General Manager – Governance Data Subject Rights and Breaches *Updated Closing Date

Flexible location, requiring regular travel to Tusla Head Office, Brunel Building, HSQ, Dublin 8
 Salary:  See Description for Details
Other   Permanent
Closing Date: 10/10/2022 Closing Time: 12:00
Recruitment start: 01/09/2022


Job Summary

Details of Service

The Child and Family Agency was established on 1st January 2014 and is responsible for a range of statutory functions including provision of child protection, alternative care, specified regulatory services and a range of family support services.  The Agency has commenced a major improvement programme with significant focus on Practice, Culture and Structure.


The Agency currently has responsibility for a budget in excess of €800m and delivers its services through circa 5,000 people in 350 locations across the Country.


The Child and Family Agency has responsibility for the following range of services:

  • Child Protection and Welfare
  • Family Support
  • Alternative Care
  • Adoption
  • Tusla Education Support Services (TESS)
  • Domestic Sexual and Gender Based Violence (DSGBV)
  • Children’s Service Regulation
  • Counselling and Therapeutic Supports


Further information is available on www.tusla.ie


Data Protection Unit

Tusla processes a large volume of highly sensitive personal data on a daily basis in order to deliver the critical services it provides to Children and Families across the State. In doing this, Tusla must ensure that it has adequate organisational and technical measures in place; that the rights and freedoms of Tusla service users are respected and that privacy risks to those rights and freedoms are minimised; and that a fit for purpose operating model for Data Protection and Freedom of Information (FOI) and is implemented. These are the three objectives of Tusla's GDPR Programme, a multi-annual strategic transformation programme which is now in its third phase of implementation. The GDPR programme focuses on driving a wide range of improvements in Tusla's data protection and FOI compliance and control environment, including for example:

  • Data Protection Operating Model Design and Implementation, such as policy and process enhancements or organisation design changes, including the establishment of regional privacy network;
  • Data Protection Impact Assessments and Third Party Privacy Risk Management, to assess complex data processing activities and third party data sharing arrangements to identify the required privacy safeguards and controls;
  • Regulatory Engagement with the Data Protection Commission and the Office of the Information Commissioner in relation to Tusla's regulatory obligations; and
  • Change Management, Training & Awareness, to embed best practice data protection across Tusla and ensure all staff fully understand their roles and responsibilities in relation to data protection and FOI compliance.


Key relationships / interfaces 

The Data Protection Officer, General Managers within the Data Protection Unit (DPU) and broader staff within the DPU

  • National Director Finance and Corporate Services
  • Director Corporate Services
  • Tusla clients (Services Users), staff, 3rd party providers, vendors
  • Data Protection Commission (DPC)
  • Tusla Senior Management Team (SMT)
  • Department of Children & Youth Affairs (DCYA)
  • Tusla’s Governance Board
  • Tusla’s GDPR+ Programme Strategic Partner
  • FOI / Parliamentary Affairs Units
  • Tusla ‘s Office of Legal Services
  • Transformation and Policy
  • IT Department
  • FOI / Parliamentary Affairs Units
  • Workforce Learning and Development
  • Communications Department
  • Commissioning
  • Finance & Procurement
  • External data protection / IT security vendors


Purpose of role

The Data Protection Unit GM – Governance Data Subject Rights and Breaches is a general management role within Tusla, reporting directly to the Data Protection Officer. The appointee is required to operate at a strategic level, working closely with the Data Protection Officer, and participating in the ongoing leadership of the Data Protection Unit. The appointee will be responsible for the strategic oversight and policy definition, implementation, and governance of data subject access rights, including subject access reuests, erasure and rectification requests and breach management and reporting. Individual directorates and regions have operational responsibility for the processing of subject access requests, breach reporting and remediation through a privacy network. The GM – Governance Data Subject Rights and Breaches is responsible for ensuring that the policy for data subject rights is up to date with current legislation and that a system of learning is in place to ensure data subject rights and breach management is consistently applied across Tusla

