Data Protection Unit Operations Manager, GM

Heuston South Quarter, Dublin 8
 Salary:  See Description for Details
Other   Permanent
Closing Date: 25/11/2019 Closing Time: 12:00
Recruitment start: 31/10/2019


Job Summary

The Child and Family Agency was established on 1st January 2014 and is responsible for improving wellbeing and outcomes for children. It represents the most comprehensive reform of services for the development, welfare and protection of children and the support of families ever undertaken in Ireland. It is an ambitious move which brings together some 4,000 staff who were previously employed within Children and Family Services of the Health Service Executive, the National Educational Welfare Board and the Family Support Agency.

The Child and Family Agency has responsibility for the following range of services:

  • Child Welfare and Protection Services, including family support services.
  • Family Resource Centres and associated national programmes.
  • Early years (pre-school) Inspection Services.
  • Educational Welfare responsibilities including School completion programmes and Home School Liaison.
  • Domestic, sexual and gender based violence services.
  • Services related to the psychological welfare of children.

Further information is available on www.tusla.ie

Key relationships / interfaces 

  • The Data Protection Officer, General Managers within the Data Protection Unit (DPU) and broader staff within the DPU
  • Director of Corporate Services
  • Tusla’s GDPR+ Programme Strategic Partner
  • Data Protection Commission Staff
  • Tusla Senior Management Team (SMT) and the Department of Children & Youth Affairs (DCYA)
  • Tusla Service Directors and Operational Staff
  • Tusla’s Governance Board
  • Legal Department
  • IT Department
  • FOI / Parliamentary Affairs Units
  • Workforce Learning and Development
  • Communications Department
  • Commissioning
  • Finance & Procurement
  • Policy
  • External data protection / IT security vendors

Job Objectives

Main duties and responsibilities

  • Oversee and manage the effective operation of Incident and Breach Management, Subject Access requests (SARS) and Helpdesk within the Data Protection Unit, ensuring compliance with GDPR and other legislative requirements.
  • Maintain and optimise Standard Operating Procedures (SOPs), supporting systems, and supporting interfaces with other business / service units for these functions.
  • Conduct effective oversight of key data protection metrics for breaches, SARS and helpdesk queries. 
  • Oversee development of systems to track Breach, SARS and Helpdesk processes.
  • Manage the data incident response and data breach notification process, ensuring compliance with the notification timelines set out in Article 33 of the GDPR.
  • Contribute to initiatives relating to record management and retention.
  • Ensure all targets in the Tusla Business Plan related to Data Protection Unit Operations are tracked and progressed.
  • Prepare and communicate data protection Operations reports and metrics for the Data Protection Officer.
  • Support the DPO day to day as required.
  • Drive the implementation of periodic revision of the Agency’s Data Protection Management System to reflect changes in laws, regulatory or company policy and standards and ensure timely adoption and execution.

Team Effectiveness

  • Manage and support the Data Protection Unit Operations Team.
  • Implement standard processes and procedures to support the efficient and compliant processing of requests, reporting of breaches and support of regional resources.
  • Secure appropriate consistency and standardisation of approach for all DPU Operations.

Stakeholder Engagement

  • Consult and build a strong relationship with the Data Protection Commission (DPC) and act as a point of contact on relevant data protection issues.
  • Foster and develop cooperation across Tusla.

Data Protection Advisory

  • Act as an escalation point for Breaches Lead, SARS Lead, Privacy Officers and the Privacy Network Manager on data protection related issues.
  • Manage cross-functional working groups tasked with determining Tusla’s official position on complex issues relating to the GDPR.
  • Manage and support data protection advisory services activities (helpdesk and intranet).
  • Oversee the development of communications material for Data Protection operational services.
  • Manage and support the Privacy Network Manager and Officers in advisory and communications functions.

Health & Safety

  • Comply with and contribute to the development of policies, procedures, guidelines and safe professional practice and adhere to relevant legislation, regulations and standards.
  • Have a working knowledge of the Health Information and Quality Authority (HIQA) Standards as they apply to the service for example National Standards for Child Protection and Care and comply with associated Tusla – Child and Family Agency protocols for implementing and maintaining these standards as appropriate to the role.
  • To support, promote and actively participate in sustainable energy, water and waste initiatives to create a more sustainable, low carbon and efficient health service.

The above Job Description is not intended to be a comprehensive list of all the duties involved and consequently, the post holder may be required to perform other duties as appropriate to the post which may be assigned to him / her from time to time and to contribute to the development of the post while in office.

Please refer to the Candidate Information pack attached to this campaign for full and further detail.

Skills Required

Applicants must by the closing date of application have the following:

  •  a minimum Level 8 qualification on the National Framework of Qualifications in Ireland (or equivalent in another jurisdiction) in a relevant discipline, and / or qualified ACOI Compliance Professional or CIPP-E or other equivalent data protection certification holder.
  • Minimum 3 years’ senior management experience in a data protection management role including managing data protection specialists.
  • Experience in the design and implementation of complex cross functional control frameworks, preferably in relation to privacy management.
  • Experience in specialist data protection, legal or technical skills.
  • Have the requisite knowledge and ability (including a high standard of suitability and management ability) for the proper discharge of the duties of the office


A candidate for and any person holding the office must be fully competent and capable of undertaking the duties attached to the office and be in a state of health such as would indicate a reasonable prospect of ability to render regular and efficient service.


Each candidate for and any person holding the office must be of good character


Age restrictions shall only apply to a candidate where he/she is not classified as a new entrant within the meaning of the Public Services Superannuation Act, 2004). A candidate who is not classified as a new entrant must be under 65 years of age.

  Already a member of our Talent Pool? Login here to Apply
  Join our Talent Pool + submit your application

Please enter a valid email address

This email already has a universal profile registered. Log in instead to access it

This email address is already registered with this talent pool. Please login to access your profile. Forgot your password? Simply click the link to reset

I agree to the Terms of use