be of interest to you please apply in with your current CV.

#J-18808-Ljbffr


Nominal Salary: To be agreed

Source: Jobleads

Requirements

Network Engineer

About Post Consult International (PCI) PCI is a wholly owned subsidiary of An Post, providing specialist IT Strategy, Management and Development services acr...


An Post - County Dublin

Published a month ago

Data Scientist - Pharmacy Analytics

Data Scientist, Pharmacy Analytics – Dublin, HybridOptum is a global organization that delivers care, aided by technology to help millions of people live hea...


Unitedhealth Group - County Dublin

Published a month ago

Azure Devops Engineer

About the Role The ideal candidate will possess extensive DevOps experience and will join our UK&I Technology team. You will be responsible for developing to...


Lexisnexis Risk Solutions Uk Ltd. Company - County Dublin

Published a month ago

Saas Technical Manager

The most trusted digital enabler team.blue is a leading digital enabler for companies and entrepreneurs. It serves over 3.3 million customers in Europe and h...


Team.Blue Global - County Dublin

Published a month ago

Built at: 2024-11-15T17:44:58.919Z