This Job Vacancy has Expired!

Data Protection Officer - French and Dutch Speaking

Applause IT Ltd

Posted on Nov 18, 2020 by Applause IT Ltd

Brussel, Belgium
IT
21 Jan 0002
€500 - €500 Daily
Contract/Project


The project consists of:
A DPO mission. This is to ensure the mission of data protection officer on a temporary basis for a period of 6 months for Brussels Environment.
A support mission for GDPR compliance. This is to contribute to the GDPR compliance project within the organization.
A support mission for the implementation of an ISMS. This involves contributing to the implementation project of an ISMS within the organization to facilitate the implementation of security measures in "non-IT" security areas (eg. Third party management, management of security related to personnel, management of clearances, management of physical security, etc.)

The mission is divided into three subjacent missions.

The general framework of the DPO's intervention is provided for in Articles 37 to 39 of the GDPR. Specifically for BE, the DPO to perform the following tasks:
- Follow-up of the mailbox
- Respond to requests for information
- There are approximately 3 requests for information per week to be processed
- Monitoring of projects in initialization and in the course of implementation:
- Assistance in the drafting of a processing sheet
- Assistance in the assessment of privacy risks and the drafting of a DPIA
- Assistance in the preparation of requests for '' access to authentic sources
- Assistance in drafting agreements between BE and its subcontractors
- Assistance in the creation of GDPR components: privacy charter, procedures allowing data subjects to exercise their rights, agreement for the processing of personal data personnel, etc
- Follow-up of calls during a public procurement procedure (RGPD notice to be included during a call to the market)
The workload of the DPO is estimated at 40 days.
A report on the management of these activities will be sent monthly or upon specific request.
The profile of the DPO to be proposed must present:
- Expert knowledge of the rules applicable in terms of data management, including "soft law": recommendations from control authorities, recognized good practices, etc. The activity will appeal to the comparative law also with regard to BE's missions: many pieces of legislation result from the application and/or transposition of international and European rules.
- General knowledge of data management and IT processes, in particular with regard to information security.
- Expertise in the public sector and access to data from authentic sources.
- At least one certification relevant to his role (ISO27001 lead implement, certification = DPO )
- A vision and expertise in the development of GDPR skills in an organization.
- In-depth knowledge of the two languages - of the organization NL/FR
The proposed DPO must be able to rely on an organization competent in the implementation of processes and activities related to GDPR compliance and information security management to guarantee the level of data protection required by the GDPR. The DPO will find there:
- A ready-to-wear governance framework
- A multi-skilled team in GDPR and information security matters with expertise in processes and models to implement the governance framework, coaching/training skills in French and Dutch, and skills covering legal, IT and business aspects linked to the support mission.
- Expertise in the public sector (minimum 3 relevant references with a value of more than Euros 50,000)

2. Support mission for GDPR compliance
The general framework of the support mission includes the implementation of a system management of data protection and privacy. The components of the envisaged system are among others:
- a GDPR organizational policy;
- data protection and privacy policies;
- structured communication with the people concerned;
- the processes described in terms of GDPR governance;
- tools defined in terms of GDPR governance;
- models and documentation to facilitate the implementation of an effective approach within the organization;
- and structured material to train/educate staff in GDPR matters.
Currently, Bruxelles Environnement has:
- a register of 80 documented treatments via an Intranet site (to be updated);
- GDPR documentation distributed via an Intranet site to staff;
- a "Treatment form" template in MS-Word form;
- "Subcontracting contract" models in MS-Word form;
- and training modules related to GDPR (awareness and use of GDPR components).
The cost of the support mission is estimated at 40 days.
A list of components as exhaustive as possible will be established at the start of the mission. A report on the management of this mission will be sent monthly or upon specific request. The percentage of progress on the creation or a qualification of the maturity of the components put in place will be included in the report. It is also requested to provide training and conduct an awareness plan in this area (plan to be defined within the framework of the mission).
This mission will be steered by the DPO who can rely on other profiles of his organization to support him.
3. Support mission for the implementation of an ISMS (Information security management system)
The general framework of the support mission includes the implementation of a security management system. information for the processing of personal data within the organization. The components of the envisaged system are among others:
- an ISMS organizational policy;
- information security policies;
- information security governance processes;
- information security governance tools;
- models and documentation, to facilitate the implementation of an effective approach within the organization;
- and structured material to train/educate staff in GDPR matters.
The cost of the support mission is estimated at 20 days.
A list of components as exhaustive as possible will be established at the start of the mission. A report on the management of this mission will be sent monthly or upon specific request. The percentage of progress on the creation or a qualification of the maturity of the components put in place will be included in the report.

Required profiles:
Data Protection Officer




Reference: 1009953841

Set up alerts to get notified of new vacancies.