Chief Data Protection and Privacy Officer

Hardship Level

H (no hardship)

Family Type

Family

Family Type

Family

Residential location (if applicable)

Grade

PR5

Staff Member / Affiliate Type

Professional

Reason

Regular > Regular Assignment

Target Start Date

2025-10-01

Deadline for Applications

August 8, 2025

Standard Job Description

Chief Data Protection and Privacy Officer

Organizational Setting and Work Relationships

UNHCR General Policy on Personal Data Protection and Privacy (GDPP) establishes a unified data protection and privacy framework for the Organization and is applicable to processing of personal data of all categories of data subjects, including forcibly displaced and stateless persons, UNHCR workforce, partners, individual donors and others.

The role of the Chief Data Protection and Privacy Officer (Chief DPO) is established within UNHCR’s Data Protection Office. The Chief DPO has the authority to provide independent and impartial expert support and advice on the application of the policy. They are accountable for global monitoring and oversight functions to support UNHCR’s compliance with the policy and other policies and administrative instructions relating to UNHCR’s data protection and privacy framework, including through collaboration with Personal Data Controllers and with regional bureaux directors.  

The Chief DPO is based in UNHCR Headquarters and leads the UNHCR Data Protection Office, an independent HQ entity comprised of a team of specialists in data protection and privacy. The incumbent works in collaboration with relevant internal stakeholders such as the Chief Information Security Officer (CISO), General Counsel and Head of Legal Affairs Service (LAS), and senior UNHCR personnel who has decision-making authority over the processing of personal data by country operations, regional bureaux, and headquarter entities. 

The incumbent represents UNHCR’s Data Protection Office in various external data protection and privacy forums and engages with Data Protection Authorities.

All UNHCR staff members are accountable to perform their duties as reflected in their job description. They do so within their delegated authorities, in line with the regulatory framework of UNHCR which includes the UN Charter, UN Staff Regulations and Rules, UNHCR Policies and Administrative Instructions as well as relevant accountability frameworks. In addition, staff members are required to discharge their responsibilities in a manner consistent with the core, functional, cross-functional and managerial competencies and UNHCR’s core values of professionalism, integrity and respect for diversity.

Duties

• Lead and oversee the work of the Data Protection Office.

• Provide expert support, recommendations and advice to the High Commissioner and Personal Data Controllers regarding the application of UNHCR’s personal data protection and privacy framework.

• Oversee UNHCR’s implementation of its data protection and privacy framework across all personal data processing activities conducted by the organization.

• Coordinate the establishment and application of compliance measures and examine issues of non-compliance with UNHCR’s personal data protection and privacy framework.

• Work collaboratively with the Chief Information Security Officer to set procedures for the examination of personal data breaches.

• Undertake expert review and clearance of data sharing arrangements.

• Develop advisories, formal opinions and interpretations on personal data protection and privacy upon request.

• Examine any identified data protection matters and occurrences and relay these as necessary to the appropriate oversight mechanism(s).

• Advise Personal Data Controllers on integrating personal data protection and privacy risks into strategic and operational decision-making, and on ensuring the appropriate exercise of data subject rights by the Organization.

• Work collaboratively with the Legal Affairs Service to provide advice on the sharing of personal data with law enforcement agencies and competent courts, and to liaise with national and regional data protection authorities or other official entities on data protection matters.

• Advise on options for capacity development on personal data protection and privacy for data protection focal points, personal data controllers, and more broadly, all UNHCR personnel, and provide training resources, where necessary.

• Establish and maintain collaborative working relations with stakeholders internal and external to the UN to identify areas for potential collaboration and to maintain oversight of developments and actions in terms of personal data protection and privacy.

• Maintain a centralized repository of data sharing agreements, personal data breach notifications and global-level data protection impact assessments.

• Issue internal and external reports with concluding observations on the Organization’s compliance with its personal data protection and privacy framework.

• Set clear expectations on performance objectives of the Data Protection Office team reports, hold “check-ins” continuously to identify needs, recognize good performance and provide feedback and coaching on areas of development.

• Foster a positive and inclusive work environment and create an environment of trust, respect, and open communication.

• Lead risk assessments and discussions with team(s) to proactively manage risks and seize opportunities impacting objectives. Ensure that risk management principles are integrated in decision-making both at strategic and operational levels. Allocate resources for planned treatments with resource requirements in Strategic Plans. Ensure that risks are managed to acceptable levels and escalate, as needed. If a Risk Owner, designate the Risk Focal Point and certify that the annual risk review is completed and ensure that the risk register is updated during the year, as needed.

• Perform other related duties as required.

Minimum Qualifications

Years of Experience / Degree Level

For P5 - 12 years relevant experience with Undergraduate degree; or 11 years relevant experience with Graduate degree; or 10 years relevant experience with Doctorate degree

Field(s) of Education

Law;                                                  Human Rights;                                               International Law;

Political Science;                              Social Sciences;                                            or other relevant field.

Certificates and/or Licenses

ECPC-HA Professional DPO in Humanitarian Action Certification;                         Certified Information Privacy Practitioner (CIPP); Certified Information Privacy Manager (CIPM)                           or other relevant certifications in data protection and privacy

(Certificates and Licenses marked with an asterisk* are essential)

Relevant Job Experience

Essential

Expert knowledge in international data protection and privacy law, such as regional and national data protection frameworks and practices. Experience in design and management of a data protection and privacy program.  Experience in carrying out data protection and privacy work in complex international organizations or large global corporations with locations in multiple countries. Experience in developing guidance on data protection and privacy. Proven ability to advise and influence senior management and decision making. Integrity and high professional ethics. Demonstrated leadership and management experience. Completion of the UNHCR Data Protection Learning Module.

