Privacy Specialist - GDPR - Security

Tasks

-Contributing to the interpretation of the registers of processing activities
-Assessing the legality of processing
-Analyzing the quality of processing,
-The co-implementation of Data Protection Impact Assessments (GEB, formerly Privacy Impact Assessments) in accordance with the structure and set-up requirements set for this within the central government
-Participating in and giving workshops and on the basis of the results from this, available documentation and further substantive discussions with the relevant process staff, in consultation with GEB reports or otherwise documentation in relation to substantiating the compliance with privacy legislation and the special.

Work/thinking level: WO

-Familiar with relevant (privacy) legislation including Wbp, the Data Leaks Notification Act, the Regulation and the GDPR Guideline, the e-Privacy Directive and adjoining legislation such as the WGBO (care domain) and relevant standards-based frameworks such as NEN7510,12 and 13.
-A practical background with and work experience in the field of protection of personal data (for example in the role of Privacy Officer or Data Protection Officer) and the identification and implementation of compliance-oriented measures in order to comply with privacy legislation.
-On the basis of ICT and privacy related work experience, expertise and expertise able to independently make a good estimate and in consultation with others, among other things on the basis of risk assessments and gap analyzes, to come to support decision making in operational privacy (quality) issues.
-In this sense, the candidate is familiar with quality and risk management, information security frameworks such as ISO27001/2, measure sets such as the BIR and systematics to work in a structured way on the control of information security such as with an ISMS.
-Able to identify and name what does and does not contribute to the solution of perceived privacy challenges. This includes the systematic analysis of business processes and the ability to arrive at a responsible assessment of the necessary measures to meet the privacy requirements and other means (penitentiary and also health care legislation) in relation to responsible handling of personal data.
-The theoretical ability to substantiate solution directions including the interpretation and making them discussible.
-Contributes supportively to a responsible but workable and above all practically feasible advice/solution approach from a good = good enough approach.
-Able to set the organization interest in collaboration with colleagues and third parties above the individual interest and the own functional interest.