Job Title:Data Protection Officer – DPO (Dioceses of Ferns, Kildare and Leighlin and Ossory)
Job Duration: 2- year Fixed Term Contract
Job Location: Principal Location will be at: Kilkenny City. Role will involve working at various locations in counties Carlow, Kildare, Laois, Kilkenny, Offaly, Wicklow and Wexford.
Reports to: Each Diocesan Bishop / Administrator
The purpose of this role is to assist the three Dioceses of Ferns, Kildare and Leighlin and Ossory and their constituent parishes and agencies in achieving compliance with the requirements of the General Data Protection Regulation (GDPR). The Catholic Church recognises that good pastoral care and respect for the dignity of every person requires that personal data should be sourced, stored, processed and eventually disposed of in an appropriate manner and welcomes the essential principles underlying the GDPR.
The DPO for the Dioceses of Ferns, Kildare and Leighlin and Ossory will report directly to the Bishop of Ossory, and functionally to each Diocesan Bishop, and will work closely with key Diocesan Personnel in each Diocese. The DPO will:
Oversee the Development of Policy
develop a joint Data Protection Policy and related policies i.e. document retention policy, to be approved by the Diocesan Bishop /Administrator of each of the three Dioceses;
arrange for the appropriate publication of the policy;
oversee the regular updating of the joint policy in accordance with periodic changes in legislation;
familiarise him or herself with the nature of the Church’s activity in theabove Dioceses and identify the particular challenges which are likely to arise in the implementation of the GDPR.
Communicate the Requirements of GDPR:
develop a communications strategy which will ensure that key personnel in each Diocese are made fully aware of GDPR and its key principles;
arrange a series of training events in each Diocese, which will ensure that key personnel can readily appreciate the manner in which GDPR applies to the activity or activities for which they are responsible and what they need to do;
provide on-going education and support in the implementation of GDPR for bishops, clergy and lay personnel, both employed staff and volunteers;
advise on specific challenges experienced by data controllers.
Implement an Internal Audit Mechanism
devise and formulate a comprehensive internal audit system, which will allow the DPO to verify
that personal records in hard copy and in electronic format are appropriately managed, retained and disposed of;
that equipment used for the storage and transfer of data is appropriately secured;
that access to sacramental registers is appropriately managed and that they are appropriately stored;
that appropriate information and guidance in respect of web-cams and other equipment for recording or live transmission is readily available for Church personnel and for the public;
the correct use of logs of processing activities.
Management of GDPR Requests and Concerns
serve as a liaison person on behalf of the Dioceses of Ferns, Kildare and Leighlin and Ossory with the Regulatory Authority (Data Protection Commission);
make such reports on behalf of Dioceses or Parishes as may be required from time to time regarding personal data breaches;
advise Church personnel on the timely, efficient and appropriate management of requests for personal data.
The above contains the main outline of duties and cannot, in the nature of the role, be complete. Tasks may arise which do not fall within the remit of the above list of main duties. The DPO will be required to respond flexibly when ad hoctasks arise which are not specifically covered in this job description.
Knowledge (Qualifications & Related Experience):
The ideal candidate will have previous experience in a privacy/data protection role specifically in the area of advising on compliance with, and operational guidance, under EU data protection law.
Familiarity with privacy and security risk assessment best practices.
Experience with creating and implementing data protection policies, procedures, and training materials, and promoting a culture of data protection compliance.
A relevant professional qualification eg, Legal, Risk Assessment etc.
Expertise in the area of EU data protection law.
A good understanding of the way the Catholic Church operates, with particular regard to its personal data processing activities; and an ability to interpret relevant data protection rules in that context.
A good working knowledge of current software used in data processing and storage (including Excel, Access, Parish Registration systems and Cloud-based storage systems).
Personal skills including integrity, initiative, organisation, perseverance, discretion, ability to assert himself/herself in difficult circumstances.
Interpersonal skills including communication, negotiation, conflict resolution and the ability to build strong, constructive working relationships.
Knowledge of the ethos, management structures and practices of the Catholic Church.
Strong communication skills both verbal and written.
Excellent planning and organisational skills – due to the out-of-office requirements of this role, a high level of personal organisation is expected.
Full clean Driving Licence and the use of a car is required.
Diocesan IT and Communications Personnel
Priests and Deacons
Heads of Diocesan Offices and Agencies
Parish Secretaries and Staff
Data Protection Commissioner
Interested persons are asked to apply by post and to include:
A detailed CV tailored to the position including telephone and email contact details;
The names, addresses and contact telephone numbers of three referees;
A letter to the assessment panel communicating in less than two hundred words why you think you are suited to this post.
Closing date for applications by post on or before 15th May 2018 to:
Ossory Diocesan Office
James’s Street, Kilkenny, R95 NH60
The Dioceses of Ferns, Kildare and Leighlin and Ossory are equal opportunity employers.
Canvassing will disqualify.
Click here to download the job description, requirements and procedure.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.