By continuing to browse this site, you agree to our use of cookies. Read our privacy policy

Data Protection and Legal Officer

Lyons (United States of America)

  • Organization: WHO - World Health Organization
  • Location: Lyons (United States of America)
  • Grade: P-3, International Professional - Internationally recruited position - Mid level
  • Occupational Groups:
    • Legal - Broad
    • Statistics
    • Information Technology and Computer Science
    • Security and Safety
  • Closing Date: 2022-01-25

Click "SAVE JOB" to save this job description for later.

Sign up for free to be able to save this job for later.



The International Agency for Research on Cancer (IARC), is the cancer agency of the World Health Organization (WHO) and is based in Lyon, France.

Data protection and specialized legal reviews are of an increasing complexity and importance for IARC’s scientific research work. The data protection officer will ensure IARC’s material compliance with the highest applicable standards including but not limited to the General Data Protection Regulation (GDPR) and those of the International Organisation for Standardization (ISO). The post will also serve the best interest of IARC by providing legal reviews and negotiations on IARC’s contracts with different suppliers to safeguard the organisation status, privileges and immunities.

Under the direct supervision of the Director, Administration and Finance (DAF) and overall guidance of IARC Director, in close coordination with other colleagues in the DAF Office and within the broader Services to Science and Research (SSR) and other branches as applicable, the incumbent provides professional support and advice on data protection and legal reviews of contracts and educate employees and stakeholders on important data compliance requirements, data protection policies, guidelines, and procedures.

The data protection and legal unit’s main objective is to ensure IARC’s material compliance with internationally recognized standards as applicable and to safeguard the organisation’s status, privileges and immunities.


  1. Support the IARC in navigating the complex legislative environment that surrounds the use of, sharing, transferring, and storing, human bio-specimens and sensitive/personal data (e.g., in the context of the GDPR and ISO standards).
  2. Draft, review, amend, update and maintain internal data protection policies, guidelines, and procedures, in consultation with key stakeholders.
  3. Propose technical and organisational measures to ensure appropriate security of human bio-specimens and personal data as well as developing and implementing organisational controls, policies and procedures that may be required to mitigate any risks identified.
  4. Coordinate the network of IARC Data Stewards and regular update of IARC’s Records of Processing Activities (ROPA).
  5. Follow up on IARC’s data obligations (including data retention/deletion), in close liaison with the relevant Principal Investigators (PIs) in the scientific branches as well as ITS;
  6. Provide expert advice and guidance on Data Transfer Agreements (DTAs) and Data Use Agreements (DUAs).
  7. Conduct legal reviews and maintain IARC’s records of all DTAs/DUAs;
  8. Guide the concerned parties on bio-banking activities where such activities imply the use of human subjects’ bio-specimens and data, and perform legal review of Material Transfer Agreements (MTAs) whenever needed;
  9. Participate in and contribute to regular internal and external data protection related meetings, committees and workshops;
  10. Liaise with the World Health Organisation (WHO) on data protection and data privacy related matters, and any other legal aspects that may arise;
  11. Advise on non-standard procurement contracts, including performing legal desk review and negotiation with external interlocutors, especially IARC’s suppliers;
  12. Support the DAF Office in other related areas including but not limited to drafting information materials, circulars, policy documents, Standard Operating Procedures (SOPs), etc.


Due to the evolving situation resulting from the Covid-19 pandemic, and depending on work requirements, this position may be partly occupied remotely, from the home of the candidate selected in the region Lyon, according to the teleworking clause for force majeure currently in force as part of the IARC teleworking policy during this pandemic period.


  • Producing results
  • Moving forward in a changing environment
  • Fostering integration and teamwork
  • Technical expertise
  • Communication
  • Promoting innovation and organizational learning
  • Setting an example.



Essential: Bachelor degree in law, data protection, data privacy, information governance, intellectual property or related field complemented by specialized legal/data protection training in a relevant field to the position nature.

Desirable: -


Essential: At least five years of professional experience in the field of legal counselling, including 2 years in the field of data protection.


  • UN Experience.
  • Experience in a multicultural work environment.
  • Experience in an academic or scientific setting.
  • Experience in a legal/data protection firm.


Expert knowledge of English is essential, working knowledge of French is desirable.



  • Ability to multitask and work under pressure to meet deadlines.
  • High level of accuracy, scrutinization and attention to detail
  • Tact, diplomacy, discretion and respect for confidentiality and privacy.
  • Knowledge of data protection software such as OneTrust, DataGrail, TrustArc, etc.
  • Knowledge of IT data related tools in terms of data storage, data analysis, data management, data security and the risk of inaction.


WHO salaries for staff in the Professional category are calculated in US dollars. The remuneration for the above position comprises an annual base salary starting at USD 62,120 (subject to mandatory deductions for pension contributions and health insurance, as applicable), a variable post adjustment, which reflects the cost of living in a particular duty station, and currently amounts to USD 2,163 per month for the duty station indicated above (subject to change). Other benefits include 30 days of annual leave, allowances for dependent family members, home leave, and an education grant for dependent children.


  • Only candidates under serious consideration will be contacted.
  • A written test and/or seminar presentation may be used as a form of screening.
  • In the event that your candidature is retained for an interview, you will be required to provide, in advance, a scanned copy of the degree(s)/diploma(s)/certificate(s) required for this position. IARC/WHO only considers higher educational qualifications obtained from an institution accredited/recognized in the World Higher Education Database (WHED), a list updated by the International Association of Universities (IAU)/United Nations Educational, Scientific and Cultural Organization (UNESCO). The list can be accessed through the link: Some professional certificates may not appear in the WHED and will require individual review.
  • Any appointment/extension of appointment is subject to IARC/WHO Staff Regulations, Staff Rules and Manual.
  • WHO staff members in other duty stations are encouraged to apply.
  • For information on IARC’S operations please visit:
  • IARC/WHO is committed to workforce diversity.
  • IARC/WHO's workforce adheres to the WHO Values Charter and is committed to put the WHO Values into practice.
  • IARC/WHO has a smoke-free environment and does not recruit smokers or users of any form of tobacco.
  • Applications from women and from nationals of non and underrepresented Participating States are particularly encourage.

We do our best to provide you the most accurate info, but closing dates may be wrong on our site. Please check on the recruiting organization's page for the exact info. Candidates are responsible for complying with deadlines and are encouraged to submit applications well ahead.
Before applying, please make sure that you have read the requirements for the position and that you qualify.
Applications from non-qualifying applicants will most likely be discarded by the recruiting manager.

What does it mean?

Click "SAVE JOB" to save this job description for later.

Sign up for free to be able to save this job for later.