Desirable

Experience in the humanitarian sector and/or within UN system. Experience working in or liaising with field operations.

Functional Skills

*LE-Assessment and application of principles of data protection law

*LE-Legal advisory for operations and divisions related to data protection

LE-Data protection laws and mechanisms at the national or regional level (e.g. EU GDPR)

LE-Data protection laws, standards, and procedures related to international instruments

LE-Data protection legislation from key jurisdictions

LE-Drafting & development of data protection policies & guidelines based on best practices

LE-Data protection implications assessment for policies and operations

RM-Risk Management

MG-Policy Compliance Monitoring

DM-Data security management

(Functional Skills marked with an asterisk* are essential)

Language Requirements

For International Professional and Field Service jobs: Knowledge of English and UN working language of the duty station if not English.

For National Professional jobs: Knowledge of English and UN working language of the duty station if not English and local language.

For General Service jobs: Knowledge of English and/or UN working language of the duty station if not English.

Competency Requirements

All jobs at UNHCR require six core competencies and may also require managerial competencies and/or cross-functional competencies. The six core competencies are listed below.

Core Competencies

Accountability

Communication

Organizational Awareness

Teamwork & Collaboration

Commitment to Continuous Learning

Client & Result Orientation

Managerial Competencies

Leadership

Managing Resources

Strategic Planning and Vision

Empowering and Building Trust

Managing Performance

Judgement and Decision Making

Cross-Functional Competencies

Analytical Thinking

Policy Development and Research

Technological Awareness

All UNHCR workforce members must individually and collectively, contribute towards a working environment where each person feels safe, and empowered to perform their duties. This includes by demonstrating no tolerance for sexual exploitation and abuse, harassment including sexual harassment, sexism, gender inequality, discrimination, and abuse of power.

As individuals and as managers, all must be proactive in preventing and responding to inappropriate conduct, support ongoing dialogue on these matters and speaking up and seeking guidance and support from relevant UNHCR resources when these issues arise.

This is a Standard Job Description for all UNHCR jobs with this job title and grade level. The Operational Context may contain additional essential and/or desirable qualifications relating to the specific operation and/or position. Any such requirements are incorporated by reference in this Job Description and will be considered for the screening, shortlisting and selection of candidates.

Desired Candidate Profile

Desired candidate would have demonstrated experience leading a complex, international privacy program in a large organization, preferably in an International Organization or humanitarian context. They would have demonstrated knowledge and understanding of UNHCR mandate, experience working in direct delivery of protection and humanitarian assistance will be a distinct advantage. They should have demonstrated managerial skills, ability to work collaboratively with various functions across the organization and experience representing their organization in relations with governments, civil society, business community and academia. Should be willing to move to Copenhagen, Denmark.

Required languages (expected Overall ability is at least B2 level):

,

,

Desired languages

,

,

Operational context

Occupational Safety and Health Considerations:

To view occupational safety and health considerations for this duty station, please visit this link:

https://wwwnc.cdc.gov/travel

Nature of Position:

Chief Data Protection and Privacy Officer is a position established by the UNHCR General Policy on Personal Data Protection and Privacy to provide global monitoring and oversight functions for the processing by UNHCR of personal data of Forcibly Displaced and Stateless Persons, partners, vendors, donors, members of UNHCR workforce and others. Chief DPO provides independent and impartial expert data protection and privacy support and advice to managers in UNHCR HQs and Operations responsible for personal data processing. The position is based in UNHCR HQ in Copenhagen, Denmark. Chief DPO leads the UNHCR Data Protection Office comprised of a team of 4 Data Protection and Privacy Officers, who work closely with the network of Data Protection Focal Points in UNHCR Operations and HQ Divisions and Entities. Chief DPO reports to UNHCR Assistant High Commissioner for Protection.  

Living and Working Conditions:

Additional Qualifications

Skills

DM-Data security management, LE-Assessment and application of principles of data protection law, LE-Data protection implications assessment for policies and operations, LE-Data protection laws, standards, and procedures related to international instruments, LE-Data protection laws and mechanisms at the national or regional level (e.g. EU GDPR), LE-Data protection legislation from key jurisdictions, LE-Drafting & development of data protection policies & guidelines based on best practices, LE-Legal advisory for operations and divisions related to data protection, MG-Policy Compliance Monitoring, RM-Risk Management

Education

Bachelor of Arts: Human Rights, Bachelor of Arts: International Law, Bachelor of Arts: Law, Bachelor of Arts: Political Science, Bachelor of Arts: Social Science

Certifications

Certified Information Privacy Manager (CIPM) - International Association of Privacy Professionals (IAPP), Certified Information Privacy Practitioner (CIPP) - International Association of Privacy Professionals (IAPP), ECPC-HA Professional DPO in Humanitarian Action - European Centre on Privacy and Cybersecurity (ECPC)

Work Experience

Competencies

Accountability, Analytical thinking, Client & results orientation, Commitment to continuous learning, Communication, Empowering & building trust, Judgement & decision making, Leadership, Managing performance, Managing resource, Organizational awareness, Policy research & development, Strategic planning & visions, Teamwork & collaboration, Technological awareness

UNHCR Salary Calculator

https://icsc.un.org/Home/SalaryScales

Compendium

Add. 2 to the Bi-Annual 2025 Compendium - Part B

Additional Information

Functional clearance

This position doesn't require a functional clearance