Background
Data is central to UNDP’s Digital Strategy 2022-2025, playing a critical role in achieving the organisation’s mandate and supporting the Sustainable Development Goals (SDGs). In an era where digital transformation is reshaping how we operate, responsible data collection, management, use, and analysis have become key objectives to UNDP’s overall digital agenda. As part of this strategy, UNDP is committed to becoming a data-driven organisation, ensuring that data is leveraged responsibly and effectively to maximise impact for the communities we serve.
The UNDP Data Strategy aligns with the broader Digital Strategy to build the necessary systems, tools, and processes that promote data as a key asset. The strategy also aims to enhance UNDP’s knowledge management capabilities and cultivate a workforce that is data-literate and equipped with the skills to navigate the evolving digital landscape.
As UNDP continues to embrace digital transformation, safeguarding personal data and ensuring compliance with international data protection standards have become top priorities. Data privacy is crucial not only for protecting the rights of individuals but also for maintaining the trust and integrity of UNDP’s operations globally. UNDP recognises that effective data governance, which includes robust privacy safeguards, is essential for leveraging data ethically and responsibly across all its programmes and activities.
With UNDP’s presence in over 170 countries and its extensive portfolio addressing poverty, climate change, governance, and crisis response, the protection of personal data is of paramount importance. The Data Privacy Specialist will play a pivotal role in ensuring that UNDP’s data handling practices are in full compliance with the United Nations Principles on Personal Data Protection and Privacy, guiding the organisation towards a secure, compliant, and responsible use of data.
Duties and Responsibilities
The Data Privacy Specialist will play a key role in UNDP’s commitment to safeguarding personal data, ensuring compliance with international data protection standards, and enhancing data privacy across its operations and programmes. The incumbent will be responsible for developing and implementing data protection policies, advising senior management on data privacy related matters, conducting privacy risk assessments, managing data breaches, and promoting a culture of data privacy across the organisation.
Duties and Responsibilities
The selected candidate will be responsible for:
Governance and Compliance
- Lead the implementation and review of UNDP’s data protection and privacy policies, ensuring alignment with the United Nations Principles on Personal Data Protection and Privacy.
- Conduct privacy risk assessments and data protection impact assessments, recommending appropriate mitigations.
- Advise senior management on compliance with internal and external data protection regulations, ensuring the organisation adheres to the highest standards of privacy and data security.
- Ensure that appropriate safeguards are in place for data transfers and oversee the development of standard operating procedures related to data retention, deletion, and breach management.
- Provide support in managing and responding to data subject access requests in compliance with relevant regulations.
Data Protection and Risk Management
- Identify and assess data protection and privacy risks across UNDP’s global operations, working with relevant departments to mitigate these risks.
- Lead the development of a data breach management process, ensuring timely notifications and responses to breaches.
- Maintain a repository of data processing activities and support the data mapping efforts to improve oversight of data handling practices within UNDP.
Training and Awareness
- Develop and deliver training programmes aimed at building a strong culture of data protection and privacy within UNDP.
- Provide guidance to staff on the application of data protection principles, including privacy-by-design, data minimisation, and rights of data subjects.
- Raise awareness of data protection obligations, ensuring compliance with the UN’s data protection principles and related best practices.
Monitoring and Reporting
- Establish a monitoring system to ensure ongoing compliance with data protection regulations.
- Report on data privacy compliance to senior management, providing insights and recommendations for improvement based on trends and lessons learned.
- Collaborate with UN agencies to ensure coherence and harmonisation of data protection practices across the UN system.
Stakeholder Engagement
Under the guidance and oversight of the Chief Digital Office, the IPSA holder will:
- Channel internal and external queries related to UNDP data protection and privacy policies.
- Liaise with other UN agencies, legal entities, and external organisations to ensure UNDP’s compliance with evolving data protection and privacy frameworks.
- Represent UNDP in inter-agency working groups related to data protection and privacy.
Competencies
Core |
Achieve Results: |
LEVEL 3: Set and align challenging, achievable objectives for multiple projects, have lasting impact |
Think Innovatively: |
LEVEL 3: Proactively mitigate potential risks, develop new ideas to solve complex problems |
Learn Continuously: |
LEVEL 3: Create and act on opportunities to expand horizons, diversify experiences |
Adapt with Agility: |
LEVEL 3: Proactively initiate and champion change, manage multiple competing demands |
Act with Determination: |
LEVEL 3: Think beyond immediate task/barriers and take action to achieve greater results |
Engage and Partner: |
LEVEL 3: Political savvy, navigate complex landscape, champion inter-agency collaboration |
Enable Diversity and Inclusion: |
LEVEL 3: Appreciate benefits of diverse workforce and champion inclusivity |
Cross-Functional & Technical competencies (insert up to 7 competencies)
Thematic Area |
Name |
Definition |
Business Direction & Strategy |
Business Acumen |
Ability to understand and deal with a business situation in a manner that is likely to lead to a good outcome. |
Digital & Innovation |
Regulations for Digital/Emerging Tech |
Ability to design and advise on regulations and policy for digital and emerging technology. |
Digital & Innovation |
Data Governance |
Knowledge of data privacy and governance frameworks and the ability to ensure compliance with privacy regulations |
Digital & Innovation |
Data Risk Management |
Ability to assess, manage, and mitigate data risks within an organisation’s global operations |
Digital & Innovation |
Digital Ecosystem |
Knowledge of how digital ecosystems work and the opportunities/challenges they pose for organisations and governments |
Business Development |
Legal and Regulatory Compliance |
Ability to ensure compliance with international, national, and organisational data protection and privacy standards |
|
Required Skills and Experience
Min. Education requirements |
· Advanced university degree in law, data management, computer science, public administration, or a related field.
· A first-level university degree in the above fields, in combination with two additional years of qualifying experience, may be accepted in lieu of the advanced degree. |
Min. years of relevant work experience |
- Minimum 7 years (or 9 years with a bachelor’s degree) of relevant experience in data privacy, protection, and regulatory compliance, including policy development, risk assessments, and data breach management.
|
Required skills |
- Proven experience in developing and implementing data privacy policies and risk assessments.
- Experience in managing data breaches and advising senior management on data privacy compliance.
- Strong understanding of data governance and privacy frameworks in international settings.
- Excellent research and analytical skills to assess and mitigate data protection risks across global operations.
- Ability to conduct privacy impact assessments and develop breach management processes.
- Experience delivering training and capacity-building programs focused on data privacy and protection.
- Strong interpersonal and communication skills, with a demonstrated ability to collaborate in a multicultural environment.
|
Desired skills in addition to the competencies covered in the Competencies section |
- Capable of working in a high- pressure environment with sharp and frequent deadlines, managing many tasks simultaneously.
- Excellent analytical and organizational skills.
- Exercises the highest level of responsibility and be able to handle confidential and politically sensitive issues in a responsible and mature manner.
|
Required Language(s) |
- Excellent written and spoken English is required.
- Working knowledge of another official UN language is advantageous.
|
Professional Certificates |
Certified Information Privacy Professional (CIPP) from IAPP desirable |