Data Protection Unit Compliance General Manager

Heuston South Quarter, Dublin 8
 Salary:  See Description for Details
Other   Permanent
Closing Date: 25/11/2019 Closing Time: 12:00
Recruitment start: 31/10/2019


Job Summary

The Child and Family Agency was established on 1st January 2014 and is responsible for improving wellbeing and outcomes for children. It represents the most comprehensive reform of services for the development, welfare and protection of children and the support of families ever undertaken in Ireland. It is an ambitious move which brings together some 4,000 staff who were previously employed within Children and Family Services of the Health Service Executive, the National Educational Welfare Board and the Family Support Agency.

The Child and Family Agency has responsibility for the following range of services:

  • Child Welfare and Protection Services, including family support services.
  • Family Resource Centres and associated national programmes.
  • Early years (pre-school) Inspection Services.
  • Educational Welfare responsibilities including School completion programmes and Home School Liaison.
  • Domestic, sexual and gender based violence services.
  • Services related to the psychological welfare of children.

Further information is available on www.tusla.ie

Key relationships / interfaces 

  • Data Subjects, Operations and Staff
  • Data Protection Commissioner
  • Legal Department
  • IT Department
  • FOI / Parliamentary Affairs Units
  • Workforce Learning and Development
  • Communications Department
  • Commissioning
  • Finance & Procurement
  • Corporate Services
  • Tusla’s Board
  • External data protection / IT security vendors
  • Tusla Senior Leadership  and the Department of Children & Youth Affairs

Job Objectives

Main duties and responsibilities

  • Develop and implement privacy controls across Tusla.
  • Develop procedures for the on-boarding, due diligence and risk assessment of third party data processors including working with key stakeholders to integrate third party controls into their processes.
  • Identify trends and patterns emerging from the handling of data incidents and management of personal data breaches, remediate root cause issues and develop feedback loops and training needs.
  • Develop metrics, key performance indicators and reports of operational activities for the DPU.
  • Develop reports of key risks and emerging patterns, internal and external threats to the privacy control environment of Tusla.
  • Develop a framework for the identification and governance of data sharing arrangements across Tusla.
  • Manage the Data Protection Impact Assessments (DPIA) process and ensure privacy by design is embedded within all system and process development across the Agency.
  • Awareness of children and young people’s participatory practice

Team Effectiveness

  • Develop and implement procedures and controls to ensure that all queries and complaints from across the Agency, data subjects and third parties are handled to agreed service levels.
  • Develop and implement frameworks and controls to ensure that all data protection practices and procedures across Tusla are executed consistently.

Stakeholder Engagement

  • Act as liaison on all queries and investigations with the Data Protection Commission.
  • Liaise with GM of Operations to identify operational processes requiring regulatory support, guidance and process improvement.
  • Support the DPO day to day as required.
  • Use a business partner approach in working with the Service Directorates to encourage the identification and remediation of gaps.
  • Consult and build a strong relationship with the Data Protection Commission (DPC).  Act as a point of contact for the DPC on relevant data protection issues.
  • Constructively challenge existing processes and procedures to enhance privacy risk management.
  • Embed a culture of data protection ownership across Tusla.
  • Foster and develop cooperation with all Senior Leaders across Tusla.

Data Protection Advisory and Assurance

  • Develop and implement a risk based monitoring programme to provide assurance to senior management and the Board that privacy controls are designed adequately and operating effectively.
  • Act as subject matter expert on the General Data Protection Regulation (GDPR) and Data Protection Act 2018.
  • Design and delivery of training and awareness initiatives and campaigns.
  • Act as an escalation point for regional Privacy Officers and the Privacy Network Manager on data protection related issues.
  • Attend meetings of the Tusla Privacy Council, a committee of senior executives within Tusla tasked with decision making in relation to privacy management Develop briefing materials for the Privacy Council.

Health & Safety

  • Comply with and contribute to the development of policies, procedures, guidelines and safe professional practice and adhere to relevant legislation, regulations and standards.
  • Have a working knowledge of the Health Information and Quality Authority (HIQA) Standards as they apply to the service for example National Standards for Child Protection and Care and comply with associated Tusla – Child and Family Agency protocols for implementing and maintaining these standards as appropriate to the role.
  • To support, promote and actively participate in sustainable energy, water and waste initiatives to create a more sustainable, low carbon and efficient health service.

The above Job Description is not intended to be a comprehensive list of all the duties involved and consequently, the post holder may be required to perform other duties as appropriate to the post which may be assigned to him / her from time to time and to contribute to the development of the post while in office.

Please refer to the Candidate Information pack attached to this campaign for full and further detail.


Skills Required

Applicants must by the closing date of application have the following:

  • Have a minimum Level 8 qualification on the National Framework of Qualifications in Ireland (or equivalent in another jurisdiction) in a relevant discipline (management, regulation, compliance, law, computer science), and / or qualified ACOI Compliance Professional or CIPP-E or other equivalent data protection certification holder.
  • At least 3 years’ senior management experience in data protection regulation and compliance including drafting of data protection policies and procedures
  • Experience in the design and implementation of complex cross functional compliance and control frameworks, preferably in relation to privacy risk management
  • Experience in specialist data protection, legal or technical skills.
  •  Have the requisite knowledge and ability (including a high standard of suitability and management ability) for the proper discharge of the duties of the office


A candidate for and any person holding the office must be fully competent and capable of undertaking the duties attached to the office and be in a state of health such as would indicate a reasonable prospect of ability to render regular and efficient service.


Each candidate for and any person holding the office must be of good character


Age restrictions shall only apply to a candidate where he/she is not classified as a new entrant within the meaning of the Public Services Superannuation Act, 2004). A candidate who is not classified as a new entrant must be under 65 years of age.

  Already a member of our Talent Pool? Login here to Apply
  Join our Talent Pool + submit your application

Please enter a valid email address

This email already has a universal profile registered. Log in instead to access it

This email address is already registered with this talent pool. Please login to access your profile. Forgot your password? Simply click the link to reset

I agree to the Terms of use