Data Protection Legal Adviser

Purpose

The Data Protection Legal Adviser (Protection) provides specific legal, regulatory and compliance advice on data protection issues to divisions and delegations across the ICRC, with particular focus on Protection activities. S/he ensures that they effectively implement the ICRC Compliance Framework on Personal Data Protection, including the ICRC Rules on Personal Data Protection, and handles a wide range of data protection questions concerning broad strategy, specific programmes and applicable legal frameworks, as well as individual subject access requests.

Accountabilities & Functional responsibilities

• Provides accurate, timely and practical legal, regulatory and compliance advice to ICRC divisions and delegations, and to other components of the International Red Cross and Red Crescent Movement as required, on various legal aspects of data protection and a wide range of related issues, including on all questions concerning the application of the ICRC Rules on Personal Data Protection in ICRC programmes, on compliance with domestic, regional and international legal data protection frameworks, such as the Council of Europe Convention (No. 108) for the Protection of Individuals with Regard to Automatic Processing of Personal Data and the European Union General Data Protection Regulation, and, more generally, on the processing of personal data.
• Plans, coordinates and implements the effective application of the ICRC Rules on Personal Data Protection. This involves, in particular, working closely with divisions and delegations in the areas of operations and administration in particular in relation to Protection activities to align their guidelines and policies, in accordance with the divisions' specific action plans.
• Monitors implementation of the requirements related to data protection by design and by default and data security.
• Advises on all questions regarding the application of the ICRC Rules on Personal Data Protection arising from ICRC programmes, and, more generally, the processing of personal data. This includes creating/updating privacy information notices for data subjects, terms of use for processing tools and processing/transfer agreements with third parties, as well as drafting/advising on data protection law aspects of contracts, memoranda of understanding, headquarters agreements, and giving guidance on the implications of domestic legislation on interaction with partners, etc.
• Advises on and ensures that data protection impact assessments are carried out correctly by the ICRC staff in charge.
• Delivers training, knowledge management activities and presentations for ICRC staff and other components of the Movement on data protection, in particular on data transfers and the application of relevant legal frameworks, as required.
• Maintains comprehensive knowledge of recent legal and policy developments in the field of data protection, and ensures that the ICRC is aware of their implications.
• Assists the Deputy Head of Data Protection Office in managing the data protection aspects of data breaches.
• Assists the Deputy Head of Data Protection Office in handling data protection complaints by data subjects.
• If necessary, provides guidance to National Red Cross and Red Crescent Societies on data protection law matters, including on domestic legislation, Movement codes of conduct and new technologies.

Reports to (role)

• Deputy Head of Data Protection Office

People management responsibilities

The Legal Adviser may be asked to supervise one trainee/associate

Scope & Impact

• Geographic remit: global.
• Supervises one associate (trainee), as required.

Relationships

• Internally, interacts with heads of division and unit at headquarters and programme coordinators in the field.
• Externally, interacts with data protection experts and legal advisers in other organizations.

Certifications / Education required

• Bachelor's degree in law and master's degree in law, international law or human rights law.
• Knowledge of data protection laws (Data Protection Officer certification is an asset).
• Admission to practise law an asset.
• Fluent command of English and French.
• Computer proficiency.

Professional Experience required

• Typically 10-12 years' overall professional experience
• Operational experience in the humanitarian sector in the area of Protection (programme coordinator within a recognized international organization is an asset, experience at the ICRC is an asset).
• Minimum 2 years' experience as a legal adviser/attorney.
• Minimum 2 years' experience advising on data protection/privacy matters.

Desired profile and skills

• Strongly motivated by humanitarian work
• Able to work under pressure
• Excellent drafting skills
• Negotiating skills and sense of diplomacy
• Sense of initiative and confirmed ability to work in a team

Additional information

• Location:                           Geneva
• Type of contract:               Open-ended
• Length of assignment:      4 years
• Activity rate:                      100%
• Estimated start date:        ASAP
• Application deadline:        17.02.2019