UCR Data Protection Advisor – Moldova

JOB OPPORTUNITY

UCR Data Protection Advisor – Moldova

World Vision International is a Christian relief, development and advocacy organization dedicated to working with children, families and their communities worldwide to reach their full potential by tackling the causes of poverty and injustice. World Vision - Moldova Office is looking for a highly qualified and motivated person for the position of UCR Data Protection Advisor - Moldova.

Job Purpose:

To help World Vision (WV) respond to the Ukraine Crisis, a lot of personally identifiable information is collected to enable and support programme implementation. While this data helps WV provide critical humanitarian assistance, it also can potentially bring risks and harms to the people we seek to serve. At the same time, there are data protection laws and regulations in the countries of operation (Ukraine, Georgia, Moldova & Romania) which require the organization to comply with to avoid any regulatory penalties.

As part of the Risk and Compliance Unit, the Data Protection Advisor will provide oversight for data protection and regulatory compliance, assuming responsibilities of a Data Protection Officer (DPO). This will ensure that WV meets digital safeguarding and protection commitments to vulnerable children and communities, demonstrate adherence to data protection regulations in the countries of operation, and ensure compliance with relevant partnership policies.

This position requires a diverse set of skills, incorporating technical and change management expertise including organizational behavioral change, systems thinking and change, digital and data governance, digital rights, data protection and privacy, and creative communication.

MAJOR RESPONSIBILITES

Data Governance

a) Participate and contribute actively to the UCR Data Governance Committee, working with Information Technology; Information Management; Monitoring, Evaluation, Accountability & Learning (MEAL); and other relevant functions, in advancing robust data governance practices within the Ukraine Crisis Response.

b) Develop and maintain a data governance framework to ensure that data is collected and managed securely, ethically and responsibly. Develop this in collaboration with Information Technology; Programmes; Operations; Risk & Compliance; Monitoring, Evaluation, Accountability & Learning (MEAL); Information Management and other relevant functions.

c) Participate in the development and implementation of data standards and data management solutions in use within the response.

d) Oversee data protection governance for new projects and initiatives.

Data Protection

a) To work proactively as the UCR’s data protection subject matter expert, promoting best practice and ensure that technical and organisational measures are in place to protect and safeguard personal data. In this regard, assume responsibilities of a Data Protection Officer (DPO) under data protection regulations. Provide responsive and high quality advice to WV staff and partners on data protection and compliance matters.

b) Take a lead role in assessing data protection legislation or other regulatory changes and making recommendations as necessary to ensure that risks are mitigated as well as ensure ongoing compliance. Create and maintain documentation that provides evidence of legal and regulatory compliance to data protection laws.

c) Provide practical assistance, support, capacity, and recommendations for improving issues such as:

• Minimum datasets for registration, deduplication, enrolment, referrals, etc.
• Individual data rights requests and process for managing this.
• Data sharing agreements between non-government organisations (NGOs), governments, United Nations (UN) agencies, donors, financial service providers (FSPs), partners, and other actors.
• Data sharing models and maintaining data inventories for all projects.
• Conducting data protection impact assessments (DPIA).
• Data breach management and procedure for managing incidents.
• Determine how local actors can be included more, barriers to this, and recommendations for improvement (people, systems, capacity, willingness).
• Facilitate discussions between actors.

d) Localise and raise awareness of WV’s information security and data protection policies in collaboration with Information Technology department.

e) Support the development and implementation of relevant policies, processes and procedures, and controls for responsible data management and maintain an appropriate review cycle.

f) In collaboration with Information Technology and other relevant stakeholders, provide oversight and advise on data breach incidents and investigations or privacy complaints and undertake reporting and remedial actions as necessary.

g) Support partner engagement, legal and procurement processes around privacy and data protection issues in contract negotiations and partner relationships, highlighting to key stakeholders the necessity of adherence to personal data handling obligations.

h) Ensure compliance through monitoring, auditing and risk management activities.

• Provide senior leadership team assurance through monitoring and oversight of data management activities.
• Conduct audits to ensure privacy and data protection compliance and proactively address potential privacy and data protection issues.
• Conduct regular analysis of data management practices and prepare reports relating to UCR’s data protection compliance.

Capacity Building

a) Promote a positive data protection and privacy culture through training and awareness raising activities. As such, build digital and data literacy - beyond technology - through:

• Creating networks of practitioners and practice.
• Conducting digital and data literacy sessions for project teams (and others if desired) on topics such as: awareness & consent, data sharing, data minimisation, etc.
• Facilitating discussions on key data responsibility topics and approaches.
• Facilitating simple, weekly refreshers on responsible data practices.

b) Network with other actors working in data protection or related areas, including sharing resources, knowledge and expertise to promote regulatory compliance and continuous improvement in the sector.

Data Protection Coordination & Advocacy

a) Work with and advocate for inclusion of data literacy, data protection and other responsible data practices in proposals and grants.

b) Participate in humanitarian coordination forums to reach agreements on data protection standards and guidelines that meet WV requirements.

c) Support WV focal points in their coordination with clusters and working groups on the data required for registration and other purposes and ensuring that this meets our data protection standards.

d) Reach consensus with other humanitarian actors for a data sharing agreement that meets the WV requirements and standards.

KNOWLEDGE/QUALIFICATIONS FOR THE ROLE

Professional Experience & Skills

1. At least 1-2 years experience in data protection and/or data management.

2. Knowledge of data protection legislation, particularly the European Union’s General Data Protection Regulation (GDPR) and similar national laws.

3. Relevant work experience of monitoring compliance with regulatory requirements and engaging with regulatory bodies.

4. Experienced in the operational application of data protection and privacy laws.

5. Ability to handle confidential information.

6. Ethical, with the ability to remain impartial and report all non-compliances.

7. Strong organizational skills including attention to detail and multi-tasking skills.

8. Strong interpersonal, analytical and problem-solving skills.

9. Effective communication skills.

Required Education, training, license, registration and certification

1. University degree in law, information technology, information science, data science, business administration or equivalent degree related to field of work.

2. Data protection training.

3. Strong project, budget, and information management skills, with the ability to coordinate across various teams.

4. Strong IT technical proficiency especially of Microsoft Office.

Preferred Knowledge, Experience and Qualifications

1. 1-3 years’ experience in international humanitarian/development and business related activities.

2. Data protection certification.

3. Expertise in project and change management.

4. Experience running creative and engaging virtual and in person events.

5. Ability to work under pressure and make hard decisions required to achieve project objectives.

6. Proven ability to initiate and manage cross-sector/multi-sector relationships.

7. Demonstrated ability to influence and work across culturally diverse teams.

8. Experience in managing data breaches.

9. Experience in cooperation with supervisory authorities of any kind.

10. Change management experience.

Applicant Types Accepted:

Local Applicants Only

Only short listed candidates will be contacted

Mode of Application:

If you are interested in this position, to apply, please register at: https://worldvision.wd1.myworkdayjobs.com/en-US/WorldVisionInternational/details/UCR-Data-Protection-Advisor---Moldova_R17768

No information inquiries will be handled over the phone. Only short listed candidates will be notified for the interview. The deadline for application is 13 March 2023.

As a Child focused organization, World Vision is committed to the protection of children and does not employ staff whose background is not suitable for working with children. All employment is conditioned upon the successful completion of all applicable background checks