Data Protection Officer, Rome, Italy

Organization: United Nations World Food Programme (WFP)

Country: Italy

City: Rome, Italy

Office: WFP Rome

Grade: D-1

Closing date: Monday, 2 November 2020

WFP seeks candidates of the highest integrity and professionalism who share our humanitarian principles.

Selection of staff is made on a competitive basis, and we are committed to promoting diversity and gender balance.


The United Nations World Food Programme is the world’s largest humanitarian agency fighting hunger worldwide. The mission of WFP is to help the world achieve Zero Hunger in our lifetimes. Every day, WFP works worldwide to ensure that no child goes to bed hungry and that the poorest and most vulnerable, particularly women and children, can access the nutritious food they need.


The Data Protection Officer will be based in our Rome, Italy headquarters and lead a small team of specialized staff. At the organizational level, the job holder will be closely working with various internal stakeholders (such as data controllers and processors) and will act as a point of contact between WFP and related external stakeholders, e.g. national authorities.


To design data protection and privacy policies and strategies and oversee effective and consistent implementation at the global level, providing technical advice, educating WFP employees and conducting regular monitoring of data subjects‘ information to ensure compliance with the established standards and rules.

KEY ACCOUNTABILITIES (not all-inclusive)

Act as a main authority in WFP for personal data protection matters, internally and externally, building agreements for data sharing following international best practice.

In consultation with key stakeholders, formulate and implement the personal data protection and privacy policies aligning to WFP’s policies and procedures, international requirements and best practice, the results of internal WFP review on personal data protection, WFP’s operational & programmatic needs, seeking approval by the relevant governance bodies.

Regularly report and provide advice to the Deputy Executive Director and the Data Governance Board about status of implementation and observance of the personal data protection policy as well as on personal data protection issues and new trends in WFP and the sector at large.

In collaboration and consultation with key stakeholders, review and develop procedures and guidelines aimed at the smooth operationalization of the strategy and policies.

Provide strategic policy and/or technical advice to relevant organizational entities when developing personal data related WFP policy positions.

Manage inventories of personal data sharing and transfer agreements, Data Privacy Impact Assessment (DPIAs), data breach notifications, complaints by data subjects, records of processing activities and exceptions.

Manage records of the most relevant decisions taken consistent with and contrary to DPO’s advice.

Coordinate with the Information Security function to ensure all data asset and export records are maintained.

In collaboration with key stakeholders, initiate, design and deliver training modules with the ultimate objective of building corporate technical knowledge and expertise on data protection.

Promote communication, information and sensitization activities, whenever relevant, with the ultimate objective of fostering a data protection culture within the organization educating WFP employees on important compliance requirements.

Provide advice to the data controllers and processors on the methodology to follow when carrying out a Data Privacy Impact Assessment (DPIA), assess and define risk mitigation measures, review DPIA conclusions and recommend the way forward; request and commission DPIA independently, when required.

Act as a point of contact for addressing data subjects‘ queries and complaints on personal data protection.

Notify the relevant organizational entity of any alleged infringement of rules and request remediation to guarantee that data subject rights are respected.

Coordinate the development of personal data security incident management plan to ensure timely remediation of incidents including impact assessments, security breach response, complaints, claims or notifications, and responding to subject access requests (SARs).

Provide advice and recommendations on remedial actions once a data breach or other incident has occurred.

Tags cash based intervention cash based interventions data analytics data governance data protection data sharing ethics human rights impact assessment information science information security information technology international law mass communication new technologies political science portuguese privacy law project management risk assessment risk management

Other accountabilities, as required.


Education: Advanced university degree in Law, International Law, Human Rights Law, Political Science or Information Science with Law as a major subject, with a preference for International Law and Human Rights Law desirable. University Degree required.

Language: Fluency (level C) in English language. Intermediate knowledge (level B) of a second official UN language: Arabic, Chinese, French, Russian, Spanish, and/or WFP’s working language, Portuguese.

Experience: 13 years of work experience with:

10+ years of experience in the various privacy and data protection disciplines (e.g., privacy program and policy, privacy law, information governance, incident response, data ethics, privacy by design, information security, training and awareness, etc.);
5+ years proven track record of dealing with data protection and privacy issues globally;
3+ years of work experience in risk management in relations to data protection and privacy and/or compliance. Other relevant fields will be considered (i.e., finance, business administration, information technology, etc.) as long as candidate can demonstrate relevancy to this role;
5+ years in management and leading cross-functional teams.



Expertise in matters relating to international privacy law, such as European data protection laws and practices;
A working knowledge of how to design and establish a data protection and privacy program including how to achieve business alignment, data governance, managing of data subject issues and data breaches;
Familiarity with privacy and security risk assessment and best practices, privacy certifications/seals and information security standards certifications;
Sound understanding of and familiarity with information technology programming and infrastructure, and information security practices and audits;
Demonstrated leadership and project management experience;
Ability to communicate effectively with the highest levels of management and decision-making within the organization;
A solid understanding of new technologies, including digital identities, biometrics, use of social media and mass communication (SMS) services, cash based interventions, cloud technologies, and data analytics/big data.


Certifications such as CIPP/E/U, and/or CIPM, CIPT;
Knowledge on the most relevant risk management industry standards (ISO 31000, ISO 27001, NIST, CREST);
Certification in governance and risk management (e.g. CRISC, CGEIT, etc.) preferred;
Experience in the humanitarian sector and/or within a recognized international organization;
Admission to practice law.


Non-Rotational Nature - Mobility is and continues to be a core contractual requirement in WFP. This position is however classified as ‚non-rotational‘ which means the incumbent shall not be subject to the regular reassignment process unless the position is reclassified as rotational.

WFP offers an attractive compensation and benefits package, including basic salary, post adjustment, relocation entitlement, travel and shipment allowances, 30 days‘ annual leave, home leave, an education grant for dependent children, pension plan and medical insurance. Please visit for more information.


Monday, November 2

Female applicants and qualified applicants from developing countries are especially encouraged to apply

WFP has zero tolerance for discrimination and does not discriminate on the basis of HIV/AIDS status.

No appointment under any kind of contract will be offered to members of the UN Advisory Committee on Administrative and Budgetary Questions (ACABQ), International Civil Service Commission (ICSC), FAO Finance Committee, WFP External Auditor, WFP Audit Committee, Joint Inspection Unit (JIU) and other similar bodies within the United Nations system with oversight responsibilities over WFP, both during their service and within three years of ceasing that service.