National Data Privacy and Protection Expert

Organizational Setting

Under the Technical Cooperation Project (TCP) “Digital Technologies in support of Agriculture Value Chains and Rural Development”, FAO supports the Ministry of Economy of the Republic of Armenia in designing, building, and launching a Vineyard Register System (VRS). 
Operated by the Ministry of Economy via the Wine and Vine Foundation of Armenia, the vineyard registry system (VRS) is a digital platform that collects and manages detailed information about vineyards and grape growers. It supports better monitoring, planning, and resource allocation for vineyard management, enhances traceability for quality control, and facilitates compliance with regulatory and market standards. Users can submit and edit their data via a web-portal as well as a mobile application.
Given the sensitive nature of the data contained into the platform, it is essential to ensure robust privacy measures and adherence to data protection regulations, both local and international. The National Data Privacy and Protection Expert will ensure that the VRS complies with all applicable data protection laws, safeguards sensitive information, and fosters trust among stakeholders by implementing best practices for data privacy and security.

The position is located in Yerevan, Armenia.

Reporting Lines

The National Data Privacy Expert works under the overall supervision of the FAO Representative for Armenia and the technical guidance of the Lead Technical Officer and in close coordination with the international Digital Agriculture Specialist, the Vineyard System and GIS expert and the whole project team.

Technical Focus

The National Data Privacy and Protection Expert will be responsible for conducting a Privacy Impact Assessment (PIA) on the Vineyard Register System (VRS), taking into account both the Law of Armenia on protection of personal data (Data Protection Law) and the EU GDPR standards. The National Data Privacy Expert will  identify the risks that the VRS might have on individuals and farms’ data protection; establish how informed consent should be gathered from farmers providing their data; and deliver a PIA report and SoPs (Standard Operating Procedures) with recommendations for managing, minimizing, or eliminating the impact and risks, while providing decision-makers with the information necessary to make informed policy decisions based on an understanding of the privacy risks and the options available for mitigating those risks.

Tasks and responsibilities

The National Data Privacy and Protection Expert will support the implementation of the TCP/ARM/3903 “Digital Technologies in support of Agriculture Value Chains and Rural Development” Project by carrying out the following main activities:
•     Review and ensure VRS (both web-based platform and mobile app) compliance with the national data protection regulations and adherence to international best practices and applicable frameworks, such as EU GDPR, while providing legal and technical guidance on data privacy requirements;
•     Conduct a Privacy Impact Assessments (PIA) and compile PIA report to identify the risks and vulnerabilities in the VRS data collection, processing, and sharing processes – including the right to be forgotten, and to provide recommendations for managing, minimizing, or eliminating the impact and risks;
•      Support with the user-friendly informed consent process, including templates, and develop clear communication pieces to users of how data will be used, stored, and shared; ensure mechanisms are in place for individuals to revoke consent and understand their rights under applicable laws;
Support with the development of Standard Operating Procedures (SOPs) for the use of the VRS, ensuring the recommendations laid out in the PIA are reflected in the SOPs;
•     Work closely with the project and IT team to integrate privacy-by-design principles into the VRS architecture, as well as to provide recommendations on encryption, access control, and consent management tools;
•     Review existing documents and policy frameworks and propose amendments;
•     Deliver training to staff of the Ministry of Economy and other stakeholders on data privacy and protection;
•     Prepare and submit a final report with recommendations.

CANDIDATES WILL BE ASSESSED AGAINST THE FOLLOWING

Minimum Requirements

•     Advanced university degree in Legal Studies, Data Privacy and Protection, or a closely related field.
•     Six years of relevant experience as a lawyer in data privacy and protection, or closely related fields in public administration area;
•     Working knowledge of English and Armenian. 
•     National of Armenia

FAO Core Competencies

•     Results Focus
•     Teamwork
•     Communication
•     Building Effective Relationships
•     Knowledge Sharing and Continuous Improvement

Technical/Functional Skills

•     Excellent communication skills, both verbal and written;
•     Ability to communicate with technical and non-technical people;
•     Excellent knowledge of data privacy laws in Armenia and EU GDPR.
•     Extent and relevance of experience in:
o    Conducting Privacy Impact Assessments; 
o    Policy making related to data protection and agriculture sector; 
o    Working with public sector’s stakeholders,
•     Experience in the following areas is a strong asset:
o    PIA related to IT systems;
o    Standard Operating Procedures.

Selection Criteria

•     Previous experience in reviewing/developing data privacy and protection regulations;

Selection criteria

•     Working knowledge (Proficient, Level C) of English and Armenian.
•     Proficiency in using MS Office suite, namely Word, Excel, PowerPoint.
•     Strong organizational skills and ability to manage multiple tasks simultaneously. 
•     Strong problem-solving skills. Strong time-management skills. 
•     Excellent verbal and written communication skills.
•     Ability to collaborate effectively with team members and external stakeholders.
•     Strong attention to detail.
•     Ability to work independently.