Job Objectives

Main duties and responsibilities

  • Ensuring that Data Subject Rights and breach management policy is kept up to date with legislative changes and implemented consistently across Tusla through the privacy network.
  • Maintain and optimise Standard Operating Procedures (SOPs), supporting systems, and supporting interfaces with other business / service units for Data Subject Rights and breach management.
  • Design, refine and produce reporting systems and metrics for breaches and SARS.
  • Collaborate with the Freedom of Information Manager to :
    • Produce metrics for SARs and FOI nationally for directorates, and
    • Provide policy and procedural direction to privacy network for SARs and breaches.
  • Manage the data incident response and data breach notification process, ensuring compliance with the notification timelines set out in Article 33 of the GDPR.
  • Contribute to initiatives relating to record management and retention.
  • Ensure all targets in the Tusla Business Plan related to Data Protection Unit Operations are tracked and progressed.
  • Prepare and communicate data protection Operations reports and metrics for the Data Protection Officer.
  • Support the DPO day to day as required.
  • Drive the implementation of periodic revision of the Agency’s Data Protection Management System to reflect changes in laws, regulatory or company policy and standards and ensure timely adoption and execution.


Team Effectiveness

  • Manage and support the Data Protection Unit Operations Team.
  • Implement standard processes and procedures to support the efficient and compliant processing of requests and reporting of breaches.
  • Secure appropriate consistency and standardisation of approach for all DPU Operations.


Stakeholder Engagement

  • Consult and build a strong relationship with the Data Protection Commission (DPC) and act as a point of contact on relevant data protection issues.
  • Foster and develop cooperation across Tusla.


Data Protection Advisory

  • Act as an escalation point for Breaches Lead Manager and SARS Lead, on data protection related issues.
  • Manage cross-functional working groups tasked with determining Tusla’s official position on complex issues relating to the GDPR.
  • Oversee the development of communications material for Data Protection operational services.


Health & Safety

  • Comply with and contribute to the development of policies, procedures, guidelines and safe professional practice and adhere to relevant legislation, regulations and standards.
  • Have a working knowledge of the Health Information and Quality Authority (HIQA) Standards as they apply to the service for example National Standards for Child Protection and Care and comply with associated Tusla – Child and Family Agency protocols for implementing and maintaining these standards as appropriate to the role.
  • To support, promote and actively participate in sustainable energy, water and waste initiatives to create a more sustainable, low carbon and efficient health service.


The above Job Description is not intended to be a comprehensive list of all the duties involved and consequently, the post holder may be required to perform other duties as appropriate to the post which may be assigned to him / her from time to time and to contribute to the development of the post while in office.


Please refer to the Candidate Information pack attached to this campaign for full and further detail

Skills Required

Applicants must by the closing date of application have the following:

  • Minimum Level 8 qualification on the National Framework of Qualifications in Ireland (or equivalent in another jurisdiction) in a relevant discipline, and / or qualified ACOI Compliance Professional or CIPP-E or other equivalent data protection certification holder
  • Minimum 3 years’ senior management experience in a data protection management role including managing data protection specialists.
  • Experience in the design and implementation of complex cross functional control frameworks, preferably in relation to privacy management.
  • Experience in specialist data protection, legal or technical skills.
  • Have the requisite knowledge and ability (including a high standard of suitability and management ability) for the proper discharge of the duties of the office



A candidate for and any person holding the office must be fully competent and capable of undertaking the duties attached to the office and be in a state of health such as would indicate a reasonable prospect of ability to render regular and efficient service.



Each candidate for and any person holding the office must be of good character.

  Already Registered? Log in here
 Join our Talent Pool + submit your application

Please enter a valid email address

This email already has a universal profile registered. Log in instead to access it

This email address is already registered with this talent pool. Please login to access your profile. Forgot your password? Simply click the link to reset