Vacancy Notice 913

INTERPOL is the world’s largest international police organization, with 196 Member Countries. Created in 1923, it facilitates cross-border police co-operation, and supports and assists all organizations, authorities, and services whose mission is to prevent or combat international crime. 

INTERPOL strives to achieve a diverse and inclusive workforce and welcomes applications from individuals with diverse backgrounds, experiences, and perspectives. To achieve our Diversity goals, we encourage applications from women and nationals of under/unrepresented member countries who are passionate about our mission. INTERPOL’s recruitment process is merit-based hence all hiring decisions are made considering the applicant’s qualifications and the needs of the Organization.

Job Title: INTERPOL Data Protection Officer - Head of the Data Protection Office   
Reporting To: Secretary General
Location: Lyon, France 
Type of contract: Fixed-term Contract 
Duration (in months): 5 years*
Grade: 2   
Number of posts: 1
Level of Security screening: Enhanced
Deadline for application: 17 March 2025

* The INTERPOL Data Protection Officer is appointed for a period of five years, renewable once.

Application

The application shall be submitted in one of the four official languages of the Organization (Arabic, English, French, Spanish).

Each application must include:

• A curriculum vitae addressing the below listed required and desirable criteria; and
• A copy of valid passport indicating the candidate’s nationality and date of birth.

Tests/Interviews

Tests/interviews in connection to this selection procedure will likely take place shortly after the deadline for applications. Applicants are kindly requested to plan their availability during this period accordingly, in case they are short-listed.

When shortlisted

The appointment of an official is subject both to a favourable medical report and to background clearance. Accordingly, shortlisted candidates may be called to present, inter alia:

• The INTERPOL pre-employment medical questionnaire duly completed, with a medical certificate signed and stamped by candidate’s treating doctor, and a copy of the candidate’s routine and travel related vaccination certificate/record.
• A Criminal Record Certificate (also known as Certificate of Good Conduct in some countries), including spent and unspent sentences pronounced by justice (if any) from countries in which the candidate has resided for one (1) year or more in the past five (5) years and that of his/her nationality(ies). The issue date on this document should not be over three (3) months by the date INTERPOL receives it. Criminal records certificates from the country/ies of his/her nationality/ies are needed if he/she holds a passport from those countries, even if he/she never resided in those countries.
• A declaration of interest in private sector entities.

​Appointment

The Secretary General designates the IDPO, after consulting the Executive Committee and the CCF. The designated candidate will be expected to report for duty as soon as possible, but no later than three months after receiving an offer of employment, taking into account any necessary formalities such as visa requirements, notice period, etc.

Only professional experience for which candidates can provide official proof of employment will be considered. Candidates could be requested to provide copies of such official documents prior to interviews/test.

The Data Protection Office (DPO) aims to ensure good governance and accountability within the Organization with regard to data processing both for police purposes and administrative purposes. More generally, DPO supports the strengthening of a data protection culture within INTERPOL from a multidisciplinary perspective.

The incumbent will act as the INTERPOL Data Protection Officer (IDPO) and Head of DPO and shall discharge the duties assigned to the IDPO in INTERPOL’s legal texts, notably in INTERPOL’s Rules on the Processing of Data (RPD) and the Decision on the Processing of Personal Data for Administrative Purposes (DPA).

In the performance of his/her duties, the IDPO shall be independent and shall report directly to the Secretary General. 

For the purposes of carrying out his/her functions effectively, the IDPO shall have free and unlimited access to all data processed in the INTERPOL Information System and to any system within the INTERPOL Information System for processing such data, irrespective of the place, form or medium involved.

In performing his/her duties, the IDPO may submit to the General Secretariat:

(a) Recommendations regarding measures to be taken in relation to data processing issues within the General Secretariat, including the correction of processing errors;
(b) Recommendations regarding the need to apply corrective measures in accordance with Article 131 of the RPD;

(c) Reports relating to the non- implementation of the IDPO’s recommendations within the General Secretariat.

The IDPO may on his /her own initiative or at the request of the Commission for the Control of INTERPOL’s Files (CCF), share with the CCF the recommendations made and reports issued for information, and for any action deemed appropriate by the Commission.

The IDPO may seek expert advice on general matters related to his/her duties.

The IDPO shall, in particular, on a risk-based approach:

OBJECTIVE 1 – Compliance and advice

• Monitor the lawfulness and compliance of the processing of data in the INTERPOL Information System in accordance with the Organization’s Constitution and rules.
• Provide on his/her own initiative, or at the request of the General Secretariat, National Central Bureaus or other entities using the INTERPOL Information System with advice on processing operations which are likely to result in a high risk for the rights and freedoms of individuals, including data protection impact assessments, and monitor the actions taken in the light of that advice.

OBJECTIVE 2 – Liaison and coordination

• Liaise, collaborate and ensure coordination with all data protection officers designated pursuant to Article 121 of the RPD.
• Liaise with and provide information and assistance upon request to the CCF on data processing issues.
• Liaise with  data protection officers of other institutions and bodies, in particular by exchanging experience and best practices.
• Notify data subjects and act as contact point for data subjects as foreseen under the DPA with regard to the processing of personal data for administrative purposes.

OBJECTIVE 3 - Training and awareness

• Provide training on and raise awareness of data processing issues among the General Secretariat’s staff.
• Keep abreast of relevant data protection developments.

OBJECTIVE 4 - Reporting

• Submit an annual report to the Executive Committee, which will be made available to the CCF.
• Examine the yearly reports  submitted by data protection officers in accordance with Article 17(4, 5, 6) and Article 123(3) of the RPD, and by the departments of the General Secretariat responsible for processing personal data for administrative purposes in accordance with Article 11(3) of the DPA.

OBJECTIVE 5 - Management

• Lead and manage the DPO team members and monitor individual and team performance.
• Prepare and monitor the DPO Budget.
• Perform any other duties as required by the hierarchy.

CRITERIA OF THE CANDIDATE PROFILE

In conformity with INTERPOL’s legal texts:

• The candidate must be underage of 65 upon commencement of his/her term of office.
• The candidate must be in good health.
• The candidate must be a national of a member country of the Organization.

EDUCATION AND QUALIFICATION REQUIRED

• At least 5 years University education (preferably in Law) with emphasis in the area of information and Communication Technologies (ICT) / Data Porotection law.

EXPERIENCE REQUIRED

• At least ten years’ working experience in the implementation and monitoring compliance (ex-ante and ex post) of data protection rules from a multidisciplinary perspective (technical, organizational, legal).
• Experience or knowledge of data protection management and implementation of a data protection/privacy program.
• Experience in training and awareness raising activities in the field of data protection.
• Experience or knowledge of the law enforcement environment would be very preferable.
• Experience in working in an international environment would be an additional asset.

LANGUAGES

• Fluency in English is required.
• Working knowledge in any of the other official languages of the Organization (French, Spanish or Arabic) would be an asset.

SPECIFIC APTITUTES AND ABILITIES REQUIRED