CONTEXT

The MSF movement is built around five operational centres supported by MSF’s 23 sections, 25 associations and other offices together worldwide. The Operational Centre Brussels (OCB) is one of those operational centres, supported by 8 European MSF Sections. Given the nature of the Organisation’s activities, OCB processes medical data, HR data, donor data and communications data including testimonies and photographs. As the MSF Movement includes over 30 offices all over the world in both EU and non-EU jurisdictions, OCB’s data flows will include complex transfers of data.

OCB is committed to protecting and responsibly managing data entrusted in the organization. Notably, it recognizes the critical importance of assessing and mitigating risks related to (digital) data that could harm individuals (such as patients, donors, or MSF staff) and/or MSF operations.

As the Data Protection Officer, your role involves ensuring that the organisation manages and processes data in a safe and responsible manner, adhering to applicable data protection rules and in alignment with MSF’s humanitarian mandate. You collaborate closely with other data protection stakeholders, including function line specialists, information security experts, the MSF international legal department, and the MSF international Privacy Coordination Office, to promote high-quality and consistent data protection practices.

MAIN RESPONSIBILITIES

Provide strategic guidance and orchestrate data protection support to ensure OCB manages personal data in a coherent and responsible manner to protect individuals and MSF mandate in line with its humanitarian mission

• Initiate and technically steward the development of policies, tools, guidelines, training, and awareness material to support the promotion and integration of good data protection practices within OCB functional lines
• As need be, set up and animate working group(s) to support ad hoc projects and define priorities
• Follow up and monitor the effectiveness and efficiency of data protection measures implemented with a view to improving them
• Inform the Deputy Director General of any significant risk identified and periodically make formal reports on the overall evolution of data protection in OCB. Advise and support business lines’ managers to embed data protection in their strategic plans

Raise awareness, train, monitor/ audit and advise OCB departments regarding (i) data protection risks / harms and (ii) practices in relation to the organisation processing activities to allow OCB to make informed decisions and priorities, including:

• Identify where the main potential risks are – considering MSF humanitarian mandate – thus allowing MSF to prioritize its data protection and digital risks efforts (in terms of awareness, prevention, policy, etc.) and/ or response (in terms of mitigation measures, such as encryption, access controls, and data breach response plans)
• Advise on and support the implementation of the fundamental principles of personal data protection. In particular, the DPO shall enhance OCB staff’s understanding of their individual responsibilities, train staff on good practices and promote a culture of data protection across projects and the organisation
• Provide expert advice and technically steward MSF on an ad hoc basis, in relation to managing data protection risks/harms/requirements and building solutions, including when mandated or in agreement with other MSF or DP stakeholders. Notably for:
  • OCB’s departments or countries of operations regarding data protection rules/ best practices or issues
  • Assessments/ advice on new technologies/ information systems, new partnerships, new processes, new medical programs, closing or handover of a project, shared assets etc.
  • Support on data protection impact assessments

Incident & data breach management – Data requests/ complaints

• In close collaboration with the department of information security/ technologies, ensure OCB is prepared for data breaches. This involves developing incident response plans, breach simulations, and maintaining up-to-date procedures to handle security incidents effectively from a data protection perspective
• In case of an incident/ data breach (for data related matters):
  • Evaluate practical and legals impacts, including reporting obligations, propose mitigation measures and document lessons learnt
  • Contribute to the incident response, maintain a data protection log of the incident and its response.
  • Act as the focal point and cooperate with the Belgium Data Protection Authority (in case of an investigation and/ or reporting),
  • Consult with MSF international legal department, when relevant
  • Handle requests and/or complaints from individuals (data subjects) regarding their personal data

Liaison and Coordination

• Coordinate with and/ or contribute to various OCB (business lines, IT, archiving) and MSF international departments (International Legal Department, International Privacy Coordination Office, working groups etc.)
• Participate and provide high-level advice and insights to the development and revision of movement-wide data protection guidelines, templates, policies, and strategic projects (within or outside OCB)
• Actively participate to IPCO (internal and intersectional) meetings and working groups (IDPG etc.)
• Ensure that the work carried out by OCB is coherent and aligned with the strategic orientations and approaches defined for MSF movement

Serve as the main point of contact between OCB and the Belgian Autorité de protection des données (APD)

REQUIREMENTS

Education & Experiences

• Master degree and/or more than 5 years experience in technology, data protection (GDPR rules) and digital risks
• Solid experience in data mapping, data-related risk assessment
• Experience with MSF or other NGO is a plus.
• Ability to work autonomously, with a strong understanding and experience in project and change management
• Capacity to animate data protection as a key component of humanitarian principles (e.g. “do no harm”) or employer responsibility (e.g. ‘duty of care”)

Competenties

• Capacity to drive data protection from a risk-based, pragmatic and result based approach, adapted to organisation’s overall goals and functioning
• Excellent communication skills
• Ability to communicate complex concepts in plain language
• Ability to work in a multi-cultural environment
• Tact, diplomacy, and tenacity as well as the ability to build and maintain a strong network within the MSF Movement.

Languages

• Excellent command of English and French or Dutch (spoken and written)

CONDITIONS

• Expected starting date: As soon as possible
• Contract type: Open-ended Contract – full-time
• Location: Brussels, Belgium
• Mobility: 2 – 3 visits in MSF Projects per year
• Salary according to MSF-OCB HQ grid – Hospital Insurance (DKV) – Pension Plan – 100% reimbursement for public transportation costs
• Adhere to the MSF principles and to our managerial values: Respect, Transparency, Integrity, Accountability, Trust and Empowerment
• Adhere to the MSF Behavioral Commitments

Deadline for applications: 21st of August 2024